ISC2 Certified Cloud Security Professional (CCSP) Practice Question
Your company has federated its on-premises ADFS with a public IaaS tenant using SAML 2.0. After successful sign-on, the cloud provider must decide which virtual network segments and projects each user can access based on the groups sent by ADFS. Inside the SAML assertion, which element does the service provider consult to obtain this authorization data?
In SAML 2.0 an assertion can contain several statement types. The AttributeStatement holds one or more Attribute elements that convey security-relevant data such as group membership, roles or entitlements. A cloud service provider reads these attributes and maps them to its own access-control constructs (for example, IaaS roles or network segment permissions). An AuthnStatement merely proves that authentication occurred, SubjectConfirmation carries information on how the subject was confirmed, and the Conditions element defines temporal or audience restrictions; none of these deliver the detailed authorization attributes required for least-privilege role mapping.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is SAML 2.0 and how does it work in federated identity management?
Open an interactive chat with Bash
What information is provided inside the AttributeStatement in a SAML assertion?
Open an interactive chat with Bash
How does federated identity management improve security?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Platform & Infrastructure Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .