nerdexam
CompTIA

SY0-301 · Question #78

A security administrator has configured FTP in passive mode. Which of the following ports should the security administrator allow on the firewall by default?

The correct answer is B. 21. In both active and passive FTP, port 21 is the control port used to establish the session and send commands. In active mode, port 20 is used for data transfer. In passive FTP, the server opens a random high-numbered port for data, and the client initiates that data connection - s

Security architecture

Question

A security administrator has configured FTP in passive mode. Which of the following ports should the security administrator allow on the firewall by default?

Options

  • A20
  • B21
  • C22
  • D23

How the community answered

(36 responses)
  • B
    94% (34)
  • C
    3% (1)
  • D
    3% (1)

Explanation

In both active and passive FTP, port 21 is the control port used to establish the session and send commands. In active mode, port 20 is used for data transfer. In passive FTP, the server opens a random high-numbered port for data, and the client initiates that data connection - so port 20 is NOT required. Therefore, the firewall only needs to allow port 21 for passive FTP. Port 22 (C) is SSH/SFTP and port 23 (D) is Telnet, both unrelated to FTP.

Topics

#FTP passive mode#port 21#firewall configuration#network protocols

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice