GIAC
GSLC · Question #65
GSLC Question #65: Real Exam Question with Answer & Explanation
The correct answer is D. Block the TCP ports 20 and 21 on the firewall.. FTP uses TCP ports 20 (data transfer) and 21 (control/command). Blocking both on the firewall prevents outside users from establishing FTP sessions to internal servers.
Question
You work as a Network Administrator for NetPerfect Inc. You have implemented a firewall on the company's network. You want to ensure that outside users cannot access the internal FTP servers on the network. What will you do to accomplish the task?
Options
- ABlock the TCP port 443 on the firewall.
- BBlock the UDP port 1701 and TCP port 1723 on the firewall.
- CBlock the TCP port 80 on the firewall.
- DBlock the TCP ports 20 and 21 on the firewall.
Explanation
FTP uses TCP ports 20 (data transfer) and 21 (control/command). Blocking both on the firewall prevents outside users from establishing FTP sessions to internal servers.
Common mistakes.
- A. TCP port 443 is used for HTTPS (SSL/TLS-encrypted web traffic), not FTP, so blocking it would only affect secure web browsing.
- B. UDP port 1701 and TCP port 1723 are used by L2TP and PPTP VPN protocols respectively, not FTP.
- C. TCP port 80 is used for HTTP (standard web traffic), not FTP, so blocking it would only affect unencrypted web browsing.
Concept tested. Firewall port blocking for FTP protocol
Reference. https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml
Community Discussion
No community discussion yet for this question.