Exam CS0-002 topic 1 question 106 discussion

OK so here is my theory: They do mention that the help desk has to scramble to create different accounts for across many systems and sso would solve that but that is not what the final question is asking, the actual question is what will be assist the help desk with the onboarding and offboarding process while protecting company assets. RBAC (Role based access control) would be best because the employees who leave the job would be removed of their role and no longer be able to access the assets. When a new employee is onboarded, they would be assigned a role and would be able to access certain assets / accounts based on their role. It would simplify the onboarding and offboarding process and protect assets because the person who doesnt have the right role cant access assets that they are not allowed to . Im going with D. What do the experts think?

This was in my exam. But SSO was not one of the choices. the obvious answer was RBAC

D: RBAC Here's why RBAC is particularly relevant for asset protection: Granular Access Control: RBAC allows for granular control over access rights. By defining roles and associated permissions, you can restrict access to sensitive assets, reducing the risk of unauthorized access or data breaches. Least Privilege Principle: RBAC follows the principle of least privilege, meaning that users are granted the minimum level of access needed to perform their job functions. This minimizes the potential damage that can occur in the event of a security incident or if a user account is compromised. Ease of Management: RBAC simplifies access management by grouping users based on their roles. This makes it easier to handle onboarding and offboarding processes because administrators can assign or revoke access by modifying a user's role rather than dealing with individual permissions across multiple systems.

Which method would work best? RBAC (Role-Based Access Control) is a solution that would work best to assist the help desk with the onboarding and offboarding process while protecting the company’s assets. RBAC is a method of granting access to resources based on the roles of users within an organization. RBAC simplifies the management of user permissions by assigning predefined roles to users based on their job functions, rather than granting individual permissions to each user. RBAC can help automate the onboarding and offboarding process by enabling the help desk to quickly create or delete user accounts and assign or revoke access rights based on the roles of the users1. RBAC can also help protect the company’s assets by enforcing the principle of least privilege, which means that users only have access to the resources they need to perform their duties and nothing more2.

The most effective solution for streamlining the onboarding and offboarding process while protecting company assets is C. Single Sign-On (SSO). Single Sign-On (SSO) allows users to log in once and gain access to multiple systems without having to log in separately to each one

Key point is "protecting company assets". You cannot accomplish this with the SSO but with a RBAC

if SSO is an option, i would go for it because SSO allows users to log in once and access multiple systems and applications without the need to re-enter credentials. It can streamline the on-boarding and off-boarding process by providing centralized control over user access. When an employee joins or leaves the organization, their access can be easily managed through a single point, reducing the workload on the help desk. RBAC makes the most sense if SSO is not an option

SSO won't protect company's asset, while RBAC will assign the user appropriate authorization/permissions to the user.

RBAC (Role-Based Access Control) is a solution that would work best to assist the help desk with the onboarding and offboarding process while protecting the company’s assets. RBAC is a method of granting access to resources based on the roles of users within an organization. RBAC simplifies the management of user permissions by assigning redefined roles to users based on their job functions, rather than granting individual permissions to each user. RBAC can help automate the onboarding and offboarding process by enabling the help desk to quickly create or delete user accounts and assign or revoke access rights based on the roles of the users1. RBAC can also help protect the company’s assets by enforcing the principle of least privilege, which means that users only have access to the resources they need to perform their duties and nothing more2.

Saw this question in the exam. I don't believe SSO was an option, went with RBAC here

While SSO would provide a single login across multiple systems it doesn't provide access to systems in and of itself. Roles would still need assigning to the user across each system in order for access to be provided. I work in an org with a lot of SSO and it is frankly still a nightmare onboarding people onto multiple systems.

SSO is a security solution that allows users to access multiple applications and systems with a single set of credentials. This can help the help desk by automating the account creation process and reducing the number of requests they receive. Additionally, SSO can help protect the company's assets by ensuring that only authorized users have access to sensitive data.

SSO is the correct answer. One account and password used across multiple systems.

Role based access control.... once your role is confirmed you are good to go.

I agree with C

SSO is a technology that allows users to authenticate once and then access multiple systems or services without having to re-authenticate. SSO can simplify the onboarding and offboarding process by allowing the help desk to manage user access to multiple interconnected systems from a single location. When a user is onboarded or offboarded, their access to all systems and services can be managed from a central location. RBAC (Role-Based Access Control), is a security model that assigns permissions and access rights based on a user's role in the organization. While RBAC can help with managing user access to systems and services, it does not simplify the onboarding and offboarding process across multiple interconnected systems.

I initially thought it was C, but after reading the discussion and re-reading the question RBAC makes the most sense. When it mentions protecting the company's assets only RBAC would allow that, SSO would not. RBAC provides the principle of least privilege which will add that factor of protection.