Exam CISSP topic 1 question 157 discussion

CISSP Official Student Guide pg 169 "Hybrid: In a hybrid approach, centralized control is exercised for some information and decentralized control is allowed for other information. One typical arrangement is that central administration is responsible for the broadest and most basic access, and the creators/owners of files control the types of access or users’ abilities for the files under their control. For example, when a new employee is hired into a department, a central administrator might provide the employee with access permissions based on the functional element they are assigned to, the job classification and the specific task they were hired to work on. The employee might have readonly access to an organization-wide SharePoint document library and to project status report files but read-and-write privileges to his department’s weekly activities report. Also, if the employee leaves a project, the project manager can easily close that employee’s access to that file."

Agree with B it is a hybrid of RBAC and ABAC

A hybrid model combines centralized control for standard access (e.g., departmental templates) and decentralized flexibility for project-specific access, making it the best fit here.

How could it be D when Federated refers to inter organizational?

I go with C. OSG - Centralized access control implies that a single entity within a system performs all authorization verification.

Why B? Hybrid is both on-prem and cloud. I didn't see anything about cloud in the question.

B It Is!

I believe the answer is C. Hybrid and Federated refer to the back end solution for IAM, including SSO, etc. See page 688 of the official study guide "Hybrid Environment". According to pg 659, there are two options for Identity Management, Centralized and Decentralized. Therefore, I choose C.

Combination of RBAC and ABAC, ABAC can be per project basis.

B. Hybrid user access administration is BEST suited to meet the organization's needs. Hybrid user access administration is a combination of both centralized and decentralized access administration. It allows for a predefined departmental access template to be applied to new users upon creation, which is a centralized approach. And also allows for additional access to be granted on a per-project basis, which is a decentralized approach. This allows for a balance between centralized control and flexibility for departments and project teams to manage their own access needs.

Agree with B it is a hybrid of RBAC and ABAC

agree with B https://www.serverbrain.org/infrastructure-design-2003/identifying-the-hybrid-administration-model.html

The question is talking about inside organization, so this is nothing to do with Federate..I think hybrid is a better choice.

I would go with A

Can someone justify this answer please