Zero-Day Vulnerability Affecting Network Device on Port 21 | CompTIA Network+ Exam N10-007

Zero-Day Vulnerability Explained: Secure Protocols Reject Malicious Packets

Prev Question Next Question

Question

A zero-day vulnerability is discovered that affects a specific network device.

This vulnerability only affects services on port 21

This network device is restricted to use only secure protocols and services.

Which of the following explains why this device is secure?

A.

Because secure protocols would reject malicious packets B.

Because SCP is not a secure service C.

Because FTP is not a secure service D.

Because a secure firewall will protect the device.

C.

Explanations

A zero-day vulnerability is discovered that affects a specific network device.

This vulnerability only affects services on port 21

This network device is restricted to use only secure protocols and services.

Which of the following explains why this device is secure?

A.

Because secure protocols would reject malicious packets

B.

Because SCP is not a secure service

C.

Because FTP is not a secure service

D.

Because a secure firewall will protect the device.

C.

The correct answer is C. Because FTP is not a secure service.

A zero-day vulnerability is a vulnerability that is unknown to the software vendor or to antivirus vendors. The fact that a zero-day vulnerability has been discovered means that the device is not 100% secure. However, in this scenario, the vulnerability only affects services on port 21.

Port 21 is the default port used by the File Transfer Protocol (FTP) service. FTP is a protocol used to transfer files over the internet. However, FTP is not a secure protocol. FTP sends data, including usernames and passwords, in clear text, which means that anyone who intercepts the traffic can see the information being transmitted.

However, the scenario states that the network device is restricted to use only secure protocols and services. Therefore, if the device is configured correctly, it should not be using the FTP service on port 21. The fact that the device is not using FTP means that it is not vulnerable to the zero-day vulnerability that affects services on port 21.

Option A, "Because secure protocols would reject malicious packets," is incorrect because it is not always the case that secure protocols reject malicious packets. Some protocols, like SSL, can be susceptible to man-in-the-middle attacks.

Option B, "Because SCP is not a secure service," is incorrect because SCP (Secure Copy Protocol) is a secure file transfer protocol.

Option D, "Because a secure firewall will protect the device," is also incorrect because a firewall alone cannot protect against all types of vulnerabilities. In this case, a firewall may not be able to prevent the zero-day vulnerability from being exploited if it is not configured to block traffic on port 21.