CAS-004: CompTIA CASP+ Exam Practice Questions

Best Actions to Resolve LDAP Injection Vulnerability

Prev Question Next Question

Question

A company created an external application for its customers.

A security researcher now reports that the application has a serious LDAP injection vulnerability that could be leveraged to bypass authentication and authorization.

Which of the following actions would BEST resolve the issue? (Choose two.)

Answers

A. Conduct input sanitization.

B. Deploy a SIEM.

C. Use containers.

D. Patch the OS

E. Deploy a WA.

F. Deploy a reverse proxy

G. Deploy an IDS.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D. E. F. G.

BD.

The correct answers are A. Conduct input sanitization and D. Patch the OS.

LDAP (Lightweight Directory Access Protocol) injection vulnerability is a common web application vulnerability that occurs when an attacker is able to inject malicious input into an LDAP query. If successful, the attacker could perform unauthorized actions on the system or gain access to sensitive data.

To resolve this issue, the first step is to conduct input sanitization. This involves validating all user input and rejecting any input that does not conform to expected formats or contains potentially harmful characters. By doing so, the application will be protected from the injection of malicious LDAP statements.

The second step is to patch the OS. Patching the OS can address any vulnerabilities in the system that are being exploited by the attacker. A patch is a piece of software designed to fix a vulnerability or bug in an operating system or application. Regular patching is essential for maintaining the security of any system.

Deploying a Security Information and Event Management (SIEM) solution can be helpful, but it is not the BEST solution for this issue. SIEMs are designed to collect, analyze, and correlate security events from various sources to identify potential security incidents. They do not specifically address the issue of LDAP injection.

Using containers can provide a level of isolation for the application, but it does not address the issue of LDAP injection. Similarly, deploying a web application firewall (WA) or a reverse proxy can be helpful for protecting the application from various types of attacks, but it is not the BEST solution for addressing LDAP injection specifically.

Deploying an intrusion detection system (IDS) can be helpful in identifying potential attacks, but it does not specifically address the issue of LDAP injection.

In summary, the BEST solution for resolving the LDAP injection vulnerability in this scenario is to conduct input sanitization and patch the OS.

Prev Question Next Question