CompTIA Security+ Question K-95

A new web server has been provisioned at a third party hosting provider for processing credit card transactions. The security administrator runs the netstat command on the server and notices that ports 80, 443, and 3389 are in a `listening’ state. No other ports are open. Which of the following services should be disabled to ensure secure communications?

A. HTTPS
B. HTTP
C. RDP
D. TELNET

Answer: B

Explanation:
* HTTP uses port 80. HTTP does not provide encrypted communications. Port 443 is used by HTTPS which provides secure encrypted communications. Port 3389 is used by RDP (Remote Desktop Protocol) which does provide encrypted communications.

CompTIA Security+ Question K-75

Peter analyzed the following log and determined the security team should implement which of the following as a mitigation method against further attempts?
Host 192.168.1.123
[00:
00: 01]Successful Login: 015 192.168.1.123 : local
[00:
00: 03]Unsuccessful Login: 022 214.34.56.006 : RDP 192.168.1.124
[00:
00: 04]UnSuccessful Login: 010 214.34.56.006 : RDP 192.168.1.124
[00:
00: 07]UnSuccessful Login: 007 214.34.56.006 : RDP 192.168.1.124
[00:
00: 08]UnSuccessful Login: 003 214.34.56.006 : RDP 192.168.1.124

A.
Reporting
B.
IDS
C.
Monitor system logs
D.
Hardening

Answer: D

Explanation:
We can see a number of unsuccessful login attempts using a Remote Desktop Connection (using the RDP protocol) from a computer with the IP address 192.168.1.124. Someone successfully logged in locally. This is probably an authorized login (for example, Peter logging in). Hardening is the process of securing a system. We can harden (secure) the system by either disallowing remote desktop connections altogether or by restricting which IPs are allowed to initiate remote desktop connections.

CompTIA Security+ Question G-65

Which of the following protocols is the security administrator observing in this packet capture?
12:33:43, SRC 192.168.4.3:3389, DST 10.67.33.20:8080, SYN/ACK

A. HTTPS
B. RDP
C. HTTP
D. SFTP

Answer: B

Explanation:
Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, which provides a user with a graphical interface to connect to another computer over a network connection. Example of RDP tracing output: No. Time Delta Source Destination Protocol Length Info 5782, 2013-01-06 09:52:15.407, 0.000, SRC 10.7.3.187, DST 10.0.107.58, TCP, 62, 3389 > 59193 [SYN, ACK]

CompTIA Security+ Question F-70

A technician is unable to manage a remote server. Which of the following ports should be opened on the firewall for remote server management? (Select TWO).

A. 22
B. 135
C. 137
D. 143
E. 443
F. 3389

Answer: A,F

Explanation:
A secure remote administration solution and Remote Desktop protocol is required. Secure Shell (SSH) is a secure remote administration solution and makes use of TCP port 22. Remote Desktop Protocol (RDP) uses TCP port 3389.

CompTIA Security+ Question F-51

Ann, a technician, is attempting to establish a remote terminal session to an end user’s computer using Kerberos authentication, but she cannot connect to the destination machine. Which of the following default ports should Ann ensure is open?

A. 22
B. 139
C. 443
D. 3389

Answer: D

Explanation:
Remote Desktop Protocol (RDP) uses TCP port 3389.

CompTIA Network+ Question C-66

A network administrator has created a virtual machine in the cloud. The technician would like to connect to the server remotely using RDP. Which of the following default ports needs to be opened?

A. 445
B. 3389
C. 5004
D. 5060

Correct Answer: B

Explanation:
RDP (Remote Desktop Protocol) is used for connecting to a remote Windows computer. When using RDP to connect to a remote Windows computer, you can view and control the desktop of the remote computer. RDP uses TCP port 3389.

CompTIA A+ 220-902 Question H-13

A technician has configured the ability to connect to a small office server using remote desktop from a workstation within the office. The technician has reviewed logs that show constant brute force attacks to that server from outside the network. Which of the following would prevent this from occurring?

A. Configure the server to use a static IP
B. Logically move the server to the DMZ
C. Reallocate the server to a different networking closet
D. Disable the remote desktop port