When accessing corporate network resources, users are required to authenticate to each application they try to access. Which of the following concepts does this BEST represent?
SSO is the complete opposite of what the question is asking. C and D do not apply and make 0 sense. Thus, B is the correct answer and based on a google search, it makes sense.
GPT and Bing AI pick (D). This is GPT:
"When accessing corporate network resources and being required to authenticate to each application individually, this concept BEST represents (D) Role-based access control (RBAC).
Role-based access control (RBAC) is a security approach where access to network resources is determined by a user's role within an organization. Each user is assigned specific roles or permissions that grant access to certain applications, data, and resources based on their job responsibilities and needs. This helps in ensuring that users have access only to the resources relevant to their roles, reducing the risk of unauthorized access.
The other options have different meanings:
(A) Single Sign-On (SSO): SSO is a method where users authenticate once and gain access to multiple applications and services without needing to re-enter credentials for each application. This is the opposite of the scenario described.
(B) Zero Trust: Zero Trust is a security model that assumes no implicit trust, requiring verification of all users and devices trying to access network resources. While related to security, it doesn't specifically address the requirement to authenticate to each application separately.
(C) Virtual Private Network (VPN): A VPN is a secure connection used to access a private network over a public network. It doesn't directly relate to the scenario of requiring individual authentication for each application."
After arguing with chatgpt on this:
In summary, the concept that best represents the scenario described in the question is the Zero Trust security model, as it requires users to authenticate and verify their identity each time they attempt to access a resource, even if they have previously authenticated.
But a bad question. In my opinion it is not RBAC because it can also be used with SSO and also separate authentication for each. But it all depends on the knowledge level of the question creator. I'm not convinced the person understands the nuances. Each application requires authentication does not rule out it is same authentication server (not separate identities)
Zero Trust deals with authentication by requiring users and devices to authenticate themselves and verify their identity each time they attempt to access a resource, even if they have previously authenticated
A separate authentication is a bad practice in my opinion. SSO with RBAC is better but
A better wording would have been "users have to authenticate each time they try to access a resource" (instead of what it is now). Then it is clearly zero trust
The concept described in the question, where users are required to authenticate to each application they try to access, BEST represents the concept of Role-based access control (RBAC).
D. Role-based access control
When users are required to authenticate to each application they try to access when accessing corporate network resources, this BEST represents the concept of D. Role-based access control (RBAC).
RBAC is a method of restricting network and application access based on the roles of individual users within an organization. Each user is assigned a set of permissions or privileges that determine which network resources and applications they are allowed to access. This approach ensures that users only have access to the resources and applications they need to do their jobs, reducing the risk of unauthorized access or data breaches.
if you know how to ask then you get the right answer. I got this answer whiich states clear that is zero trust.
In summary, Zero Trust and RBAC are complementary approaches to access control and security. Zero Trust focuses on continuously verifying users and devices and strictly controlling access, while RBAC provides a structured model for assigning and managing permissions based on predefined roles. Organizations can choose to implement one or both of these approaches based on their specific security requirements and risk tolerance.
The Zero Trust security approach deems everything untrustworthy until authentication is successful. Security is implemented in redundant layers throughout the network. This is an example of the concept of 'defence in depth'. As K5875 notes, SSO is conceptually an approach that is opposed to Zero Trust.
Its Zero Trust - you are basically making sure that the correct person is trying to use the application. Lameterms way to describe it.
upvoted 1 times
...
...
This section is not available anymore. Please use the main Exam Page.N10-008 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
K5875
Highly Voted 1 year, 10 months agoMitchF
Most Recent 11 months, 2 weeks agoMitchF
11 months, 2 weeks agoTheFivePips
11 months, 2 weeks agofamco
1 year, 3 months agofamco
1 year, 3 months agoDoaa81
1 year, 4 months agoIT__noob
1 year, 4 months agoloccodennis
1 year, 3 months agoAlbanAlla
1 year, 1 month agoJakeCharles
1 year, 6 months agoAlbinoBonobo
1 year, 8 months agoDano000
1 year, 10 months agofouserd
1 year, 8 months ago