ISC2 Certified Cloud Security Professional (CCSP) Practice Question
Your organization is moving an internal HR application to virtual machines hosted in a public IaaS environment. Security policy requires that employees continue to authenticate with their on-premises Active Directory credentials and that only the HR support group may administer the cloud resources used by the application. Which identity and access control solution best meets these requirements while honoring least-privilege principles?
Permit anonymous access to the cloud resource endpoints and rely solely on application-level authentication.
Configure SAML 2.0 federation between Active Directory Federation Services and the cloud provider, mapping AD groups to fine-grained IAM roles.
Embed shared root-level SSH keys into the VM images and distribute the key pair to the HR team.
Create individual IAM users in the cloud provider and enforce complex password rotation policies.
Federating the cloud provider with the corporate identity store using SAML 2.0 allows users to present their existing Active Directory credentials through single sign-on. Group claims in the SAML assertion can be mapped to narrowly scoped IAM roles so that only members of the HR support group receive the administration privileges needed for the workload, satisfying the principle of least privilege. Creating local cloud accounts would duplicate identities and require additional password management. Anonymous access removes all authentication, conflicting with policy. Embedding shared root-level SSH keys provides no fine-grained authorization and violates least-privilege requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is SAML 2.0 federation and how does it work?
Open an interactive chat with Bash
Why is configuring local cloud IAM accounts a poor choice compared to SAML federation?
Open an interactive chat with Bash
What are the key advantages of enforcing least-privilege principles in access control?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Concepts, Architecture and Design
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .