nerdexam
EC-Council

312-50V10 · Question #913

which of the following protocols can be used to secure an LDAP service against anonymous queries?

The correct answer is A. SSO. SSO frameworks like Kerberos integrate with LDAP via SASL binds to enforce authenticated access, preventing anonymous directory queries by requiring a valid identity before processing any request.

Enumeration

Question

which of the following protocols can be used to secure an LDAP service against anonymous queries?

Options

  • ASSO
  • BRADIUS
  • CWPA
  • DNTLM

How the community answered

(53 responses)
  • A
    87% (46)
  • B
    4% (2)
  • C
    8% (4)
  • D
    2% (1)

Why each option

SSO frameworks like Kerberos integrate with LDAP via SASL binds to enforce authenticated access, preventing anonymous directory queries by requiring a valid identity before processing any request.

ASSOCorrect

SSO implementations such as Kerberos authenticate users through a trusted identity provider and pass those credentials to LDAP using SASL (Simple Authentication and Security Layer) binds, which replace the anonymous bind mechanism. When LDAP is configured to require SASL authentication, clients without a validated SSO identity are rejected before any directory data is returned. This pattern is a standard hardening measure in both Active Directory and OpenLDAP deployments to eliminate anonymous query exposure.

BRADIUS

RADIUS is an AAA protocol designed for network access control such as VPN and wireless authentication, and it has no mechanism to enforce authenticated LDAP directory binds.

CWPA

WPA is a wireless encryption and authentication protocol that secures Wi-Fi traffic at the link layer and has no relevance to LDAP query authentication.

DNTLM

NTLM is a Windows challenge-response authentication protocol that is not a standard SASL mechanism for LDAP and is not used to disable anonymous LDAP binds in modern directory configurations.

Concept tested: Securing LDAP against anonymous queries using SSO authentication

Source: https://learn.microsoft.com/en-us/troubleshoot/windows-server/active-directory/anonymous-ldap-operations-active-directory-disabled

Topics

#LDAP#anonymous queries#SSO#directory service security

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice