A junior systems administrator performs a vulnerability scan on a newly deployed Linux server. The administrator uses the command nmap --script ftp-anon -p 21 <server_ip> and the output includes the line Anonymous FTP login allowed. Which of the following represents the most likely service misconfiguration causing this finding?
The FTP daemon's configuration file contains the directive anonymous_enable=YES.
The default umask for the FTP user is set to an insecure value like 000.
A firewall rule is misconfigured, allowing traffic to port 21.
The FTP service is running with root user privileges.
The correct answer is that the FTP daemon's configuration file, such as /etc/vsftpd.conf for vsftpd, contains the directive anonymous_enable=YES. This setting explicitly permits anonymous users to log in. The nmap --script ftp-anon command is specifically designed to check for this condition. Incorrect firewall rules would typically block or allow traffic at the network layer, but not control application-level user authentication. Running the service as root is a separate security risk but does not inherently enable anonymous login. An incorrect umask setting affects the default permissions of newly created files, not the ability to log in anonymously.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does the directive `anonymous_enable=YES` do in the FTP daemon's configuration?
Open an interactive chat with Bash
What is the purpose of the `nmap --script ftp-anon` command?
Open an interactive chat with Bash
How does a misconfigured firewall differ from a service misconfiguration like `anonymous_enable=YES`?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access