312-50V10 · Question #913
which of the following protocols can be used to secure an LDAP service against anonymous queries?
The correct answer is A. SSO. SSO frameworks like Kerberos integrate with LDAP via SASL binds to enforce authenticated access, preventing anonymous directory queries by requiring a valid identity before processing any request.
Question
which of the following protocols can be used to secure an LDAP service against anonymous queries?
Options
- ASSO
- BRADIUS
- CWPA
- DNTLM
How the community answered
(53 responses)- A87% (46)
- B4% (2)
- C8% (4)
- D2% (1)
Why each option
SSO frameworks like Kerberos integrate with LDAP via SASL binds to enforce authenticated access, preventing anonymous directory queries by requiring a valid identity before processing any request.
SSO implementations such as Kerberos authenticate users through a trusted identity provider and pass those credentials to LDAP using SASL (Simple Authentication and Security Layer) binds, which replace the anonymous bind mechanism. When LDAP is configured to require SASL authentication, clients without a validated SSO identity are rejected before any directory data is returned. This pattern is a standard hardening measure in both Active Directory and OpenLDAP deployments to eliminate anonymous query exposure.
RADIUS is an AAA protocol designed for network access control such as VPN and wireless authentication, and it has no mechanism to enforce authenticated LDAP directory binds.
WPA is a wireless encryption and authentication protocol that secures Wi-Fi traffic at the link layer and has no relevance to LDAP query authentication.
NTLM is a Windows challenge-response authentication protocol that is not a standard SASL mechanism for LDAP and is not used to disable anonymous LDAP binds in modern directory configurations.
Concept tested: Securing LDAP against anonymous queries using SSO authentication
Source: https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/anonymous-ldap-operations-active-directory-disabled
Topics
Community Discussion
No community discussion yet for this question.