CAS-003 Question #673: Real Exam Question with Answer & Explanation

Question

The Chief Information Security Officer (CISO) of an organization is concerned with the transmission of cleartext authentication information across the enterprise. A security assessment has been performed and has identified the use of ports 80. 389. and 3268. Which of the following solutions would BEST address the CISO's concerns?

Options

ADisable the ports that are determined to contain authentication information
BForce HTTPS. enable LDAPS. and disable cleartext global catalog communication.
CDeploy a VPN between networks that transmits authentication information via cleartext
DProxy HTTP traffic and migrate to a more secure directory service

Explanation

The three identified ports map to three cleartext authentication protocols: port 80 (HTTP), port 389 (LDAP), and port 3268 (Global Catalog LDAP). Option B directly addresses all three: forcing HTTPS replaces cleartext HTTP on port 80 with TLS-encrypted traffic on port 443; enabling LDAPS (port 636) replaces cleartext LDAP on port 389; and disabling cleartext Global Catalog on port 3268 (in favor of the encrypted variant on port 3269) eliminates the final cleartext authentication vector. Disabling the ports entirely (A) would break critical directory and web services. A VPN (C) adds a tunnel but does not eliminate the underlying cleartext protocols. Proxying HTTP (D) addresses only one of the three protocols and doesn't resolve LDAP cleartext exposure.

Community Discussion

No community discussion yet for this question.

Full CAS-003 Practice