Thanks for the help!
The winning combination was...
jboss-ejb-client.properties
remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false
remote.connections=default
remote.connection.default.host=localhost
remote.connection.default.port=4447
remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false
remote.connection.default.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS=JBOSS-LOCAL-USER
Client Application Code:
final Properties jndiProperties = new Properties();
jndiProperties.put(Context.INITIAL_CONTEXT_FACTORY, org.jboss.naming.remote.client.InitialContextFactory.class.getName());
jndiProperties.put(Context.PROVIDER_URL, "remote://localhost:4447");
jndiProperties.put("jboss.naming.client.ejb.context", true);
jndiProperties.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false");
jndiProperties.put(Context.SECURITY_PRINCIPAL, username);
jndiProperties.put(Context.SECURITY_CREDENTIALS, password);
Context context = new InitialContext(jndiProperties);
String lookUp = appName + "/" + moduleName + "/" + beanName + "!" + interfaceClassName;
TestEJB facade = (TestEJB)context.lookup(lookUp);
boolean connectionSuccessful = facade.canConnect();