nerdexam
EC-Council

312-50V10 · Question #894

After an audit, the auditors Inform you that there is a critical finding that you must tackle Immediately. You read the audit report, and the problem is the service running on port 369. Which service

The correct answer is A. The service is LDAP. and you must change it to 636. which is LDPAPS.. Port 389 (likely mistyped as 369 in the question) is used by unencrypted LDAP, and the immediate remediation is to migrate to LDAPS on port 636 to encrypt directory traffic with SSL/TLS.

Enumeration

Question

After an audit, the auditors Inform you that there is a critical finding that you must tackle Immediately. You read the audit report, and the problem is the service running on port 369. Which service Is this and how can you tackle the problem?

Options

  • AThe service is LDAP. and you must change it to 636. which is LDPAPS.
  • BThe service is NTP. and you have to change It from UDP to TCP in order to encrypt it
  • CThe findings do not require immediate actions and are only suggestions.
  • DThe service is SMTP, and you must change it to SMIME. which is an encrypted way to send

How the community answered

(59 responses)
  • A
    93% (55)
  • B
    2% (1)
  • C
    3% (2)
  • D
    2% (1)

Why each option

Port 389 (likely mistyped as 369 in the question) is used by unencrypted LDAP, and the immediate remediation is to migrate to LDAPS on port 636 to encrypt directory traffic with SSL/TLS.

AThe service is LDAP. and you must change it to 636. which is LDPAPS.Correct

LDAP (Lightweight Directory Access Protocol) operates on port 389 in cleartext - the '369' in the question is a typographical error for '389' - exposing authentication credentials and directory data to interception, which constitutes a critical security vulnerability. Migrating to LDAPS on port 636 wraps all LDAP communications in an SSL/TLS encrypted channel, immediately protecting credentials and sensitive directory information in transit and resolving the critical audit finding.

BThe service is NTP. and you have to change It from UDP to TCP in order to encrypt it

NTP (Network Time Protocol) uses port 123 over UDP, not port 369 or 389, so the service identification is incorrect for this port number.

CThe findings do not require immediate actions and are only suggestions.

The audit explicitly classifies this as a critical finding requiring immediate action, so treating it as a non-urgent suggestion directly contradicts the stated severity and would leave the environment exposed.

DThe service is SMTP, and you must change it to SMIME. which is an encrypted way to send

SMTP uses port 25 for mail relay, not port 369 or 389, and S/MIME is an email message encryption standard that is unrelated to LDAP or securing directory service communications.

Concept tested: LDAP port 389 to LDAPS port 636 encrypted migration

Source: https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/enable-ldap-over-ssl-3rd-certification-authority

Topics

#LDAP#LDAPS#port 389#directory service security

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice