CAS-001 Question #445: Real Exam Question with Answer & Explanation

The correct answer is B: SAML. Active Directory Federated Services (ADFS) is Microsoft's identity federation solution built on top of Active Directory. Its federation protocol for SSO to external services is SAML 2.0 (Security Assertion Markup Language), which issues signed security tokens asserting a user's i

Question

An organization would like to allow employees to use their network username and password to access a third-party service. The company is using Active Directory Federated Services for their directory service. Which of the following should the company ensure is supported by the third-party? (Select TWO).

Options

ALDAP/S
BSAML
CNTLM
DOAUTH
EKerberos

Explanation

Active Directory Federated Services (ADFS) is Microsoft's identity federation solution built on top of Active Directory. Its federation protocol for SSO to external services is SAML 2.0 (Security Assertion Markup Language), which issues signed security tokens asserting a user's identity to third-party relying parties - so the third party must support SAML (B). Internally, ADFS authenticates users against Active Directory using Kerberos (E), which is the native authentication protocol of AD environments; Kerberos tickets are what validate the user's identity before ADFS issues the SAML assertion. LDAP/S (A) is a directory query protocol, not an SSO/federation mechanism for third parties. NTLM (C) is a legacy Windows authentication protocol not used for external federation. OAuth (D) is an authorization delegation framework; while newer ADFS versions support OAuth/OIDC, classic ADFS federation with third parties is centered on SAML and Kerberos.

Community Discussion

No community discussion yet for this question.

Full CAS-001 Practice