🔥 3-day streak
CompTIA SecurityX (CAS-005)47 / 120
Question 47 of 120

A financial services company federates its on-premises Active Directory to a cloud SaaS suite using SAML through an on-premises identity provider (IdP). The security architect learns that a compromised token-signing certificate could allow an attacker to forge assertions for any user, including administrators, without triggering authentication logs at the IdP. Which design change most directly reduces the impact of a forged-assertion (golden SAML) attack against the SaaS environment?

Reviewed for accuracy · Report an issueNext question