nerdexam
CompTIA

XK0-004 · Question #302

Which of the following techniques would BEST allow a client computer to connect to a server that is not normally accessible because the server's application port is blocked by a firewall?

The correct answer is D. SSH port forwarding. SSH port forwarding creates an encrypted tunnel through port 22 that redirects TCP traffic to an otherwise firewall-blocked application port on a remote server.

Security

Question

Which of the following techniques would BEST allow a client computer to connect to a server that is not normally accessible because the server’s application port is blocked by a firewall?

Options

  • AX11 forwarding
  • BTCP wrappers
  • CRDP
  • DSSH port forwarding

How the community answered

(39 responses)
  • A
    10% (4)
  • B
    3% (1)
  • C
    5% (2)
  • D
    82% (32)

Why each option

SSH port forwarding creates an encrypted tunnel through port 22 that redirects TCP traffic to an otherwise firewall-blocked application port on a remote server.

AX11 forwarding

X11 forwarding is an SSH sub-feature that tunnels graphical X Window System display output to a local client; it does not provide general TCP port redirection and cannot forward traffic to arbitrary blocked application ports.

BTCP wrappers

TCP wrappers (hosts.allow / hosts.deny) are a server-side access control layer that restricts which source hosts may connect to services; they operate on the server and cannot help a client bypass a firewall that is blocking outbound or inbound ports.

CRDP

RDP requires its own dedicated port (3389) to be open through the firewall and provides only remote desktop access; it has no mechanism for tunneling traffic to a different blocked application port.

DSSH port forwardingCorrect

SSH port forwarding (local forwarding via `ssh -L localport:remotehost:blockedport user@server`) encapsulates arbitrary TCP traffic inside an SSH session on port 22, which firewalls typically allow. This lets the client reach a blocked application port on the server without requiring that port to be opened in the firewall, because the traffic is delivered by the SSH daemon on the server side after traversing the allowed SSH channel.

Concept tested: SSH port forwarding to bypass firewall restrictions

Source: https://man.openbsd.org/ssh

Topics

#SSH port forwarding#firewall bypass#TCP tunneling#network access

Community Discussion

No community discussion yet for this question.

Full XK0-004 Practice