CISSP Question #1380: Real Exam Question with Answer & Explanation

Question

Clothing retailer employees are provisioned with user accounts that provide access to resources at partner businesses. All partner businesses use common identity and access management (IAM) protocols and differing technologies. Under the Extended Identity principle, what is the process flow between partner businesses to allow this TAM action?

Options

• AClothing retailer acts as identity provider (IdP), confirms identity of user using industry standards,
• BClothing retailer acts as User Self Service, confirms identity of user using industry standards, then
• CClothing retailer acts as Service Provider, confirms identity of user using industry standards, then
• DClothing retailer acts as Access Control Provider, confirms access of user using industry

Explanation

This question tests understanding of federated identity under the Extended Identity principle, where one organization acts as the identity provider (IdP) to authenticate users for partner service providers using common IAM protocols.

Common mistakes.

• B. User Self Service is a provisioning or password management function, not a federated authentication role; it does not describe how cross-organizational identity assertions are made between partners.
• C. The clothing retailer is the organization that owns and authenticates the user accounts, making it the Identity Provider, not the Service Provider; Service Providers are the partner businesses consuming the identity assertion.
• D. Access Control Provider is not a recognized role in standard federated IAM frameworks such as SAML or OIDC; access control decisions are made by the Service Provider after receiving an identity assertion from the IdP.

Concept tested. Federated identity provider role in extended identity

Reference. https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-saml-assertions

No community discussion yet for this question.