Exam CAS-004 topic 1 question 229 discussion

By enabling SAML, you create a federated identity management system that allows users from both companies to use a single set of usernames and passwords. It also addresses the requirement for users from Company B to access Company A's available resources. Implementing attribute-based access control provides control based on various attriburtes, including IP addresses. This allows users in the same departments to have the same set of rights and privileges while giving different sets of rights and privileges to users with different IPs.

B. Establishing one-way trust from Company B to Company A D. Implementing attribute-based access control

o Establishing one-way trust: This allows users from Company B to access Company A's resources using their existing credentials, fulfilling the requirement that users from Company B should be able to access Company A's resources. o Implementing attribute-based access control: This method allows administrators to define granular access controls based on user attributes like department, IP address, or job title. This enables the company to ensure that users in the same department have the same set of rights and privileges when accessing resources from different IP locations. o Enabling SAML: While SAML (Security Assertion Markup Language) is a standard for single sign-on, it doesn't address the specific requirements of this scenario. It provides a way for users to authenticate to multiple applications with a single set of credentials, but it doesn't offer the fine-grained access control needed based on user attributes and IP location.

SAML is a Single Sign-On (SSO) solution that allows users from both companies (A and B) to access resources across both environments using a single set of credentials. It can support both identity federation (where users from one organization can authenticate and access resources in another organization) and cross-organization authentication. And ABAC controls access based on attributes such as department, role, location (IP address), and other contextual factors. It’s ideal for managing more granular access control policies during the transition period. And NOT Establishing one-way trust from Company B to Company A. A one-way trust allows users from Company B to access Company A’s resources, but not the other way around. Since the requirement is for users from both companies to access each other’s resources, a bi-directional trust would be needed, not just a one-way trust. Additionally, a trust relationship alone doesn't handle the unified SSO login or attribute-based access control.

B. as C is Federated but B is most precise D. Access Control

Don't be confused by "B" or how one-way trust works. The answer doesn't say "Establish one way trust in the correct direction" it says "establish one way trust FROM company B TO company A." If I have a trust relationship from B to A, that means that B trusts A, OR: A can access all of Bs resources--this is the opposite of what I want to have happen. Therefore the only relevant answers are C/D.

Companies are already using SSO or it would be CD. So you would want the one way trust and access control

if there is SSO already it means the is definitly SAML or Open id activated, ir you read about merger and acquisition you will understand that for two companies to operate the must establish trust first before each company can share resource A one-way trust can be useful in a merger and acquisition scenario when the two companies want to share some resources and services, but also maintain some level of autonomy

ChatGPT: To address the requirements and facilitate the transition between Company A and Company B, the following solutions would be the best choices: C. Enabling SAML (Security Assertion Markup Language): SAML is a standardized protocol for single sign-on (SSO) and identity federation. Enabling SAML allows users from both companies to use a single set of usernames and passwords to access resources. It provides a seamless and secure authentication process. D. Implementing attribute-based access control: Attribute-based access control (ABAC) is a flexible access control model that can be used to manage rights and privileges based on various attributes, including IP addresses. It can ensure that users in the same departments have the same set of rights and privileges, but different sets of rights and privileges based on IP addresses. ABAC provides fine-grained access control.

Enabling SAML allows for federated identity, so a single set of usernames and passwords can be used across the new enterprise. Implementing ABAC satisfies both the second and third requirements.

B. Establishing one-way trust from Company B to Company A D. Implementing attribute-based access control Establishing one-way trust from Company B to Company A will allow users in Company B to authenticate and access Company A's resources. Implementing attribute-based access control (ABAC) will enable users in the same departments to have the same set of rights and privileges, but with different sets of rights and privileges based on their IP addresses.

BD okay for me....

Establishing a one-way trust between Company B and Company A will allow users from Company B access to Company A's resources. This will help facilitate the transition and allow for a seamless integration of both companies' systems. Installing Company A's Kerberos system in Company B's network will help ensure that users from both companies use a single set of usernames and passwords. This will help simplify the transition for users and reduce the risk of confusion and errors.