nerdexam
ExamsCAS-002Questions#554
CompTIA

CAS-002 · Question #554

CAS-002 Question #554: Real Exam Question with Answer & Explanation

The correct answer is D: Company XYZ needs to install the IdP, while the partner companies need to install the SP. This question tests understanding of federated identity using SAML, where the data-owning organization acts as the Identity Provider and partner organizations act as Service Providers.

Question

Company XYZ provides residential television cable service across a large region. The company's board of directors is in the process of approving a deal with the following three companies: - A National landline telephone provider - A Regional wireless telephone provider - An international Internet service provider The board of directors at Company XYZ wants to keep the companies and billing separated. While the Chief Information Officer (CIO) at Company XYZ is concerned about the confidentiality of Company XYZ's customer data and wants to share only minimal information about its customers for the purpose of accounting, billing, and customer authentication. The proposed solution must use open standards and must make it simple and seamless for Company XYZ's customers to receive all four services. Which of the following solutions is BEST suited for this scenario?

Options

  • AAll four companies must implement a TACACS+ web based single sign-on solution with
  • BCompany XYZ must implement VPN and strict access control to allow the other three
  • CCompany XYZ needs to install the SP, while the partner companies need to install the
  • DCompany XYZ needs to install the IdP, while the partner companies need to install the SP

Explanation

This question tests understanding of federated identity using SAML, where the data-owning organization acts as the Identity Provider and partner organizations act as Service Providers.

Common mistakes.

  • A. TACACS+ is a Cisco proprietary AAA protocol designed for network device administration, not a web-based open standard for federated cross-organizational SSO.
  • B. VPN with access control does not provide seamless customer-facing SSO and is not an open identity federation standard - it would require customers to manage separate credentials per service.
  • C. If Company XYZ were the SP, it would delegate customer identity control to a partner, contradicting the CIO's requirement to keep customer data confidential and under Company XYZ's control.

Concept tested. SAML federation IdP vs SP role assignment

Reference. https://learn.microsoft.com/en-us/azure/active-directory/develop/single-sign-on-saml-protocol

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-002 Practice