CISSP Exam - Question 60

Centralized access control implies that a single entity (the IdP) performs all authorization verification. Decentralized access control (also known as distributed access control) implies that various entities perform authorization verification. The Identity Provider (IdP) is a third party that holds the user authentication and authorization information. Because centralized identity management is united across all applications, the user only needs to access one console to enable a variety of services and infrastructure. For example, a Service Provider such as a bank can use an IdP like provide customers with seamless access to banking services that are externally managed, like ordering checks, sending money through a cash app, or applying for a loan. If the customer updates their address in one application, it is updated in all applications.

Yet another horrible question purely due to ambiguous wording. Centralized IAM doesn't have to be across org boundaries. Which puts me off C and leans me towards D, which I don't like much either tbh

Centralized identity management refers to a system in which a single entity, such as an organization or service provider, acts as both the credential provider and the identity provider (IdP) for a network or system.

The BEST description of centralized identity management is: C. Service providers agree to integrate identity system recognition across organizational boundaries. Centralized identity management refers to the practice of integrating and managing user identities across multiple systems and applications within an organization or across organizational boundaries. It involves establishing a centralized identity system that serves as a trusted source of user identities and authentication credentials. In centralized identity management, service providers agree to integrate their identity systems, allowing for seamless identification and authentication of users across different systems and applications. This integration eliminates the need for separate credentials and identities for each system, streamlines user access management, and enhances security and user experience.

The key is "BEST" describe and don't add your own context!! and C.Service providers agree to integrate identity system recognition "ACROSS" organizational boundaries

The most fitting description for centralized identity management would be: A. Service providers perform as both the credential and identity provider (IdP). This option accurately portrays the concept of centralized identity management, where a single entity (the service provider) is responsible for both providing credentials (such as usernames and passwords) and verifying identities. This centralization streamlines the authentication process and enhances security by consolidating identity-related functions.

C doesnt make much sense, service providers agree to integrate identity system recognition across organizational boundaries, refers to a different approach called federation, it doesn't describe centralized identity management

C is the correct ans

The correct answer should be A. In a centralized identity management system, data is stored and managed by a central authority or service provider who typically maintains a central repository or database where user identity information is stored.

C describes federated identity management D describes delegated identity management A is best choice

Guys stop getting misled by chatgpt. The correct answer here is C. Chatgpt will tell you confidently that it's D but it's incorrect. You have to challenge chatgpt because it tends to give flawed answers. When provided more information from the CISSP official study guide, it changed it's answer to C. and apologized. Please be careful with chatgpt. Use it wisely by doing your own research as well.

Check SAML and OAuth

"Service providers agree to integrate identity system recognition across organizational boundaries" describes a form of federated identity management, not a centralized identity management.

"C" describes federated identity management, where organizations agree to share identity system recognition across their boundaries. Textbook definitions - that isn't centralised! Consider the danger of blanket statements - if there are any centralised management systems where multiple service providers don't integrate across boundaries, then the answer is too specific to be true. That leaves A or D to fill in the role of Centralised access - however the service provider would not typically be the one doing this in all cases. D fits the bill.

wow soooo many wrong answers here. There is NO mention of federated identities in the question. Centralized just means you are using something like active directly for authentication where decentralized would be a peer-to-peer environment where authentication is handled locally on each system. Dont add extra context to what the question is asking!

I though it was D, but copilot states the answer is A Centralized identity management is best described by option A: Service providers perform as both the credential and identity provider (IdP). In this model, a single authority (the service provider) is responsible for maintaining and managing the identities and access controls for all users within the system. This central authority acts as the identity provider (IdP), issuing credentials and managing user identities. This approach simplifies administration and improves security by providing a single point of control. However, it can also create a single point of failure and may not scale well for large, distributed systems. Options B, C, and D describe different aspects of identity management but do not accurately define centralized identity management.

Let’s calm down and read the options. If it is centralized, it doesn’t need to rely on TPP to provide IAM. The best answer is A which is to one SP is serving as central authority to provide credentials and IDP