CompTIA CASP+ (CAS-003) — Question 203

A security architect is determining the best solution for a new project. The project is developing a new intranet with advanced authentication capabilities, SSO for users, and automated provisioning to streamline Day 1 access to systems. The security architect has identified the following requirements:
1. Information should be sourced from the trusted master data source.
2. There must be future requirements for identity proofing of devices and users.
3. A generic identity connector that can be reused must be developed.
4. The current project scope is for internally hosted applications only.
Which of the following solution building blocks should the security architect use to BEST meet the requirements?

Answer options

• A. LDAP, multifactor authentication, OAuth, XACML
• B. AD, certificate-based authentication, Kerberos, SPML
• C. SAML, context-aware authentication, OAuth, WAYF
• D. NAC, radius, 802.1x, centralized active directory

Correct answer: B

Explanation

The correct answer is B because Active Directory (AD) provides a robust framework for managing user identities and access control, which is essential for the project’s internal applications. Certificate-based authentication and Kerberos enhance security and support future identity proofing requirements. The other options do not align as effectively with the project’s needs for a reliable internal solution and automated provisioning.