nerdexam
ExamsCAS-003Questions#956
CompTIA

CAS-003 · Question #956

CAS-003 Question #956: Real Exam Question with Answer & Explanation

The correct answer is B: OAuth, SCIM AD and WS-Security. The environment has several key constraints and goals that point to specific technologies. The lack of REST API support but presence of an enterprise service bus (ESB) points to WS-Security, which is SOAP/WS-* based rather than REST-based. SCIM (System for Cross-domain Identity M

Question

A new identity management program was recently initialed to reduce risk and improve the employee experience. The environment is complex it does not support rest APIs but has multiple identity stores. Password resets are the help desk's top ticket item and it takes the organization weeks to manually create access for new employees. The applications in the scope of the program are the enterprise service bus SaaS web portals and internal web portal. The goals of the program include: - Reducing costs by centralizing authentication and authorization - Streamlining business processes - Enabling employees to have immediate access - Reducing password reset tickets by 90% To meet the above goals and the business case which of the following authentication and authorization capabilities does the security architect need to implement?

Options

  • AOpenlD. SPML LOAP. and WAYF
  • BOAuth, SCIM AD and WS-Security
  • CKerberos XACML AD and SPML
  • DSAML. XACML SCIM. and LDAP

Explanation

The environment has several key constraints and goals that point to specific technologies. The lack of REST API support but presence of an enterprise service bus (ESB) points to WS-Security, which is SOAP/WS-* based rather than REST-based. SCIM (System for Cross-domain Identity Management) automates provisioning across multiple identity stores, directly addressing the weeks-long manual onboarding process and enabling immediate access for new employees. OAuth provides delegated authorization for SaaS and web portals, enabling centralized authentication. Active Directory (AD) serves as the central identity store and authentication provider. Together, OAuth + SCIM + AD + WS-Security address all stated goals. Option A is wrong because SPML is legacy and WAYF is just a federation discovery concept. Option C is wrong because Kerberos does not handle SaaS federation well, and XACML alone doesn't address provisioning. Option D is wrong because SAML, while useful for SSO, doesn't address the ESB's non-REST requirement, and XACML is overkill for this use case without covering provisioning automation.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice