ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
Your security team is tasked with allowing employees to log in to a third-party SaaS project-tracking application using existing corporate credentials. The SaaS supports SAML 2.0 but maintains its own user store. Which action correctly establishes a federated trust for single sign-on?
Provision OAuth 2.0 personal access tokens for each user and upload them to the SaaS as shared secrets.
Enable recurring password-hash synchronization from the corporate directory to the SaaS authentication database.
Configure the SaaS as a SAML Service Provider and import the IdP's signing certificate so it can validate SAML assertions.
Establish cross-realm Kerberos trust with NTLM fallback between the corporate domain controllers and the SaaS environment.
In a SAML-based federation, your organization acts as the Identity Provider (IdP) and the SaaS application acts as the Service Provider (SP). The IdP performs the user authentication and issues a SAML assertion that is digitally signed with its private key. For the SP to accept that assertion, it must possess and trust the IdP's signing certificate and be configured as a SAML Service Provider that consumes the assertion. Importing the IdP's public signing certificate into the SaaS and enabling it to operate as an SP fulfils this requirement, allowing users to authenticate once with the IdP and gain access to the SaaS without local passwords.
Password-hash synchronization copies secrets rather than establishing federation, contradicting the goal of avoiding credential replication. Uploading per-user OAuth tokens or configuring Kerberos/NTLM across the internet are unrelated to SAML federation and would not create the necessary trust relationship between the IdP and the SP.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is SAML and how does it enable single sign-on?
Open an interactive chat with Bash
What is the role of an Identity Provider (IdP) in SAML?
Open an interactive chat with Bash
Why is importing the IdP's signing certificate into the Service Provider necessary?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Concepts
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .