nerdexam
(ISC)2

CISSP · Question #1142

A company is attempting to enhance the security of its user authentication processes. After evaluating several options, the company has decided to utilize Identity as a Service (IDaaS). Which of the f

The correct answer is B. In-house team lacks resources to support an on-premise solution.. IDaaS is typically adopted when an organization lacks the internal resources, expertise, or budget to build and maintain an on-premise identity management solution. It offloads the operational burden to a cloud-based provider.

Submitted by deeparc· Mar 5, 2026Identity and Access Management (IAM)

Question

A company is attempting to enhance the security of its user authentication processes. After evaluating several options, the company has decided to utilize Identity as a Service (IDaaS). Which of the following factors leads the company to choose an IDaaS as their solution?

Options

  • AIn-house development provides more control.
  • BIn-house team lacks resources to support an on-premise solution.
  • CThird-party solutions are inherently more secure.
  • DThird-party solutions are known for transferring the risk to the vendor.

How the community answered

(55 responses)
  • A
    4% (2)
  • B
    71% (39)
  • C
    9% (5)
  • D
    16% (9)

Why each option

IDaaS is typically adopted when an organization lacks the internal resources, expertise, or budget to build and maintain an on-premise identity management solution. It offloads the operational burden to a cloud-based provider.

AIn-house development provides more control.

In-house development providing more control is an argument for NOT choosing IDaaS, as building a solution internally gives the organization direct ownership but requires significant resources and expertise.

BIn-house team lacks resources to support an on-premise solution.Correct

A primary driver for adopting IDaaS is that the in-house team lacks the resources, expertise, or budget to deploy and maintain an on-premise identity and access management (IAM) solution. IDaaS shifts the infrastructure, maintenance, and operational responsibilities to a specialized third-party provider, making it ideal for organizations with limited internal capacity. This allows the company to still implement robust authentication controls without requiring dedicated IAM staff or infrastructure.

CThird-party solutions are inherently more secure.

Third-party solutions are not inherently more secure; security depends on the specific implementation, configuration, and the vendor's practices, and on-premise solutions can be equally or more secure when properly managed.

DThird-party solutions are known for transferring the risk to the vendor.

IDaaS does not transfer risk to the vendor in a comprehensive legal or liability sense; the organization retains responsibility for its own data and compliance obligations even when using a third-party identity service.

Concept tested: Rationale for adopting Identity as a Service (IDaaS)

Source: https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/identity-fundamental-concepts

Topics

#IDaaS#cloud identity#authentication services#resource constraints

Community Discussion

No community discussion yet for this question.

Full CISSP Practice