Crucial Exams

ISC2 Certified Cloud Security Professional (CCSP) Practice Question

Your organization is moving its on-premises HR system to a Software-as-a-Service platform. Users will authenticate through the existing enterprise identity provider with SAML 2.0 federation. Security has two requirements:

  • HR administrators must be able to create, modify, and disable any employee account.
  • All other employees must be limited to viewing and updating only their own personal records.
    Which access-control approach in the SaaS most effectively enforces least privilege while minimizing ongoing administrative effort?

  • Implement SAML-driven attribute-based access control so the SaaS assigns permissions from user and group attributes in each login assertion.

  • Enforce multifactor authentication for all users before they access the SaaS portal.

  • Rely on single sign-on only and manually grant HR administrator rights to specific users inside the SaaS tenant.

  • Create one shared service account with full administrator rights and give the credentials to the HR department.

ISC2 Certified Cloud Security Professional (CCSP)
Cloud Concepts, Architecture and Design
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot