Fountain and plaques at a Buddhist temple.

Answer #2 — CompTIA Security+ Guidance

Answer #2

Answer to example question #2:

Question: Your CEO has met with the CEO of another company, and they have agreed to work together to develop a new service. Authentication and identity management will be connected across the two organizations. Given the sensitivity of the development project, User authentication and authorization will use a centralized server running the best available trusted third-party service. Users will receive identity and service tokens from a unified authentication and authorization service, which requires that system clocks be synchronized across the organizations. Applications will be limited to those written with the API of that service. What must you enable?

A: BPA
B: Federation
C: Kerberos
D: KDC
E: NTP
F: Kerberization

As in the previous example, each sentence in the question refers to one of the answer choices, and I have made it easy by putting the answer choices in the same order.

"Your CEO has met...and they have agreed..." = BPA

"Authentication and identity management will be connected..." = Federation

"...the best available trusted third-party service..." = Kerberos

"...a unified authentication and authorization service..." = KDC, the combination of the Authentication Service and the Ticket-Granting Service, plus the shared database

"...system clocks be synchronized..." = NTP

"...written with the API of that service" = Kerberization (you actually see and say "Kerberized clients and servers", but CompTIA will pick strange wording whenever possible)

Again, work backward through the English. The actual question is "What do you need?" All the choices are relevant and true, corresponding to pieces of the story. But only one answers the question.

One of the sentences says "requires." The others state that the item provides some feature, or narrate the project.

One distractor is about the set of agreement documents, one is about an identity management management concept, and three have to do with Kerberos.

NTP is usually turned on anyway, especially on important systems where logging is critical. Stating a requirement for NTP should be a formality, it's already on, so the correct answer here is less obvious if you work with the technology.