CISSP Question #1074: Real Exam Question with Answer & Explanation

Question

A large human resources organization wants to integrate their identity management with a trusted partner organization. The human resources organization wants to maintain the creation and management of the identities and may want to share with other partners in the future. Which of the following options BEST serves their needs?

Options

• AFederated identity
• BCloud Active Directory (AD)
• CSecurity Assertion Markup Language (SAML)
• DSingle sign-on (SSO)

Explanation

This question tests understanding of identity management models that allow one organization to control identities while sharing access with multiple external partners. Federated identity is the architecture designed specifically for this cross-organizational trust scenario.

Common mistakes.

• B. Cloud Active Directory is a specific directory service platform for storing and managing identities, not an architectural model for sharing identities across organizational boundaries with multiple partners.
• C. SAML is a specific XML-based protocol and token format used to implement federated identity, but it is a technical standard rather than the overarching identity management strategy that addresses the organizational requirement described.
• D. Single sign-on (SSO) is an authentication convenience feature that allows users to authenticate once and access multiple resources, but it does not inherently define how identities are created, managed, or shared across separate partner organizations.

Concept tested. Federated identity management across organizational boundaries

Reference. https://learn.microsoft.com/en-us/azure/active-directory/hybrid/whatis-fed

No community discussion yet for this question.