An organization would like to ensure that all new users have a predefined departmental access template applied upon creation. The organization would also like additional access for users to be granted on a per-project basis. What type of user access administration is BEST suited to meet the organization's needs?
The best user access administration type to meet the organization's needs is Hybrid. In a hybrid approach, centralized control provides predefined departmental access templates for new users upon creation, ensuring consistency. Simultaneously, decentralized control allows additional access to be granted on a per-project basis, providing the necessary flexibility for specific project needs. This combination balances the stability of centralized administration with the adaptability of decentralized control.
Agree with B it is a hybrid of RBAC and ABAC
B is correct
CISSP Official Student Guide pg 169 "Hybrid: In a hybrid approach, centralized control is exercised for some information and decentralized control is allowed for other information. One typical arrangement is that central administration is responsible for the broadest and most basic access, and the creators/owners of files control the types of access or users’ abilities for the files under their control. For example, when a new employee is hired into a department, a central administrator might provide the employee with access permissions based on the functional element they are assigned to, the job classification and the specific task they were hired to work on. The employee might have readonly access to an organization-wide SharePoint document library and to project status report files but read-and-write privileges to his department’s weekly activities report. Also, if the employee leaves a project, the project manager can easily close that employee’s access to that file."
Can someone justify this answer please
Only: Because the test said so... (This question is a bad question)
The question is talking about inside organization, so this is nothing to do with Federate..I think hybrid is a better choice.
Agree with B it is a hybrid of RBAC and ABAC
B. Hybrid user access administration is BEST suited to meet the organization's needs. Hybrid user access administration is a combination of both centralized and decentralized access administration. It allows for a predefined departmental access template to be applied to new users upon creation, which is a centralized approach. And also allows for additional access to be granted on a per-project basis, which is a decentralized approach. This allows for a balance between centralized control and flexibility for departments and project teams to manage their own access needs.
I believe the answer is C. Hybrid and Federated refer to the back end solution for IAM, including SSO, etc. See page 688 of the official study guide "Hybrid Environment". According to pg 659, there are two options for Identity Management, Centralized and Decentralized. Therefore, I choose C.
Why B? Hybrid is both on-prem and cloud. I didn't see anything about cloud in the question.
I would go with A
agree with B https://www.serverbrain.org/infrastructure-design-2003/identifying-the-hybrid-administration-model.html
Combination of RBAC and ABAC, ABAC can be per project basis.
B It Is!
I go with C. OSG - Centralized access control implies that a single entity within a system performs all authorization verification.
How could it be D when Federated refers to inter organizational?