ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CS0-002 All Questions

View all questions & answers for the CS0-002 exam
Go to Exam

Exam CS0-002 topic 1 question 104 discussion

Actual exam question from CompTIA's CS0-002
Question #: 104
Topic #: 1
[All CS0-002 Questions]

A security analyst reviews a recent network capture and notices encrypted inbound traffic on TCP port 465 was coming into the company's network from a database server. Which of the following will the security analyst MOST likely identify as the reason for the traffic on this port?

  • A. The server is configured to communicate on the secure database standard listener port.
  • B. Someone has configured an unauthorized SMTP application over SSL.
  • C. A connection from the database to the web front end is communicating on the port.
  • D. The server is receiving a secure connection using the new TLS 1.3 standard.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Xyz_40 at March 12, 2022, 9:14 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Cock
Highly Voted 2 years, 2 months ago
TCP port 465 is commonly used for Secure SMTP (SMTPS) traffic, which is an encrypted version of Simple Mail Transfer Protocol (SMTP). SMTPS is used for secure communication between mail servers and other mail clients. If the security analyst is noticing encrypted inbound traffic on TCP port 465 from a database server, it is most likely that someone has configured an unauthorized SMTP application over SSL. This could pose a security risk if the encrypted traffic is carrying sensitive information, as it could potentially be intercepted and decrypted by an attacker. The security analyst should investigate the cause of the traffic and determine if the SMTP application is authorized and properly secured, and take necessary action to remediate any security risks identified.
upvoted 5 times
...
kyky
Most Recent 1 year, 10 months ago
Selected Answer: B
B: "Someone has configured an unauthorized SMTP application over SSL" as the reason for the traffic on TCP port 465. SMTP (Simple Mail Transfer Protocol) is commonly used for sending email messages, and port 465 is typically associated with SMTP over SSL (Secure Sockets Layer) or SMTPS. The use of encryption on this port suggests that the traffic is related to email communication, and the fact that it is inbound traffic from a database server indicates that an unauthorized SMTP application over SSL may have been configured.
upvoted 3 times
...
2Fish
2 years, 1 month ago
Selected Answer: B
B. Although, this port has been deprecated, A&D could also use this port, but it is not "Most Likely" those would use port 465. https://www.mailgun.com/blog/email/which-smtp-port-understanding-ports-25-465-587/
upvoted 2 times
...
david124
2 years, 3 months ago
Selected Answer: B
chat GBT says B
upvoted 2 times
AaronS1990
2 years, 2 months ago
That doesn't mean it's the answer though does it? How about a meaningful contribution for a change rather than posting what chat GBT says, which I would add.... no one asked.
upvoted 7 times
...
...
Olaswolla
2 years, 3 months ago
Selected Answer: D
Port 465 is used for implicit TLS and can be used to facilitate secure communications for mail services.
upvoted 1 times
...
MrRobotJ
2 years, 9 months ago
Can someone please tell me why we chose B? Thanks in advance.
upvoted 2 times
amateurguy
2 years, 8 months ago
if you google port 465, it shows smtp over implicit ssl.
upvoted 2 times
...
...
miabe
2 years, 9 months ago
Selected Answer: B
looks good to me
upvoted 1 times
...
Xyz_40
3 years, 1 month ago
correct answer
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago