Dealing with Suspicious Traffic from a Web Server in DMZ
Question
An NGFW alerts that a web server in the DMZ is sending suspicious traffic.
A network administrator finds that port 25 is open, and the traffic is originating from this port.
The only purpose of this server is to deliver website traffic.
Which of the following should the network administrator recommend to the systems administrator?
A.
Disable Telnet service on the server. B.
Disable DHCP service on the server. C.
Disable the SMTP service on the server D.
Disable FTP service on the server.
C.
Explanations
An NGFW alerts that a web server in the DMZ is sending suspicious traffic.
A network administrator finds that port 25 is open, and the traffic is originating from this port.
The only purpose of this server is to deliver website traffic.
Which of the following should the network administrator recommend to the systems administrator?
A.
Disable Telnet service on the server.
B.
Disable DHCP service on the server.
C.
Disable the SMTP service on the server
D.
Disable FTP service on the server.
C.
The suspicious traffic originating from port 25 on the web server in the DMZ indicates that the Simple Mail Transfer Protocol (SMTP) service is being used to send the traffic. The SMTP service is typically used for sending email messages, and it is not necessary for delivering website traffic. Therefore, the network administrator should recommend disabling the SMTP service on the server to mitigate the suspicious traffic.
A. Disabling Telnet service on the server would not address the suspicious traffic originating from port 25. Telnet is a remote access protocol used to manage and configure network devices and servers, but it is not typically used for delivering website traffic or sending email messages.
B. Disabling DHCP service on the server would not address the suspicious traffic originating from port 25. DHCP is a protocol used to automatically assign IP addresses to devices on a network, but it is not typically used for delivering website traffic or sending email messages.
C. Disabling the SMTP service on the server is the correct recommendation in this scenario. SMTP is a protocol used to send email messages, and it is not necessary for delivering website traffic. Disabling the SMTP service would prevent any further suspicious traffic originating from port 25.
D. Disabling FTP service on the server would not address the suspicious traffic originating from port 25. FTP is a protocol used for file transfers, but it is not typically used for delivering website traffic or sending email messages.
