In an identity federation setup between on-premises Active Directory and cloud identities, which practice helps maintain consistent access control across environments?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Study for the CompTIA Cloud+ exam. Enhance your skills with flashcards and multiple choice questions, each supported by hints and explanations. Prepare effectively for your certification!

Multiple Choice

In an identity federation setup between on-premises Active Directory and cloud identities, which practice helps maintain consistent access control across environments?

Explanation:
When you have a federation between on-premises Active Directory and cloud identities, the goal is to have authentication and authorization decisions feel seamless across environments. That means enforcing a strong, consistent authentication method and making sure the same group and role assignments exist in both places so permissions line up. Enforcing MFA across the board provides a uniform, stronger check on who is signing in, reducing the risk of compromised credentials and ensuring that access policies apply equally whether users are authenticating on-prem or in the cloud. At the same time, synchronizing groups and roles ensures that membership changes in the on-prem directory are reflected in the cloud, and vice versa, so entitlements and permissions remain aligned. This combination keeps access control consistent and manageable across environments. Disabling MFA weakens security and creates divergent authentication behavior between on-prem and cloud. Relying only on cloud accounts without the on‑prem identity breaks the federated model and can lead to drift between environments. Not syncing groups and relying on passwords alone creates inconsistent permissions and undermines centralized governance.

When you have a federation between on-premises Active Directory and cloud identities, the goal is to have authentication and authorization decisions feel seamless across environments. That means enforcing a strong, consistent authentication method and making sure the same group and role assignments exist in both places so permissions line up.

Enforcing MFA across the board provides a uniform, stronger check on who is signing in, reducing the risk of compromised credentials and ensuring that access policies apply equally whether users are authenticating on-prem or in the cloud. At the same time, synchronizing groups and roles ensures that membership changes in the on-prem directory are reflected in the cloud, and vice versa, so entitlements and permissions remain aligned. This combination keeps access control consistent and manageable across environments.

Disabling MFA weakens security and creates divergent authentication behavior between on-prem and cloud. Relying only on cloud accounts without the on‑prem identity breaks the federated model and can lead to drift between environments. Not syncing groups and relying on passwords alone creates inconsistent permissions and undermines centralized governance.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy