Which statement best describes delegated administration in IAM?

Delegated administration in IAM means giving admins control over a defined, limited set of resources rather than the entire directory. This approach uses scoped permissions so that an administrator can manage specific applications or domains, reducing what could be affected if credentials are compromised and preventing a single point of failure. It also supports distributing management tasks while keeping governance through oversight, approvals, and audits. That’s why the statement about granting limited admin rights for specific apps or domains—with appropriate oversight to reduce blast radius and share responsibilities—is the best fit. Granting full admin rights to the entire directory increases risk and goes against the idea of scoped, controlled delegation. Deactivating all user accounts during an outage is an incident response action, not delegation. Centralizing administration under one role without oversight contradicts the essence of delegated governance.