SSCP Question #877: Real Exam Question with Answer & Explanation

The correct answer is B: Due to the inherent security risks. TFTP (Trivial File Transfer Protocol) lacks fundamental security controls: it has no authentication (no username/password), no access control lists, and no encryption. Any user who can reach the TFTP server can read or write files. This makes it a significant security liability,

Submitted by viktor_hu· Apr 18, 2026Network and Communications Security

Question

What is the primary reason why some sites choose not to implement Trivial File Transfer Protocol (TFTP)?

Options

AIt is too complex to manage user access restrictions under TFTP
BDue to the inherent security risks
CIt does not offer high level encryption like FTP
DIt cannot support the Lightwight Directory Access Protocol (LDAP)

Explanation

TFTP (Trivial File Transfer Protocol) lacks fundamental security controls: it has no authentication (no username/password), no access control lists, and no encryption. Any user who can reach the TFTP server can read or write files. This makes it a significant security liability, which is why many organizations avoid deploying it on public or sensitive networks. The other choices are incorrect: TFTP is actually simpler to manage than FTP (not more complex), it offers no encryption at all (not 'high level'), and its lack of LDAP support is not a primary concern.

Topics

#TFTP#Network Protocol Security#Security Risks#Vulnerabilities

Community Discussion

No community discussion yet for this question.

Full SSCP Practice Browse All SSCP Questions