nerdexam
CompTIA

SY0-301 · Question #631

Which of the following application attacks is used against a corporate directory service where there are unknown servers on the network?

The correct answer is D. LDAP injection. LDAP injection targets directory services by inserting malicious LDAP statements to manipulate queries, making it the relevant attack when unknown servers are discovered on a network running a corporate directory.

Threats, vulnerabilities, and mitigations

Question

Which of the following application attacks is used against a corporate directory service where there are unknown servers on the network?

Options

  • ARogue access point
  • BZero day attack
  • CPacket sniffing
  • DLDAP injection

How the community answered

(19 responses)
  • C
    5% (1)
  • D
    95% (18)

Why each option

LDAP injection targets directory services by inserting malicious LDAP statements to manipulate queries, making it the relevant attack when unknown servers are discovered on a network running a corporate directory.

ARogue access point

A rogue access point is a wireless attack placing an unauthorized AP on the network, not an attack against a directory service.

BZero day attack

A zero-day attack exploits an unknown software vulnerability, not a technique for querying or manipulating a directory service.

CPacket sniffing

Packet sniffing is a passive eavesdropping technique used to capture network traffic, not an attack against a directory service application.

DLDAP injectionCorrect

LDAP injection exploits vulnerable directory service queries by inserting unsanitized input into LDAP statements, allowing an attacker to enumerate or manipulate directory objects such as users, groups, and unknown servers. Because corporate directory services like Active Directory use LDAP, this attack directly targets the service described. The presence of unknown servers suggests the attacker used injected queries to discover hidden directory objects.

Concept tested: LDAP injection attack against directory services

Source: https://owasp.org/www-community/attacks/LDAP_Injection

Topics

#LDAP injection#injection attacks#directory services#application attacks

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice