Exam SY0-501 topic 1 question 616 discussion

This question was on the test. Took and passed the test on Jan 24, 2020.

SAML seems more correct. https://www.identitymanagementinstitute.org/identity-and-access-management-protocols/ "As Software-as-a-Service (SaaS) continues to grow in popularity, SAML is an integral part of corporate IAM."

as it is SaaS, there should be an IdP in the DMZ, hence, SAML seems to be correct

IAM means identity and access management it uses single sign on like SAML so answer is C Systems used for IAM include single sign-on systems, two-factor authentication, multifactor authentication and privileged access management. These technologies also provide the ability to securely store identity and profile data as well as data governance functions to ensure that only data that is necessary and relevant is shared.

B. A new generation of cloud IAM platforms with the capability of SaaS RADIUS is taking on eliminating this complexity and overhead. With an integrated directory service and RADIUS server infrastructure...https://jumpcloud.com/blog/cloud-iam-feature-saas-radius

(SAML), is an open standard that allows security credentials to be shared by multiple computers across a network, (SSO). It describes a framework that allows one computer to perform some security functions on behalf of one or more other computers: It does supports Authentication and Authentication So it wont be SAML.

Isn't the keyword "integrated"? Isn't the INTEGRATION done with LDAP? A best-of-breed cloud-based IAM solution should provide centralized, out-of-the-box integration into your central Active Directory or LDAP directory so you can seamlessly leverage and extend that investment to these new applications—without on-premises appliances or firewall modifications required. Source: https://www.okta.com/resources/whitepaper/top-8-iam-challenges-with-your-saas-apps/ RADIUS - Mainly used for AAA. No mention of this in the question. SAML - No mention of SSO in the question. Also, none are used for INTEGRATION. LDAP is!

IAM manages digital identities and user access to data, systems or resources within an organization. IAM is the Identity and AAA (Authentication, Authorization and Accounting). RADIUS is created and used for AAA. At first glance sAML does not provide authorization but only identity and authentication. SAML may however include the ability to transfer authorization data between their systems. It's possible to use SAML for single sign-on authentication and for authorization. SAML satisfies IAM and the application being added to the company in the question is SaaS which is web based, then I would go with C. SAML

SAML, with SaaS you will most likely be looking to implement SingleSignOn

To me SAML is when you go to create a new account with a random site and it asks "would you like to log in using your FB or Google account?" Then you get to skip having to create a whole to account. It just associates your account with FB or Google.

I swear comptia is obsessed with Kerberos, RADIUS and Faraday

I think the answer is RADIUS. On-premise systems use LDAP and SAML. In Cloud RADIUS.

Answer is B, not C. RADIUS is used in IAM processes, SAML is for federation.

Most organizations already know the identity of users because they are logged in to their Active Directory domain or intranet. It makes sense to use this information to log users in to other applications, such as web-based applications, and one of the more elegant ways of doing this is by using SAML. https://developers.onelogin.com/saml

Here's the Dill pickles. In real life you can probably use both. These questions are stupid leaning on fraudulent. I've found usually when we are talking about Cloud Authentication it's SAML especially when we are involving federations. The question uses the word Cloud but not Federation. It uses the word IAM. What is an IAM? I don't know that why i'm taking this stupid exam but here is an explanation from a sexy lady on youtube. ( https://www.youtube.com/watch?v=vFB2CR7xCOM&feature=emb_logo ) Listen to how she says "SAML" so beautifully and with an English accent. Who knows the actual answer, but alot of points are on SAML.

Are IAM platforms based on open standards? Authorization messages between trusted partners are often sent using Security Assertion Markup Language (SAML). This open specification defines an XML framework for exchanging security assertions among security authorities. SAML achieves interoperability across different vendor platforms that provide authentication and authorization services. SAML isn’t the only open-standard identity protocol, however. Others include OpenID, WS-Trust (short for Web Services Trust) and WS-Federation (which have corporate backing from Microsoft and IBM), and OAuth (pronounced “Oh-Auth”), which lets a user’s account information be used by third-party services such as Facebook without exposing the password.

my heart says SAML but knowing CompTIA frauds its prob Radius