CompTIA Security+ (SY0-501) — Question 817

A company recently contracted a penetration testing firm to conduct an assessment. During the assessment, the penetration testers were able to capture unencrypted communication between directory servers. The penetration testers recommended encrypting this communication to fix the vulnerability. Which of the following protocols should the company implement to close this finding?

Answer options

• A. DNSSEC
• B. SFTP
• C. Kerberos
• D. LDAPS

Correct answer: D

Explanation

LDAPS is designed to secure LDAP communication by encrypting the data transmitted between directory servers, thus addressing the identified vulnerability. DNSSEC, SFTP, and Kerberos do not specifically focus on securing LDAP communication, making them unsuitable for this particular issue.