Exam CISSP topic 1 question 60 discussion

Yet another horrible question purely due to ambiguous wording. Centralized IAM doesn't have to be across org boundaries. Which puts me off C and leans me towards D, which I don't like much either tbh

Centralized access control implies that a single entity (the IdP) performs all authorization verification. Decentralized access control (also known as distributed access control) implies that various entities perform authorization verification. The Identity Provider (IdP) is a third party that holds the user authentication and authorization information. Because centralized identity management is united across all applications, the user only needs to access one console to enable a variety of services and infrastructure. For example, a Service Provider such as a bank can use an IdP like provide customers with seamless access to banking services that are externally managed, like ordering checks, sending money through a cash app, or applying for a loan. If the customer updates their address in one application, it is updated in all applications.

I think C is the right answer. CIM refers to the system where identity data and authentication are handled by a central authority, allowing multiple SPs to recognize and verify identities across different apps, platforms / organizations. It also aligns with Federated Identity management and SSO, where users / services (dispersed across org. boundaries) can authenticate once and get access to the services.

The answer is A - answer D refers to Federated Identity Management, which is not the same.

Horrible... While both options C and D describe centralized identity management, they represent different implementation models. Key difference: Option C: Multiple service providers share a common identity repository. Option D: A trusted third party manages identity information and issues credentials. Federated Identity Management. Both models aim to achieve the same goal of providing a unified identity management solution across multiple systems and organizations.

Leaning towards A. This is what the OSG 10e says. Implementing Identity Management Identity management (IdM) implementation techniques generally fall into two categories: Centralized access control implies that a single entity within a system performs all authorization verification. Decentralized access control (also known as distributed access control) implies that various entities located throughout a system perform authorization verification. A small team or individual can manage centralized access control. Administrative overhead is lower because all changes are made in a single location, and a single change affects the entire system.

Let’s calm down and read the options. If it is centralized, it doesn’t need to rely on TPP to provide IAM. The best answer is A which is to one SP is serving as central authority to provide credentials and IDP

The most fitting description for centralized identity management would be: A. Service providers perform as both the credential and identity provider (IdP). This option accurately portrays the concept of centralized identity management, where a single entity (the service provider) is responsible for both providing credentials (such as usernames and passwords) and verifying identities. This centralization streamlines the authentication process and enhances security by consolidating identity-related functions.

I though it was D, but copilot states the answer is A Centralized identity management is best described by option A: Service providers perform as both the credential and identity provider (IdP). In this model, a single authority (the service provider) is responsible for maintaining and managing the identities and access controls for all users within the system. This central authority acts as the identity provider (IdP), issuing credentials and managing user identities. This approach simplifies administration and improves security by providing a single point of control. However, it can also create a single point of failure and may not scale well for large, distributed systems. Options B, C, and D describe different aspects of identity management but do not accurately define centralized identity management.

wow soooo many wrong answers here. There is NO mention of federated identities in the question. Centralized just means you are using something like active directly for authentication where decentralized would be a peer-to-peer environment where authentication is handled locally on each system. Dont add extra context to what the question is asking!

"C" describes federated identity management, where organizations agree to share identity system recognition across their boundaries. Textbook definitions - that isn't centralised! Consider the danger of blanket statements - if there are any centralised management systems where multiple service providers don't integrate across boundaries, then the answer is too specific to be true. That leaves A or D to fill in the role of Centralised access - however the service provider would not typically be the one doing this in all cases. D fits the bill.

"Service providers agree to integrate identity system recognition across organizational boundaries" describes a form of federated identity management, not a centralized identity management.

Check SAML and OAuth

Guys stop getting misled by chatgpt. The correct answer here is C. Chatgpt will tell you confidently that it's D but it's incorrect. You have to challenge chatgpt because it tends to give flawed answers. When provided more information from the CISSP official study guide, it changed it's answer to C. and apologized. Please be careful with chatgpt. Use it wisely by doing your own research as well.

C describes federated identity management D describes delegated identity management A is best choice

The key is "BEST" describe and don't add your own context!! and C.Service providers agree to integrate identity system recognition "ACROSS" organizational boundaries

The correct answer should be A. In a centralized identity management system, data is stored and managed by a central authority or service provider who typically maintains a central repository or database where user identity information is stored.