ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your company must set up a secure file-transfer service so business partners can pull monthly reports from a DMZ server. The partner's firewall permits inbound traffic only on TCP 22, and the network team has stated that no additional ports can be opened. Transfers must be encrypted and support automated, password-less authentication. Which approach meets the security and network constraints with minimal additional configuration?
Configure implicit FTPS with a server certificate and listen on port 990 for the control channel.
Enable explicit FTPS over TLS on port 21 in passive mode so data channels are allocated dynamically.
Retain legacy FTP but tunnel the traffic through an IPsec VPN between the two sites.
Deploy SFTP (SSH File Transfer Protocol) on the server, restrict access to key-based logins, and listen on port 22.
SFTP runs inside an SSH session and therefore uses a single control/data channel on TCP 22. Using key-based authentication satisfies the requirement for encrypted, password-less logins and does not require opening any extra ports.
FTPS, whether explicit (control on 21 with dynamic data ports) or implicit (control on 990 plus data ports), needs multiple additional ports, which the partner's firewall will block. Tunneling legacy FTP through an IPsec VPN would satisfy encryption, but it introduces extra infrastructure, negotiation ports (e.g., UDP 500, 4500), and configuration effort, contradicting the "no additional ports" constraint.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is SFTP and how does it differ from FTP?
Open an interactive chat with Bash
What is key-based authentication in SSH?
Open an interactive chat with Bash
What is a DMZ server and why is it used?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Cryptography
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .