Brian has been asked to work on the virtual directory of his company’s new identity management system. Which of the following best describes a virtual directory?

A.
Meta-directory

B.
User attribute information stored in an HR database

C.
Virtual container for data from multiple sources

D.
A service that allows an administrator to configure and manage how identification takes place

Explanation:
C: A network directory is a container for users and network resources. One directory does not contain (or know about) all of the users and resources within the enterprise, so a
collection of directories must be used. A virtual directory gathers the necessary information used from sources scattered throughout the network and stores them in a central virtual
directory (virtual container). This provides a unified view of all users’ digital identity information throughout the enterprise. The virtual directory periodically synchronizes itself with all of
the identity stores (individual network directories) to ensure the most up-to-date information is being used by all applications and identity management components within the
enterprise.
A is incorrect because whereas a virtual directory is similar to a meta-directory, the meta-directory works with one directory while a virtual directory works with multiple data sources.
When an identity management component makes a call to a virtual directory, it has the capability to scan different directories throughout the enterprise, whereas a meta-directory only
has the capability to scan the one directory it is associated with.
B is incorrect because it best describes an identity store. A lot of information stored in an identity management directory is scattered throughout the enterprise. User attribute
information (employee status, job description, department, and so on) is usually stored in the HR database; authentication information could be in a Kerberos server; role and group
identification information might be in a SQL database; and resource-oriented authentication information can be stored in Active Directory on a domain controller. These are commonly
referred to as identity stores and are located in different places on the network. Many identity management products use virtual directories to call upon the data in these identity stores.
D is incorrect because it describes the directory service. The directory service allows an administrator to configure and manage how identification, authentication, authorization, and
access control occur within the network. It manages the objects within a directory by using namespaces and enforces the configured security policy by carrying out access control and
identity management functions.