CompTIA Security+ Question H-5

A security administrator has configured FTP in passive mode. Which of the following ports should the security administrator allow on the firewall by default?

A. 20
B. 21
C. 22
D. 23

Answer: B

Explanation:
When establishing an FTP session, clients start a connection to an FTP server that listens on TCP port 21 by default.

CompTIA Security+ Question C-62

The security administrator needs to manage traffic on a layer 3 device to support FTP from a new remote site. Which of the following would need to be implemented?

A. Implicit deny
B. VLAN management
C. Port security
D. Access control lists

Answer: D

Explanation:
In the OSI model, IP addressing and IP routing are performed at layer 3 (the network layer). In this question we need to configure routing. When configuring routing, you specify which IP range (in this case, the IP subnet of the remote site) is allowed to route traffic through the router to the FTP server.

Traffic that comes into the router is compared to ACL entries based on the order that the entries occur in the router. New statements are added to the end of the list. The router continues to look until it has a match. If no matches are found when the router reaches the end of the list, the traffic is denied. For this reason, you should have the frequently hit entries at the top of the list. There is an implied deny for traffic that is not permitted.

CompTIA Network+ Question C-85

A network technician has set up an FTP server for the company to distribute software updates for their products. Each vendor is provided with a unique username and password for security. Several vendors have discovered a virus in one of the security updates. The company tested all files before uploading them but retested the file and found the virus. Which of the following could the technician do for vendors to validate the proper security patch?

A. Use TFTP for tested and secure downloads
B. Require biometric authentication for patch updates
C. Provide an MD5 hash for each file
D. Implement a RADIUS authentication

Correct Answer: C

Explanation:
If we put an MD5 has for each file we can see if the file has been changed or not.
MD5 is an algorithm that is used to verify data integrity through the creation of a 128-bit message digest from data input (which may be a message of any length) that is claimed to be as unique to that specific data as a fingerprint is to the specific individual.

CompTIA Network+ Question C-76

A network technician is tasked with designing a firewall to improve security for an existing FTP server that is on the company network and is accessible from the internet. The security concern is that the FTP server is compromised it may be used as a platform to attack other company servers. Which of the following is the BEST way to mitigate this risk?

A. Add an outbound ACL to the firewall
B. Change the FTP server to a more secure SFTP
C. Use the implicit deny of the firewall
D. Move the server to the DMZ of the firewall

Correct Answer: D

CompTIA Network+ Question B-85

A network technician has just installed a TFTP server on the administrative segment of the network to store router and switch configurations. After a transfer attempt to the server is made, the process errors out. Which of the following is a cause of the error?

A. Only FTP can be used to copy configurations from switches
B. Anonymous users were not used to log into the TFTP server
C. An incorrect password was used and the account is now locked
D. Port 69 is blocked on a router between the network segments

Correct Answer: D

Explanation:
The question states that the TFTP server is installed on the “administrative segment of the network”. This implies that the network has multiple segments (subnets) and TFTP server is on a different network segment to other computers.
For a computer on one subnet to connect to a computer on a different subnet, a router is required to route traffic between the two subnets. Routers often include firewalls so they can be configured to allow specific traffic to be routed between the subnets and block unwanted traffic.
TFTP uses UDP port 69. The most likely cause of the connection timeout error in the question is that the firewall has not been configured to allow traffic using UDP port 69.

CompTIA Network+ Question B-71

A network technician is utilizing a network protocol analyzer to troubleshoot issues that a user has been experiencing when uploading work to the internal FTP server. Which of the following default port numbers should the technician set the analyzer to highlight when creating a report? (Select TWO).

A. 20
B. 21
C. 22
D. 23
E. 67
F. 68

Correct Answer: AB

Explanation:
FTP (File Transfer Protocol) is used for transferring files between an FTP client and an FTP server. FTP uses TCP Ports 20 and 21.

CompTIA Network+ Question A-45

When configuring a new server, a technician requests that an MX record be created in DNS for the new server, but the record was not entered properly. Which of the following was MOST likely installed that required an MX record to function properly?

A. Load balancer
B. FTP server
C. Firewall DMZ
D. Mail server

Correct Answer: D

Explanation:
A mail exchanger record (MX record) is a DNS record used by email servers to determine the name of the email server responsible for accepting email for the recipient’s domain.
For example a user sends an email to recipient@somedomain.com. The sending user’s email server will query the somedomain.com DNS zone for an MX record for the domain. The MX record will specify the hostname of the email server responsible for accepting email for the somedomain.com domain, for example, mailserver.somedomain.com. The sending email server will then perform a second DNS query to resolve mailserver.somedomain.com to an IP address. The sending mail server will then forward the email to the destination mail server.

CompTIA Network+ Question A-23

Peter, a network technician, is setting up a DHCP server on a LAN segment. Which of the following options should Peter configure in the DHCP scope, in order to allow hosts on that LAN segment using dynamic IP addresses, to be able to access the Internet and internal company servers? (Select THREE).

A. Default gateway
B. Subnet mask
C. Reservations
D. TFTP server
E. Lease expiration time of 1 day
F. DNS servers
G. Bootp

Correct Answer: ABF

Explanation:
The question states that the client computers need to access the Internet as well as internal company servers. To access the Internet, the client computers need to be configured with an IP address with a subnet mask (answer B) and the address of the router that connects the company network to the Internet. This is known as the ‘default gateway’ (answer A).
To be able to resolve web page URLs to web server IP addresses, the client computers need to be configured with the address of a DNS server (answer F).

CompTIA Network+ Question A-5

A customer is attempting to download a file from a remote FTP server, but receives an error that a connection cannot be opened. Which of the following should be one FIRST to resolve the problem?

A. Ensure that port 20 is open
B. Ensure that port 161 is open
C. Flush the DNS cache on the local workstation
D. Validate the security certificate from the host

Correct Answer: A

CompTIA A+ Question H-84

After installing a new wireless router in a home office, a user’s remote clients have lost the ability to access the FTP server on the user’s home office LAN. Which of the following features in the router MUST be configured before the clients can regain secure access?

A. QoS
B. Port triggering
C. Port forwarding
D. MAC filtering

Correct Answer: C