What is a valid combination of primary and secondary layers of authentication to a company's two-factor authentication policy?
What is a valid combination of primary and secondary layers of authentication to a company's two-factor authentication policy?
A valid combination of primary and secondary layers of authentication for a company's two-factor authentication policy includes LDAP Authentication and RADIUS Authentication. LDAP Authentication can function as a primary authentication method, giving access based on directory services, while RADIUS Authentication serves as a secondary authentication method, providing an additional secure layer. This combination is supported and widely used in many enterprise security frameworks.
I would say the answer is A. however it appears native support for RSA SecureID (Token) authentication is no longer supported from versions more recent than 12.1. https://docs.cyberark.com/PAS/12.1/en/Content/PAS%20INST/Authenticating-to-the-Privileged-Account-Security-Solution.htm
A https://docs.cyberark.com/pam-self-hosted/12.1/en/Content/PAS%20INST/Authenticating-to-the-Privileged-Account-Security-Solution.htm#Secondaryauthentication According to this chart... A is the only possible combination
Possible combination > Primary : NT/Windows authentication PKI authentication (Personal Certificate) SAML authentication Oracle SSO (in PVWA) Amazon Cognito authentication > Secondary LDAP authentication RADIUS authentication CyberArk authentication So as mentioned by Cavdog, there's actually no accurate answer from given choice for recent versions.. so A might be the best answer.. https://docs.cyberark.com/PAS/Latest/en/Content/PAS%20INST/Authenticating-to-the-Privileged-Account-Security-Solution.htm
In CyberArk training material, exist a table with possible combinations for multi-factor: IIS(PVWA): PKI Windows RSA Vault: LDAP RADIUS CyberArk(Password)
https://docs.cyberark.com/PAS/Latest/en/Content/PAS%20INST/Authenticating-to-the-Privileged-Account-Security-Solution.htm#:~:text=CyberArk%20support%20representative.-,Secondary%20authentication,-Secondary%20authentication%20strengthens