Certified Ethical Hacker (CEH v13) — Question 285

A penetration tester is tasked with enumerating user accounts and network resources in a highly secured Windows environment where standard methods like SMB null sessions are blocked. The network employs strict firewall rules and intrusion detection systems to prevent unauthorized access.

Which technique should the tester use to discreetly gather the required information without triggering security alarms?

Answer options

• A. Exploit a misconfigured LDAP service to perform anonymous searches
• B. Conduct a zone transfer by querying the organization’s DNS servers
• C. Utilize NetBIOS over TCP/IP to list shared resources anonymously
• D. Leverage Active Directory Web Services for unauthorized queries

Correct answer: A

Explanation

The correct answer is A because exploiting a misconfigured LDAP service can allow the tester to perform anonymous searches without raising alarms. Options B and D may be detectable by security systems, while C is not suitable as NetBIOS over TCP/IP would likely be blocked in a highly secured environment.