What does the SAML standard primarily provide?

A. Data Encryption
B. Identity Federation
C. File Integrity
D. Network Monitoring

Answer: B. Identity Federation
Explanation:

AML and Identity Federation

• Identity Federation: This is the practice of linking a user's identity across multiple separate security domains. SAML allows an Identity Provider (IdP) (like Okta or Azure AD) to tell a Service Provider (SP) (like Salesforce or Slack) that a user is authenticated and authorized.  

• Single Sign-On (SSO): SAML is the most common standard for web-based SSO. It uses XML-based assertions (digital "vouchers") to pass identity information between parties.  

•  The Trust Relationship: For SAML to work, a pre-established trust must exist.  The SP trusts the IdP's digital signature.  When the IdP signs an assertion saying "This is User X," the SP accepts it as truth.

Why the other options are incorrect

• A. Data Encryption: While SAML can encrypt parts of its assertions to protect privacy, its primary purpose is the exchange of authentication and authorization data, not the general encryption of business data.

• C. File Integrity: SAML is a protocol for identity and access management (IAM).  It does not monitor or verify the integrity of files stored on a disk (which would be the job of a tool like Tripwire). 

• D. Network Monitoring: SAML deals with the application layer (Layer 7) authentication flow. It does not monitor network traffic, bandwidth, or packet health.

The "CISSP Rule of Thumb": If the question mentions XML, Assertions, or SSO across different organizations, the answer is almost certainly SAML.