ISC2 CCSP Exam - Topic 7 Question 64 Discussion

Actual exam question for ISC2's CCSP exam

Question #: 64
Topic #: 7

[All CCSP Questions]

In a federated identity arrangement using a trusted third-party model, who is the identity provider and who is the relying party?

AThe users of the various organizations within the federations within the federation/a CASB

BEach member organization/a trusted third party

CEach member organization/each member organization

DA contracted third party/the various member organizations of the federation

Show Suggested Answer

Suggested Answer: D

In a trusted third-party model of federation, each member organization outsources the review and approval task to a third party they all trust. This makes the third party the identifier (it issues and manages identities for all users in all organizations in the federation), and the various member organizations are the relying parties (the resource providers that share resources based on approval from the third party).

by Kasandra at Dec 29, 2022, 03:48 AM

Limited Time Offer

25%

Off

Get Premium CCSP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Eloisa

4 months ago

I thought the identity provider was always the users, not a third party!

upvoted 0 times

...

Marjory

4 months ago

Each member organization is not the identity provider, that's incorrect.

upvoted 0 times

...

Macy

4 months ago

Wait, so the relying party is just the member organizations? Seems off.

upvoted 0 times

...

Felton

4 months ago

I think it's option D, sounds right to me.

upvoted 0 times

...

Judy

4 months ago

It's definitely a third party for identity provider!

upvoted 0 times

...

Carlee

5 months ago

I feel like option D makes the most sense, with the third party being the identity provider and the member organizations as the relying parties.

upvoted 0 times

...

Aimee

5 months ago

I’m a bit confused. Is the identity provider always a third party, or can it be one of the organizations too?

upvoted 0 times

...

Cory

5 months ago

I remember practicing a question like this, and I think the relying party is the one that relies on the identity provider for authentication.

upvoted 0 times

...

Flo

5 months ago

I think the identity provider is the trusted third party, but I'm not sure about the relying party. It feels like it could be the member organizations.

upvoted 0 times

...

Belen

5 months ago

Hmm, I'm a bit confused by this question. I'm not sure how the team member hierarchy type change would affect the existing targets. I'll need to think this through carefully.

upvoted 0 times

...

King

5 months ago

I'm feeling pretty confident about this one. The key is using the right tools for the right data - the NPSP Data Importer for program data and the Data Import Wizard for client data. Options A and B are the way to go.

upvoted 0 times

...

Stefania

5 months ago

I'm not too sure if Column would only provide specialized care. Feels like it could be a mix, but I might lean towards B being limited.

upvoted 0 times

...

Xochitl

5 months ago

I've got a good feeling about this one. The QEMU clue points to virtualized devices, so I'd say network devices and IoT/embedded devices are the way to go. Those are the most likely to have a comparable response to the one described in the question.

upvoted 0 times

...

Alesia

5 months ago

I remember discussing how primary data can be costly, and that could definitely be a downside.

upvoted 0 times

...