Ping Identity PT-AM-CPE Exam - Topic 1 Question 2 Discussion

PingAM 8.0.2 provides a robust framework for Multi-Factor Authentication (MFA) centered around modern, secure protocols and the Intelligent Access (Authentication Trees) engine. When discussing supported 'protocols' in the context of MFA in PingAM documentation, the focus is on standardized methods for secondary verification.

The primary supported MFA pillars in PingAM 8.0.2 are:

Open Authentication (OATH): AM supports the OATH standards, specifically TOTP (Time-based One-Time Password) and HOTP (HMAC-based One-Time Password). This is implemented through the 'OATH' authentication nodes, allowing users to use apps like ForgeRock Authenticator, Google Authenticator, or YubiKeys in OATH mode.

Web Authentication (WebAuthn): This is the implementation of the FIDO2 standard. It allows for passwordless and secure second-factor authentication using biometrics (like TouchID/FaceID) or hardware security keys (like YubiKeys). It is the successor to older standards and is natively supported via WebAuthn nodes.

Push Authentication: This is a proprietary but highly secure protocol used specifically with the ForgeRock/Ping Authenticator app. It allows a 'Push' notification to be sent to a registered mobile device, which the user then approves or denies.

Why others are excluded from the selection: While PingAM supports Security Questions (KBA) and Universal 2nd Factor (U2F), they are often categorized differently in the 8.0.2 documentation. Security Questions are considered a 'User Self-Service' or 'Legacy' validation method rather than a modern MFA protocol. U2F is technically superseded by and included within the WebAuthn framework in PingAM 8.0.2. Thus, the most accurate grouping of distinct, core MFA protocols supported in the current version is A, C, and E, making Option C the correct answer.