CompTIA Security+ (SY0-501) — Question 772

A company has three divisions, each with its own networks and services. The company decides to make its secure web portal accessible to all employees utilizing their existing usernames and passwords. The security administrator has elected to use SAML to support authentication. In this scenario, which of the following will occur when users try to authenticate to the portal? (Choose two.)

Answer options

• A. The portal will function as a service provider and request an authentication assertion.
• B. The portal will function as an identity provider and issue an authentication assertion.
• C. The portal will request an authentication ticket from each network that is transitively trusted.
• D. The back-end networks will function as an identity provider and issue an authentication assertion.
• E. The back-end networks will request authentication tickets from the portal, which will act as the third-party service provider authentication store.
• F. The back-end networks will verify the assertion token issued by the portal functioning as the identity provider.

Correct answer: C, D

Explanation

The correct answers are C and D because, in a SAML setup, the back-end networks act as identity providers that issue authentication assertions. The portal, while acting as a service provider, will request authentication tickets from the trusted networks, which aligns with option C. Options A, B, E, and F are incorrect as they misrepresent the roles of the portal and the back-end networks in the SAML authentication process.