312-50V13 · Question #488
A Certified Ethical Hacker (CEH) is given the task to perform an LDAP enumeration on a target system. The system is secured and accepts connections only on secure LDAP. The CEH uses Python for the enu
The correct answer is B. The secure LDAP connection was not properly initialized due to a lack of 'use_ssl = True' in the. Explanation When connecting to secure LDAP (LDAPS), the connection must be explicitly initialized with use_ssl=True in the ldap3 library; without this parameter, the connection defaults to standard (unencrypted) LDAP, meaning the secure server will reject or not respond as expect
Question
Options
- AThe Python version installed on the CEH's machine is incompatible with the Idap3 library
- BThe secure LDAP connection was not properly initialized due to a lack of 'use_ssl = True' in the
- CThe enumeration process was blocked by the target system's intrusion detection system
- DThe system failed to establish a connection due to an incorrect port number
How the community answered
(64 responses)- A6% (4)
- B77% (49)
- C14% (9)
- D3% (2)
Explanation
Explanation
When connecting to secure LDAP (LDAPS), the connection must be explicitly initialized with use_ssl=True in the ldap3 library; without this parameter, the connection defaults to standard (unencrypted) LDAP, meaning the secure server will reject or not respond as expected, causing the enumeration to fail silently. Option A is incorrect because Python version incompatibility would typically raise an installation or import error, preventing the script from running at all rather than producing missing responses. Option C is incorrect because an IDS block would more likely result in a connection timeout or refused connection error, not a successful connection with missing data. Option D is incorrect because an incorrect port would prevent the connection from being established entirely, which contradicts the scenario stating the connection was successfully established.
Memory Tip
Think of use_ssl=True as the "security handshake badge" - just like you can't enter a secure building without showing your badge, you can't successfully communicate with a secure LDAP server without explicitly declaring SSL in your connection parameters. If the badge is missing, you get in the door but no one talks to you!
Topics
Community Discussion
No community discussion yet for this question.