ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your company hosts Windows Server 2019 Active Directory on-premises and must provide employees with single sign-on to several external SaaS applications that accept SAML 2.0 tokens. Corporate policy forbids synchronizing passwords to any third-party service; authentication must remain on-premises. What is the most appropriate solution to meet these constraints?
Deploy Active Directory Federation Services (ADFS) with an internet-facing Web Application Proxy and configure SAML federation trusts to the SaaS providers.
Use LDAP over TLS so the SaaS providers can authenticate users directly against the on-premises domain controllers.
Implement Azure AD Connect with password hash synchronization and use Azure AD as the identity provider for the SaaS applications.
Configure a RADIUS server and enforce two-factor authentication with token cards for SaaS access.
Active Directory Federation Services (ADFS) can act as an on-premises Security Token Service, issuing SAML 2.0 claims after authenticating users directly against the domain controllers. Publishing ADFS through a Web Application Proxy exposes the federation endpoints securely to the Internet, allowing external SaaS providers (relying parties) to trust the tokens without requiring user passwords to be copied or synchronized outside the organization. Azure AD Connect with password-hash sync violates the policy because hashes are uploaded to Azure AD. Direct LDAP binds from SaaS vendors would require exposing domain controllers and does not deliver standards-based SSO. A RADIUS solution could add strong authentication but does not provide SAML assertions required by the SaaS applications and still would not satisfy true federation. Therefore, deploying ADFS with a Web Application Proxy best satisfies both SSO and on-premises authentication requirements.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Active Directory Federation Services (ADFS)?
Open an interactive chat with Bash
What is a Web Application Proxy, and how does it interact with ADFS?
Open an interactive chat with Bash
Why is SAML 2.0 important for Single Sign-On (SSO)?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Access Controls
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .