SY0-301 · Question #78
A security administrator has configured FTP in passive mode. Which of the following ports should the security administrator allow on the firewall by default?
The correct answer is B. 21. In both active and passive FTP, port 21 is the control port used to establish the session and send commands. In active mode, port 20 is used for data transfer. In passive FTP, the server opens a random high-numbered port for data, and the client initiates that data connection - s
Question
A security administrator has configured FTP in passive mode. Which of the following ports should the security administrator allow on the firewall by default?
Options
- A20
- B21
- C22
- D23
How the community answered
(36 responses)- B94% (34)
- C3% (1)
- D3% (1)
Explanation
In both active and passive FTP, port 21 is the control port used to establish the session and send commands. In active mode, port 20 is used for data transfer. In passive FTP, the server opens a random high-numbered port for data, and the client initiates that data connection - so port 20 is NOT required. Therefore, the firewall only needs to allow port 21 for passive FTP. Port 22 (C) is SSH/SFTP and port 23 (D) is Telnet, both unrelated to FTP.
Topics
Community Discussion
No community discussion yet for this question.