Exam CISSP topic 1 question 471 discussion

As many have said, SAML is a protocol to implement FIM, but if you can read English the answer here is obviously FIM.

🔹 Option Analysis B. Security Assertion Markup Language (SAML) SAML is a protocol used in SSO to pass authentication assertions between an identity provider (IdP) and service providers (SPs). It enables web-based SSO across apps. Very strong candidate, but it’s a protocol, not the overarching approach. ⚠️ Important piece, but not the "broad approach." D. Federated Identity Management (FIM) ✅ FIM is the approach that enables SSO across multiple systems, organizations, or applications by allowing trust relationships between IdPs and SPs. SAML (and OpenID Connect) are the technologies used within FIM. ✅ Correct. 👉 Memory Tip: FIM = approach (SSO across apps/orgs). SAML = protocol that enables it. OAuth/OIDC = delegation & federation for modern apps.

the answer is SAML. Federated Identity Management allows identities across different organizations/domains (trust relationships). Since its the same organization, the answer is SAML

Federated Identity Management (FIM) is the best approach for enabling users to authenticate once and access multiple applications across different domains or organizations.

Can't be D. Federated Identity Management is a broader framework that may use SAML as a protocol, but the question specifically asks about the authentication approach, making SAML the best choice.

SAML is for apps, federated is for the entire organization

Federation is across organizations, not applications in the same network.

D. is a broader concept that encompasses SSO and allows users to access systems across different organizations using the same identity, typically implemented through SAML or OIDC.

I'm going with B, it says across an organization. SSO is within an organisation by using SAML whereas FIM is across multiple organisation according to my knowledge.

FIM is an approach.. SAML is an implementation of FIM..

D. Federated Identity Management. Federated Identity Management systems allow the identities to be used across multiple IT systems or organizations, enabling users to log in once (Single Sign-On) and gain access to all associated systems without being prompted to log in again at each of them. This approach is particularly effective for SSO implementations because it establishes trust between different domains, allowing for the secure sharing of identity information across those domains. Security Assertion Markup Language (SAML) is a protocol used within Federated Identity Management to exchange authentication and authorization data, but Federated Identity Management itself is the broader approach that best facilitates SSO across multiple applications.

Sorry, meant Answer B) SAML

Answer A) SAML C and D are basically the same, just different scopes. SAML is the approach just like if you were to use OAUTH

D. Security Assertion Markup Language (SAML): Federated Identity Management, on the other hand, typically applies when SSO needs to work across different organizations or domains. It involves multiple identity providers and service providers working together to enable SSO across organizational boundaries. So, in the context of a single organization's network, SAML is a strong choice for allowing users to use their credentials across multiple applications while maintaining security and convenience.

D. Federated Identity Management A. SAML is an XML-based standard for exchanging authentication and authorization data between parties, typically between an identity provider (IdP) and a service provider (SP). D. FIM involves the sharing of authentication and authorization across multiple trusted domains or systems.

D. Security Assertion Markup Language (SAML): How it works: SAML is an XML-based standard for exchanging authentication and authorization data between parties, typically between an identity provider (IdP) and a service provider (SP). FIM involves the sharing of authentication and authorization across multiple trusted domains or systems.

B is correct