312-50V10 · Question #894
After an audit, the auditors Inform you that there is a critical finding that you must tackle Immediately. You read the audit report, and the problem is the service running on port 369. Which service
The correct answer is A. The service is LDAP. and you must change it to 636. which is LDPAPS.. Port 389 (likely mistyped as 369 in the question) is used by unencrypted LDAP, and the immediate remediation is to migrate to LDAPS on port 636 to encrypt directory traffic with SSL/TLS.
Question
After an audit, the auditors Inform you that there is a critical finding that you must tackle Immediately. You read the audit report, and the problem is the service running on port 369. Which service Is this and how can you tackle the problem?
Options
- AThe service is LDAP. and you must change it to 636. which is LDPAPS.
- BThe service is NTP. and you have to change It from UDP to TCP in order to encrypt it
- CThe findings do not require immediate actions and are only suggestions.
- DThe service is SMTP, and you must change it to SMIME. which is an encrypted way to send
How the community answered
(59 responses)- A93% (55)
- B2% (1)
- C3% (2)
- D2% (1)
Why each option
Port 389 (likely mistyped as 369 in the question) is used by unencrypted LDAP, and the immediate remediation is to migrate to LDAPS on port 636 to encrypt directory traffic with SSL/TLS.
LDAP (Lightweight Directory Access Protocol) operates on port 389 in cleartext - the '369' in the question is a typographical error for '389' - exposing authentication credentials and directory data to interception, which constitutes a critical security vulnerability. Migrating to LDAPS on port 636 wraps all LDAP communications in an SSL/TLS encrypted channel, immediately protecting credentials and sensitive directory information in transit and resolving the critical audit finding.
NTP (Network Time Protocol) uses port 123 over UDP, not port 369 or 389, so the service identification is incorrect for this port number.
The audit explicitly classifies this as a critical finding requiring immediate action, so treating it as a non-urgent suggestion directly contradicts the stated severity and would leave the environment exposed.
SMTP uses port 25 for mail relay, not port 369 or 389, and S/MIME is an email message encryption standard that is unrelated to LDAP or securing directory service communications.
Concept tested: LDAP port 389 to LDAPS port 636 encrypted migration
Source: https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/enable-ldap-over-ssl-3rd-certification-authority
Topics
Community Discussion
No community discussion yet for this question.