An enterprise is trying to secure a specific web-based application by forcing the use of multifactor authentication. Currently, the enterprise cannot change the application’s sign-in page to include an extra field. However, the web-based application supports SAML. Which of the following would BEST secure the application?
A. Using an SSO application that supports mutlifactor authentication
B. Enabling the web application to support LDAP integration
C. Forcing higher-complexity passwords and frequent changes
D. Deploying Shibboleth to all web-based applications in the enterprise
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
A, I not consider D because involve to change all web-based applications in the enterprise
This is a hard one it’s either A or D..
In defense of answer D, Shibboleth uses the SAML protocol. Shibboleth can be configured for multifactor authentication by modifying the configuration in the shibboleth2.xml file.
I would go with A. BTW, here is a great tutorial about SAML:
https://duo.com/blog/the-beer-drinkers-guide-to-saml
I am making a review on these questions and I would like to reformulate my answer:
I would go with D (Shibboleth).
Question states that “Currently, the enterprise cannot change the application’s sign-in page to include an extra field”, so A (using another app that supports MFA) would be out of question.
You could start authentication in another login page with MFA enabled (as an IdP – identity provider) and send this request to the SP (service provider), which would be the app that supports SAML.
From CompTIA’s official book:
“Shibboleth is a federated identity method based on SAML that is often employed by universities or public service organizations. In a Shibboleth implementation, a user attempts to retrieve resources from a Shibbolethenabled website, which then sends SAML authentication information over URL queries. The user is then redirected to an identity provider with which they can authenticate using this SAML information. The identity provider then responds to the service provider (the Shibboleth-enabled website) with the proper authentication information. The site validates this response and grants the user access to certain resources based on their SAML information.”