CSSLP Question #388: Real Exam Question with Answer & Explanation

The correct answer is B: Established trust relationship. A federated identity setup, where a web application accepts assertions from an external identity provider, fundamentally relies on an established trust relationship between these two entities.

Secure Software Concepts

Question

LogiCore is configuring a federated identity setup where a web application accepts assertions from an external identity provider. What fundamental element must that relationship rely on?

Options

ATLS
BEstablished trust relationship
CCloud Identity
DPublic key certificates

Explanation

A federated identity setup, where a web application accepts assertions from an external identity provider, fundamentally relies on an established trust relationship between these two entities.

Common mistakes.

A. TLS (Transport Layer Security) encrypts communication channels, ensuring confidentiality and integrity, but it is a communication protocol, not the fundamental basis of identity trust between providers.
C. Cloud Identity is a service offering identity management in the cloud, but the principle of trust between any identity provider and service provider (cloud or on-prem) is the fundamental element, not specifically 'Cloud Identity' itself.
D. Public key certificates are often used to establish and verify the trust relationship, for example, to sign assertions, but they are a mechanism to implement trust, not the abstract fundamental element of trust itself.

Concept tested. Federated identity trust model

Reference. https://learn.microsoft.com/en-us/azure/active-directory/hybrid/what-is-federation

Topics

#Federated Identity#Identity Provider#Trust Relationship#Assertions

Community Discussion

No community discussion yet for this question.

Full CSSLP Practice Browse All CSSLP Questions