Exam CS0-002 topic 1 question 12 discussion

"servers to be dedicated to one function..." http/s and SQL are two functions. I will select D, but agree with folks that the question is horribly written, and the person who wrote it was most likely drunk.

question asks for a "WEB SERVER", so you may need to use FTP to download and upload files. Also, http and https are must for web server. Do not think it like http is not secure, so it should be closed. No, this is not how the system works in real life. HTTP and HTTPS are used by companies by providing reliable secure configurations on HTTP. There is one port left 1433 SQL DATABASE server. You do not need that on web server. Remember, you may need FTP on web server when you are dealing with files download/upload.

A SQL database shouldn't be on the server if the goal is to dedicate a server to one function. Also, it's generally not correct to expose a sql server port, if it's being used on the host.

Since the sole purpose of this server is to deliver web services, insecure port 1433 should be closed. I could also make a case for closing insecure port 21.

Database would be another function

Gentlemen, a database on a web server? It is not the right thing to do. If port 1433 were not available, the answer would be B (80).

If the server is dedicated to one function (web server) and unneeded services are disabled, then port 21 should be closed, because FTP is not necessary for a web server and could pose a security risk if exploited. Port 80, port 443, and port 1433 are ports that are needed for a web server, because they are used for HTTP, HTTPS, and SQL Server respectively. Reference: https://www.ssh.com/ssh/port

The questions says one function and unneeded services. Port 80 is irrelevant when port 443 is available. 1433 and 21 could be a backend server that webserver is connected to

Based on the organization's policy that requires servers to be dedicated to one function and unneeded services to be disabled, if I have to choose only one port to be closed based on the given Nmap scan output, I would recommend closing port 1433/TCP (SQL) if it is not required for the web server's intended function.

Web server=80+443 SQL is not needed and closing only HTTP "80", wont serve the question requirements

Clearly B. Question states we need to basically have one port per service, and the rest disabled. 1433 is the only port for SQL opened on this server, but why would we have both HTTP and HTTPS open? Close port 80, job done.

D. The server is dedicated as a web server (function) and the unneeded service to be disabled is 1433(sql). This is directly based of the question itself.

D. Just from experience, I would most definitely want to separate SQL from a Web Server. "Dedicated to one function". So my take is remove SQL (1433)

You can have separate server for databasing (which is often advisable), but you'll most likely need FTP for file transfers. The web-server is where you store all the necessary files (including HTML contents), after all, and file-transfer protocols are the most efficient avenue.

As they do not say what type server it is, we have to assume port 21 should be closed because the other ports would all be required to support either a webserver or a database server.

Based on the information provided, it is not possible to determine whether the organization should close any of the ports. However, if the policy of the organization is to dedicate servers to one function and to disable unneeded services, then it is likely that some of these ports should be closed. In this case, assuming that the server is intended to be a web server, port 21 (FTP) and port 1433 (Microsoft SQL Server) are likely not necessary and should be closed. Port 80 and port 443 are necessary for web traffic, and should be left open. However, it is important to ensure that only necessary services are running on these ports, and that they are properly secured to reduce the risk of cyber attacks. - ChatGPT

Webserver usually link back to an sql data base for orders etc, for ftp you would want both ports 20 and 21 open one is of no use