Exam SY0-601 topic 1 question 225 discussion

SMB use TCP Port 139 445、UDP Port 137 138

Got this question 20 june 2023. Answer is BF 📍

With NGFW. Just choose the SMB app ID and set the rule to log and drop. Old stuff 139 445 will need to be blocked.

B and F. Please check this link: https://builtin.com/software-engineering-perspectives/smb-port

Port 139 and Port 445 are commonly associated with the SMB protocol in Windows systems. Blocking these ports from external inbound connections will help prevent potential attacks exploiting the SMB vulnerability from reaching the servers in the DMZ. However, it is important to note that this is a temporary workaround until a proper patch or mitigation is available for the SMB vulnerability.

The two TCP ports that should be blocked for all external inbound connections to the DMZ as a workaround to protect the servers are 139 and 445. SMB uses port 139 and 445 to communicate, and blocking these ports will prevent external attackers from exploiting the vulnerability in the SMB protocol. It is important to note that blocking these ports will also prevent legitimate external access to SMB services on the servers in the DMZ. Ports 135, 143, 161, and 443 are not typically associated with SMB, so blocking them would not provide any protection against the SMB vulnerability. Port 135 is used for Remote Procedure Call (RPC) traffic, port 143 is used for IMAP traffic, port 161 is used for Simple Network Management Protocol (SNMP) traffic, and port 443 is used for HTTPS traffic. Therefore, the correct answer is B. 139 and F. 445.

The security administrator should block TCP ports 445 and 139 for all external inbound connections to the DMZ as a workaround to protect the servers from the SMB protocol vulnerability. These ports are commonly used by SMB for communication. Blocking these ports for external inbound connections can prevent external attackers from exploiting the vulnerability, while still allowing the internal systems and applications to use SMB for communication.

BF correct