Moving HR System to Cloud Services | SY0-601 Exam Answer

Best Option for Maintaining Password Security with Cloud Service Provider

Prev Question Next Question

Question

An organization is moving its human resources system to a cloud services provider.

The company plans to continue using internal usernames and passwords with the service provider, but the security manager does not want the service provider to have a company of the passwords.

Which of the following options meets all of these requirements?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

D.

The best answer for this scenario would be D. Federated authentication.

Federated authentication is a method of securely managing identity and access to cloud-based resources, by allowing users to use their existing internal credentials (i.e., usernames and passwords) to access cloud services without having to share those credentials with the cloud provider.

In this case, the organization wants to continue using its internal usernames and passwords, but not share them with the cloud service provider. Federated authentication would allow the company to do just that.

Here's how it works: the organization would set up a trusted relationship with the cloud service provider. This would involve creating a trust relationship between the organization's internal authentication system and the cloud service provider's authentication system. Once the trust relationship is established, users can use their existing internal credentials to access the cloud services without ever having to provide them to the cloud provider.

Two-factor authentication (A) requires users to provide two forms of authentication (such as a password and a token or biometric), but it does not solve the problem of the cloud provider needing to have access to the organization's internal passwords.

Account and password synchronization (B) involves synchronizing the passwords between the internal authentication system and the cloud provider's system, which is exactly what the security manager does not want.

Smartcards with PINS (C) are a form of two-factor authentication that uses a physical token (the smartcard) and a PIN to provide authentication. While this is a secure method, it does not solve the problem of the cloud provider needing to have access to the organization's internal passwords.

Therefore, the best answer for this scenario is D. Federated authentication.