nerdexam
EC-Council

312-50V10 · Question #606

An NMAP scan of a server shows port 25 is open. What risk could this pose?

The correct answer is D. Active mail relay. Port 25 is the SMTP port used for email transmission. An open port 25 can indicate the server is operating as a mail relay, which attackers may exploit to send spam or phishing emails anonymously.

Scanning Networks

Question

An NMAP scan of a server shows port 25 is open. What risk could this pose?

Options

  • AOpen printer sharing
  • BWeb portal data leak
  • CClear text authentication
  • DActive mail relay

How the community answered

(25 responses)
  • A
    4% (1)
  • B
    4% (1)
  • D
    92% (23)

Why each option

Port 25 is the SMTP port used for email transmission. An open port 25 can indicate the server is operating as a mail relay, which attackers may exploit to send spam or phishing emails anonymously.

AOpen printer sharing

Printer sharing typically uses ports 9100, 515, or 631 (IPP), not port 25.

BWeb portal data leak

Web portal data leaks are associated with HTTP/HTTPS ports 80 and 443, not port 25.

CClear text authentication

Clear text authentication is a concern with protocols like FTP (port 21) or Telnet (port 23); while SMTP can transmit credentials in clear text, the primary and most recognized risk of an open port 25 is mail relay abuse, not authentication exposure.

DActive mail relayCorrect

Port 25 is the well-known port for SMTP (Simple Mail Transfer Protocol), which handles email routing and delivery. An improperly configured SMTP server with port 25 open may function as an open mail relay, allowing unauthorized third parties to route email through it. This is a significant risk as it enables spam campaigns, phishing, and can result in the server's IP being blacklisted.

Concept tested: SMTP port 25 open relay security risk

Source: https://learn.microsoft.com/en-us/exchange/mail-flow-best-practices/how-to-set-up-a-multifunction-device-or-application-to-send-email-using-microsoft-365-or-office-365

Topics

#port 25#SMTP#open mail relay#port scanning

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice