nerdexam
CompTIA

LX0-104 · Question #196

It's important to issue the Start TLS operation at the beginning of a session:

The correct answer is B. To prevent usernames and passwords from being sent in plain text.. The Start TLS operation is used at the beginning of an LDAP session to encrypt subsequent communication, primarily to protect sensitive data like authentication credentials.

Security

Question

It's important to issue the Start TLS operation at the beginning of a session:

Options

  • ATo compress any data sent over the network and improve performance.
  • BTo prevent usernames and passwords from being sent in plain text.
  • CTo ensure backward compatibility with older clients.
  • DTo prevent clients from binding to the server anonymously.

How the community answered

(26 responses)
  • B
    88% (23)
  • C
    8% (2)
  • D
    4% (1)

Why each option

The Start TLS operation is used at the beginning of an LDAP session to encrypt subsequent communication, primarily to protect sensitive data like authentication credentials.

ATo compress any data sent over the network and improve performance.

While TLS can sometimes involve compression, its primary purpose is security (encryption and integrity), not performance optimization through data compression.

BTo prevent usernames and passwords from being sent in plain text.Correct

The Start TLS (Transport Layer Security) extended operation upgrades an existing plain text LDAP connection to an encrypted one, using SSL/TLS. This encryption prevents eavesdropping, ensuring that sensitive information, especially usernames and passwords transmitted during the bind operation, is not sent in plain text and remains confidential.

CTo ensure backward compatibility with older clients.

Start TLS is a modern extension to LDAPv3; it is not for backward compatibility but for enhancing security. Older clients might not support it.

DTo prevent clients from binding to the server anonymously.

Start TLS encrypts the connection, but it does not inherently prevent anonymous binds; anonymous binds are controlled by server-side access control policies.

Concept tested: LDAP Start TLS purpose

Source: https://learn.microsoft.com/en-us/windows/win32/ad/ldap-and-sslorientation

Topics

#TLS#StartTLS#Plaintext credentials#Network security#Encryption

Community Discussion

No community discussion yet for this question.

Full LX0-104 Practice