312-50V13 · Question #133
While examining audit logs, you discover that people are able to telnet into the SMTP server on port 25. You would like to block this, though you do not see any evidence of an attack or other wrong do
The correct answer is E. None of the above.. The objective is to block Telnet access to an SMTP server on port 25 while ensuring the legitimate email functionality of the SMTP server remains unaffected.
Question
Options
- ABlock port 25 at the firewall.
- BShut off the SMTP service on the server.
- CForce all connections to use a username and password.
- DSwitch from Windows Exchange to UNIX Sendmail.
- ENone of the above.
How the community answered
(58 responses)- A21% (12)
- B2% (1)
- C3% (2)
- D7% (4)
- E67% (39)
Why each option
The objective is to block Telnet access to an SMTP server on port 25 while ensuring the legitimate email functionality of the SMTP server remains unaffected.
Blocking port 25 at the firewall would prevent all incoming SMTP traffic, including legitimate email delivery to the server, thus disrupting normal email functionality.
Shutting off the SMTP service would completely disable the email server, preventing all normal email operations and deliveries.
Forcing username and password authentication might not be feasible for standard SMTP inbound connections (e.g., from other mail servers) and does not prevent a Telnet client from *connecting* to port 25, only from performing unauthorized actions.
Switching email server software is a major system change that does not directly address the specific issue of selectively blocking Telnet access while preserving email functionality on the existing server.
Blocking port 25 at the firewall (A) would prevent all legitimate SMTP traffic, not just Telnet. Shutting off the SMTP service (B) would disable all email functionality. Forcing username/password (C) might not be applicable for all inbound SMTP connections and wouldn't stop a Telnet client from connecting. Switching server software (D) is a drastic solution that doesn't solve the specific problem. Since Telnet is merely a client interacting with the SMTP service on port 25, blocking 'Telnet to port 25' without affecting other SMTP clients connecting to the same port is not directly achievable through these simple options, hence 'None of the above' is the best answer.
Concept tested: Network port blocking, SMTP protocol, firewall rules
Source: docs.microsoft.com/en-us/exchange/architecture/mail-flow/ports-and-protocols?view=exchserver-2019
Topics
Community Discussion
No community discussion yet for this question.