CompTIA CASP+ (CAS-003) — Question 179

An enterprise is trying to secure a specific web-based application by forcing the use of multifactor authentication. Currently, the enterprise cannot change the application's sign-in page to include an extra field. However, the web-based application supports SAML. Which of the following would BEST secure the application?

Answer options

• A. Using an SSO application that supports mutlifactor authentication
• B. Enabling the web application to support LDAP integration
• C. Forcing higher-complexity passwords and frequent changes
• D. Deploying Shibboleth to all web-based applications in the enterprise

Correct answer: D

Explanation

The correct answer is D, as deploying Shibboleth enables SAML-based single sign-on which can incorporate multifactor authentication effectively. Option A, while valid, does not directly relate to the SAML support of the application. Option B does not enhance authentication security, and Option C, though it improves password security, does not implement multifactor authentication.