nerdexam
(ISC)2

CISSP · Question #1074

A large human resources organization wants to integrate their identity management with a trusted partner organization. The human resources organization wants to maintain the creation and management of

The correct answer is A. Federated identity. This question tests understanding of identity management models that allow one organization to control identities while sharing access with multiple external partners. Federated identity is the architecture designed specifically for this cross-organizational trust scenario.

Submitted by ngozi_ng· Mar 5, 2026Identity and Access Management

Question

A large human resources organization wants to integrate their identity management with a trusted partner organization. The human resources organization wants to maintain the creation and management of the identities and may want to share with other partners in the future. Which of the following options BEST serves their needs?

Options

  • AFederated identity
  • BCloud Active Directory (AD)
  • CSecurity Assertion Markup Language (SAML)
  • DSingle sign-on (SSO)

How the community answered

(38 responses)
  • A
    82% (31)
  • B
    11% (4)
  • C
    3% (1)
  • D
    5% (2)

Why each option

This question tests understanding of identity management models that allow one organization to control identities while sharing access with multiple external partners. Federated identity is the architecture designed specifically for this cross-organizational trust scenario.

AFederated identityCorrect

Federated identity allows the HR organization to remain the authoritative source (identity provider) for creating and managing user identities, while establishing trust relationships with partner organizations (service providers) so those partners can accept and rely on the HR org's identity assertions. This model is inherently scalable, meaning the same identity provider can federate trust with additional partners in the future without recreating identities. It is the architectural framework that encompasses cross-domain identity sharing while preserving ownership and control at the source organization.

BCloud Active Directory (AD)

Cloud Active Directory is a specific directory service platform for storing and managing identities, not an architectural model for sharing identities across organizational boundaries with multiple partners.

CSecurity Assertion Markup Language (SAML)

SAML is a specific XML-based protocol and token format used to implement federated identity, but it is a technical standard rather than the overarching identity management strategy that addresses the organizational requirement described.

DSingle sign-on (SSO)

Single sign-on (SSO) is an authentication convenience feature that allows users to authenticate once and access multiple resources, but it does not inherently define how identities are created, managed, or shared across separate partner organizations.

Concept tested: Federated identity management across organizational boundaries

Source: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/whatis-fed

Topics

#federated identity#identity management#partner integration#identity provider

Community Discussion

No community discussion yet for this question.

Full CISSP Practice