KT-IAS Authentication

SSO logs show an application accepting SAML assertions after certificate rollover, but only for one legacy app. What should you verify FIRST?

Multiple choice — select one answer

Answer choices

  1. a. Whether users cleared browser cache, using shared credentials instead of individual accountability.
  2. b. DNS TTL for the marketing site, without security or identity team coordination per policy.
  3. c. If the app supports biometric unlock on mobile, without security or identity team coordination per policy.
  4. d. The service provider metadata and signing certificate trust store match the new IdP certificate

Architectural breakdown & explanation

SAML trust breaks when SP metadata is stale; certificate mismatch is the typical root cause after IdP rotation.

Correct answer(s): d. The service provider metadata and signing certificate trust store match the new IdP certificate

Exam domain: Authentication (20% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Identity & Access Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.