CAS-002 · Question #894
CAS-002 Question #894: Real Exam Question with Answer & Explanation
The correct answer is A: Establish a cloud-based authentication service that supports SAML.. SAML-based federated authentication provides centralized identity management with distributed login and has broad compatibility across SaaS vendors, eliminating the need for password replication or shared accounts.
Question
Options
- AEstablish a cloud-based authentication service that supports SAML.
- BImplement a new Diameter authentication server with read-only attestation.
- CInstall a read-only Active Directory server in the corporate DMZ for federation.
- DAllow external connections to the existing corporate RADIUS server.
Explanation
SAML-based federated authentication provides centralized identity management with distributed login and has broad compatibility across SaaS vendors, eliminating the need for password replication or shared accounts.
Common mistakes.
- B. Diameter is a AAA protocol designed for telecom network access (LTE, EAP), not for SaaS application federation, and has no meaningful adoption among SaaS identity providers.
- C. Placing a read-only AD instance in the DMZ exposes the directory to the internet and does not inherently provide SAML-based federation without additional federation services such as AD FS.
- D. RADIUS is designed for network access authentication (802.1X, VPN, dial-up) and lacks the assertions-based federation model required for SaaS SSO compatibility.
Concept tested. SAML federated identity for SaaS SSO
Reference. https://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-tech-overview-2.0.html
Community Discussion
No community discussion yet for this question.