Splunk Enterprise Security Certified Analyst — Question 40

When using SAML, where does user authentication occur?

Answer options

• A. Splunk generates a SAML assertion that authenticates the user.
• B. The Service Provider (SP) decodes the SAML request and authenticates the user.
• C. The Identity Provider (IDP) decodes the SAML request and authenticates the user.
• D. The Service Provider (SP) generates a SAML assertion that authenticates the user.

Correct answer: C

Explanation

The correct answer is C because the Identity Provider (IDP) is responsible for authenticating the user and generating the SAML assertion. Options A and D incorrectly state that Splunk or the Service Provider generates the assertion, which is not the case, and option B incorrectly assigns the authentication role to the Service Provider instead of the IDP.