Crucial Exams

ISC2 Certified Cloud Security Professional (CCSP) Practice Question

A multinational corporation is integrating a new SaaS-based HR platform with its corporate identity provider using SAML 2.0. Security policy mandates multi-factor authentication (MFA) for all remote users. However, inside the company's secure data centers, carrying smartphones is prohibited by physical security rules, so mobile OTP applications are not an option. Which IAM design best satisfies both requirements without degrading user experience?

  • Deploy adaptive MFA that issues hardware FIDO2 security keys to on-site personnel while remote users continue to use time-based one-time passwords (TOTP) from a mobile authenticator app

  • Require all users to enroll in a push-based authenticator mobile app and prompt for approval during each login

  • Restrict access to the HR application by source IP addresses and rely on SAML single sign-on with passwords only

  • Increase password complexity rules to 15 characters and rotate every 60 days, eliminating the need for second factors

ISC2 Certified Cloud Security Professional (CCSP)
Cloud Application Security
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot