CompTIA CASP+ (CAS-004) — Question 10

An organization is implementing a new identity and access management architecture with the following objectives:
✑ Supporting MFA against on-premises infrastructure
✑ Improving the user experience by integrating with SaaS applications
✑ Applying risk-based policies based on location
✑ Performing just-in-time provisioning
Which of the following authentication protocols should the organization implement to support these requirements?

Answer options

• A. Kerberos and TACACS
• B. SAML and RADIUS
• C. OAuth and OpenID
• D. OTP and 802.1X

Correct answer: C

Explanation

The correct answer is C, as OAuth and OpenID are well-suited for SaaS applications and can support MFA and risk-based policies effectively. Options A and B do not provide the necessary support for modern SaaS integration and user experience enhancements. Option D focuses more on device authentication rather than user authentication in the context of SaaS applications.