Register
A security architect is determining the best solution for a new project. The project is developing a new intranet with advanced authentication capabilities, SSO for users, and automated provisioning to
93.2k views
1 vote
A security architect is determining the best solution for a new project. The project is developing a new intranet with advanced authentication capabilities, SSO for users, and automated provisioning to streamline Day 1 access to systems. The security architect has identified the following requirements:1. Information should be sourced from the trusted master data source.2. There must be future requirements for identity proofing of devices and users.3. A generic identity connector that can be reused must be developed.4. The current project scope is for internally hosted applications only.

Which of the following solution building blocks should the security architect use to BEST meet the requirements?

A. LDAP, multifactor authentication, OAuth, XACML
B. AD, certificate-based authentication, Kerberos, SPML
C. SAML, context-aware authentication, OAuth, WAYF
D. NAC, radius, 802.1x, centralized active directory

User Salman Khalid
by
6.8k points

1 Answer

2 votes

Final answer:

Option B, which includes AD, certificate-based authentication, Kerberos, and SPML, best meets the advanced authentication and automated provisioning requirements for the new intranet with SSO capabilities. Option B is correct.

Step-by-step explanation:

The question is about selecting the appropriate solution building blocks for a new intranet project focusing on advanced authentication capabilities, including Single Sign-On (SSO), and automated provisioning. The security architect aims to establish a system sourced from a trusted master data source, provision for future identity proofing of devices and users, and create a generic identity connector for internal applications.

Considering the requirements, option B seems to be the best fit:

AD (Active Directory): Provides the trusted master data source and can manage the identities and relationships central to directory services.

Certificate-based authentication: Lays the foundation for future identity proofing needs.

Kerberos: Is suitable for SSO, which is a requirement for the project.

SPML (Service Provisioning Markup Language): Is used for automated provisioning, enabling streamlined Day 1 access for users.

Options A, C, and D include technologies that are not as closely aligned with the stated requirements of the project, either because they are designed for different types of applications or do not provide the needed provisioning capabilities.

User Eugene Botyanovsky
by
7.7k points
Ask a Question
Welcome to QAmmunity.org, where you can ask questions and receive answers from other members of our community.

8.6m questions

11.2m answers

Other Questions

The book shows how to add and subtract binary and decimal numbers. However, other numbering systems are also very popular when dealing with computers. The octal (base 8) numbering system is one of these.
Seven basic internal components found in a computer tower
describe an advance in technology that makes life more enjoyable. what discoveries contribute to this technology?
Disadvantages of using animation in advertising? advantages and disadvantages of using animation for education? advantages and disadvantages of using animation in entertainment?
Explain why binary codes are used to represent characters, numbers and symbols :)
Link Copied!