CompTIA Server+ SK0-005 Practice Question
A company must import a 30-GB compressed file from an external partner every night. Security policy requires that any inbound data be inspected for malware and have its integrity verified before it reaches the internal production file cluster. Which approach BEST satisfies the policy while limiting the attack surface of the production network?
- Deploy an SFTP service on a hardened host in the DMZ that accepts the partner's upload. An internal staging server then pulls the file over SSH, runs antivirus and checksum validation, and finally moves the file to the production share.
- Open TCP port 445 through the perimeter firewall so the partner can map a CIFS share on the production cluster and upload the file directly.
- Provide the partner with temporary VPN credentials that allow RDP access to a jump host inside the data center so the file can be copied to the production share.
- Require the partner to courier an external USB SSD each night, which administrators plug directly into the production file server for manual copy.
Expose the production file share over SMB so the partner can upload directly
Give the partner VPN and RDP access to a jump host inside the network for file copy
SFTP upload to a DMZ host with an internal server pulling, scanning, and verifying the file before moving it to production
Have the partner ship a USB drive nightly and copy the data straight onto the production server
CompTIA Server+ SK0-005
Server Administration
Your Score:
SAVE $47
SAVE $53
Bash, the Crucial Exams Chat Bot
AI Bot