When a penetration tester is mapping firewall rules for Microsoft Windows hosts, which statement accurately describes the ports used by Remote Procedure Call (RPC) with Distributed Component Object Model (DCOM)?
The client connects on TCP 139 for setup, and traffic is then tunneled through TCP 445.
Communication relies exclusively on UDP 137 for name service and data transfer.
Session establishment occurs on TCP 135, and all remaining RPC/DCOM traffic continues over a dynamically selected high-numbered port.
Both session setup and all data transfer use only TCP 135.
RPC/DCOM begins by contacting the RPC Endpoint Mapper on TCP port 135. The mapper returns an ephemeral port-by default chosen from the dynamic range 49152-65535 on modern Windows-and all subsequent RPC/DCOM traffic for that session uses that dynamic port. Therefore, administrators must open a range of high-numbered ports in addition to TCP 135. Options that claim only a single well-known port or the wrong well-known ports are incorrect.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are ephemeral ports in the context of RPC?
Open an interactive chat with Bash
How can firewalls handle dynamic ports used by DCOM/RPC?