Certified Information Systems Security Professional (CISSP) — Question 21

Which of the following is TRUE for an organization that is using a third-party federated identity service?

Answer options

• A. The organization specifies alone how to authenticate other organization's users
• B. The organization defines internal standard for overall user identification
• C. The organization establishes a trust relationship with the other organizations
• D. The organization enforces the rules to other organization's user provisioning

Correct answer: C

Explanation

The correct answer is C because establishing a trust relationship is fundamental when using a federated identity service, allowing secure sharing of user identities. Options A, B, and D are incorrect as they imply unilateral control over user authentication and provisioning, which contradicts the cooperative nature of federated identity services.