nerdexam
ExamsCAS-002Questions#98
CompTIA

CAS-002 · Question #98

CAS-002 Question #98: Real Exam Question with Answer & Explanation

The correct answer is D: An assertion ticket. SAML authentication issues an assertion ticket to the user, which is then presented to the service provider as proof of authentication rather than a cryptographic key or certificate.

Question

When authenticating over HTTP using SAML, which of the following is issued to the authenticating user?

Options

  • AA symmetric key
  • BA PKI ticket
  • CAn X.509 certificate
  • DAn assertion ticket

Explanation

SAML authentication issues an assertion ticket to the user, which is then presented to the service provider as proof of authentication rather than a cryptographic key or certificate.

Common mistakes.

  • A. A symmetric key is used for encrypting data or sessions and is not what SAML issues to the authenticating user as a result of the authentication event.
  • B. 'PKI ticket' is not a standard term in SAML or PKI specifications - Kerberos issues tickets, and PKI issues certificates, but SAML does not issue a 'PKI ticket.'
  • C. An X.509 certificate is a PKI artifact used to verify identities and sign SAML assertions, but it is not issued to the end user as the output of SAML authentication.

Concept tested. SAML assertion issuance over HTTP bindings

Reference. https://docs.oasis-open.org/security/saml/v2.0/saml-bindings-2.0-os.pdf

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-002 Practice