CompTIA
SY0-301 · Question #229
SY0-301 Question #229: Real Exam Question with Answer & Explanation
The correct answer is B: Blocked: FTP, TFTP, HTTP, NetBIOS; Allowed: SFTP, SSH, SCP, HTTPS. Port 21 maps to FTP, port 69 to TFTP, port 80 to HTTP, and ports 137-139 to NetBIOS - all blocked. Port 22 corresponds to SSH (which also carries SFTP and SCP) and port 443 to HTTPS - both allowed.
Question
A firewall technician has been instructed to disable all non-secure ports on a corporate firewall. The technician has blocked traffic on port 21, 69, 80, and 137-139. The technician has allowed traffic on ports 22 and 443. Which of the following correctly lists the protocols blocked and allowed?
Options
- ABlocked: TFTP, HTTP, NetBIOS; Allowed: HTTPS, FTP
- BBlocked: FTP, TFTP, HTTP, NetBIOS; Allowed: SFTP, SSH, SCP, HTTPS
- CBlocked: SFTP, TFTP, HTTP, NetBIOS; Allowed: SSH, SCP, HTTPS
- DBlocked: FTP, HTTP, HTTPS; Allowed: SFTP, SSH, SCP, NetBIOS
Explanation
Port 21 maps to FTP, port 69 to TFTP, port 80 to HTTP, and ports 137-139 to NetBIOS - all blocked. Port 22 corresponds to SSH (which also carries SFTP and SCP) and port 443 to HTTPS - both allowed.
Common mistakes.
- A. This choice omits FTP (port 21) from the blocked list and incorrectly lists HTTPS as an allowed protocol while missing SSH, SFTP, and SCP that also travel over the allowed port 22.
- C. This choice incorrectly lists SFTP as blocked rather than allowed, since SFTP operates over SSH on port 22 which was explicitly left open by the technician.
- D. This choice incorrectly places HTTPS in the blocked category and NetBIOS in the allowed category, which is the opposite of what the port assignments indicate.
Concept tested. Port numbers for FTP, TFTP, HTTP, NetBIOS, SSH, and HTTPS
Reference. https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml
Community Discussion
No community discussion yet for this question.