ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
Your organization is decomposing a legacy web app into microservices exposed through a common API gateway. The security team must provide uniform authentication across services, enable Single Sign-On for users from partner domains, and avoid copying auth code into every service. Which security architecture pattern should they adopt?
Rely on network segmentation and IP allow-lists at the VLAN level to authenticate and authorize all service requests.
Maintain a shared database of user credentials that every microservice queries to authenticate incoming requests.
Implement a federated identity solution that issues security tokens consumed by the API gateway and propagated to each microservice.
Embed username-password authentication logic directly within every microservice and validate credentials locally.
A federated identity architecture delegates authentication to a trusted identity provider that issues security tokens (for example, via SAML, OAuth 2.0, or OpenID Connect). The API gateway validates the token once and propagates the user's identity to downstream microservices, giving all services a consistent, centralized mechanism for identity assurance and Single Sign-On without embedding authentication logic or credential stores in each service.
Embedding username/password checks inside every microservice duplicates security code and complicates maintenance. Relying only on network segmentation and IP allow-lists offers no user-centric authentication or SSO capability. Sharing a credentials database among services centralizes storage but still forces each service to handle authentication logic and exposes credential data widely. Therefore, federated identity with token-based SSO is the most appropriate choice.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is federated identity in security architecture?
Open an interactive chat with Bash
How does an API gateway work with federated identity?
Open an interactive chat with Bash
What are the key differences between SAML, OAuth 2.0, and OpenID Connect?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Architecture and Design
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .