LX0-104 · Question #196
It's important to issue the Start TLS operation at the beginning of a session:
The correct answer is B. To prevent usernames and passwords from being sent in plain text.. The Start TLS operation is used at the beginning of an LDAP session to encrypt subsequent communication, primarily to protect sensitive data like authentication credentials.
Question
Options
- ATo compress any data sent over the network and improve performance.
- BTo prevent usernames and passwords from being sent in plain text.
- CTo ensure backward compatibility with older clients.
- DTo prevent clients from binding to the server anonymously.
How the community answered
(26 responses)- B88% (23)
- C8% (2)
- D4% (1)
Why each option
The Start TLS operation is used at the beginning of an LDAP session to encrypt subsequent communication, primarily to protect sensitive data like authentication credentials.
While TLS can sometimes involve compression, its primary purpose is security (encryption and integrity), not performance optimization through data compression.
The Start TLS (Transport Layer Security) extended operation upgrades an existing plain text LDAP connection to an encrypted one, using SSL/TLS. This encryption prevents eavesdropping, ensuring that sensitive information, especially usernames and passwords transmitted during the bind operation, is not sent in plain text and remains confidential.
Start TLS is a modern extension to LDAPv3; it is not for backward compatibility but for enhancing security. Older clients might not support it.
Start TLS encrypts the connection, but it does not inherently prevent anonymous binds; anonymous binds are controlled by server-side access control policies.
Concept tested: LDAP Start TLS purpose
Source: https://learn.microsoft.com/en-us/windows/win32/ad/ldap-and-sslorientation
Topics
Community Discussion
No community discussion yet for this question.