Key Phrase: "authenticate their users"

Explanation:
Correct Answer (D): Angela's organization is acting as an Identity Provider (IdP) because it is authenticating users and asserting that they are valid to other federation members.
Why others are wrong:

• A: Service provider provides services, but doesn't authenticate users.

• B: Relying party trusts the IdP’s authentication assertions but doesn't authenticate itself.

• C: Authentication provider is not a formal role in federated authentication.

Key Phrase: "preventing shared accounts"

Explanation:
Correct Answer (A): Password complexity requirements do not prevent users from sharing complex passwords. Users may still share passwords that meet the complexity requirements.
Why others are wrong:

• B: Biometric authentication requires physical presence and makes sharing more difficult.

• C & D: One-time passwords (OTP via tokens or applications) are harder to share and much more effective than just requiring complex passwords.

Key Phrase: "difference between on-premises and cloud-hosted identity services"

Explanation:
Correct Answer (B): In the cloud, the provider typically offers built-in account and identity management services, whereas on-premises services may require additional setup and maintenance.
Why others are wrong:

• A: While cloud services might set account policies, that’s not the major difference.

• C: Most cloud vendors support multifactor authentication, so this is not the distinguishing factor.

D: The difference is the level of management provided by the service, not "None of the above."

Key Phrase: "prevent users from resetting their password multiple times"

Explanation:
Correct Answer (D): Password age is the setting that ensures users cannot reset their password too frequently and reuse the old one.
Why others are wrong:

• A, B, C: Complexity, length, and expiration don’t affect the ability to reset and reuse passwords, they affect password creation and lifespan.

Key Phrase: "least secure multifactor authentication"

Explanation:
Correct Answer (B): SMS-based multifactor authentication is the least secure because it can be intercepted or hijacked through methods like SIM swapping.
Why others are wrong:

• A: HOTP is more secure as it generates a unique code every time.

• C: TOTP uses time-based codes which are also more secure than SMS.

• D: Biometrics are generally more secure than SMS and harder to spoof.

Key Phrase: "USB security key"

Explanation:
Correct Answer (A): A USB security key is a hard token, a physical device that generates or stores authentication credentials.
Why others are wrong:

• B: A biometric token would involve a physical trait like a fingerprint or facial scan, not a USB key.

• C: A soft token is a digital token typically stored in an app or software.

• D: An attestation token is used to verify the integrity of a device, not a user authentication method.

Key Phrase: "Windows picture password"

Explanation:
Correct Answer (B): A picture password is something the user knows — specific gestures (like taps or swipes) on a picture.
Why others are wrong:

• A: Somewhere you are refers to location-based authentication.

• C: Something you are refers to biometrics like fingerprints or face recognition.

• D: Someone you know is not a factor used in authentication.