101 · Question #675
Which two functions of AAA does Security Assertion Markup Language (SAML) identity Provider (IdP) offer (Choose two)?
The correct answer is B. provide authentication D. provide session auditing. SAML IdP fulfills the authentication and auditing roles within AAA by verifying user identity and generating signed assertions that create an auditable session record.
Question
Which two functions of AAA does Security Assertion Markup Language (SAML) identity Provider (IdP) offer (Choose two)?
Options
- Ameasure usage
- Bprovide authentication
- Cprovide availability
- Dprovide session auditing
- Efilter access
How the community answered
(64 responses)- A5% (3)
- B80% (51)
- C3% (2)
- E13% (8)
Why each option
SAML IdP fulfills the authentication and auditing roles within AAA by verifying user identity and generating signed assertions that create an auditable session record.
Measuring usage is an accounting function typically handled by RADIUS or TACACS+, not by a SAML IdP which focuses on identity assertion.
SAML IdP is specifically designed to authenticate users by validating credentials and issuing cryptographically signed assertions that confirm identity to service providers, directly fulfilling the authentication function of AAA.
Providing availability is a network reliability concern addressed by redundancy and load balancing technologies, not an AAA function at all.
SAML IdP generates assertion logs for each authentication event, providing a timestamped record of user sessions that supports the accounting/auditing component of AAA and enables administrators to review access history.
Filtering access is an authorization or firewall function enforced by policy engines or access control lists, not a core capability of a SAML IdP.
Concept tested: SAML IdP roles within AAA authentication and auditing
Source: https://docs.oasis-open.org/security/saml/v2.0/saml-core-2.0-os.pdf
Topics
Community Discussion
No community discussion yet for this question.