CISSP · Question #1074
A large human resources organization wants to integrate their identity management with a trusted partner organization. The human resources organization wants to maintain the creation and management of
The correct answer is A. Federated identity. This question tests understanding of identity management models that allow one organization to control identities while sharing access with multiple external partners. Federated identity is the architecture designed specifically for this cross-organizational trust scenario.
Question
Options
- AFederated identity
- BCloud Active Directory (AD)
- CSecurity Assertion Markup Language (SAML)
- DSingle sign-on (SSO)
How the community answered
(38 responses)- A82% (31)
- B11% (4)
- C3% (1)
- D5% (2)
Why each option
This question tests understanding of identity management models that allow one organization to control identities while sharing access with multiple external partners. Federated identity is the architecture designed specifically for this cross-organizational trust scenario.
Federated identity allows the HR organization to remain the authoritative source (identity provider) for creating and managing user identities, while establishing trust relationships with partner organizations (service providers) so those partners can accept and rely on the HR org's identity assertions. This model is inherently scalable, meaning the same identity provider can federate trust with additional partners in the future without recreating identities. It is the architectural framework that encompasses cross-domain identity sharing while preserving ownership and control at the source organization.
Cloud Active Directory is a specific directory service platform for storing and managing identities, not an architectural model for sharing identities across organizational boundaries with multiple partners.
SAML is a specific XML-based protocol and token format used to implement federated identity, but it is a technical standard rather than the overarching identity management strategy that addresses the organizational requirement described.
Single sign-on (SSO) is an authentication convenience feature that allows users to authenticate once and access multiple resources, but it does not inherently define how identities are created, managed, or shared across separate partner organizations.
Concept tested: Federated identity management across organizational boundaries
Source: https://learn.microsoft.com/en-us/azure/active-directory/hybrid/whatis-fed
Topics
Community Discussion
No community discussion yet for this question.