A server administrator needs to administer a server remotely using RDP, but the specified port is closed on the outbound firewall on the network. The access the server using RDP on a port other than the typical registered port for the RDP protocol?
Which of the following protocols is the security administrator observing in this packet capture?
12:33:43, SRC 192.168.4.3:3389, DST 10.67.33.20:8080, SYN/ACK
A. HTTPS B. RDP C. HTTP D. SFTP
Correct Answer: B Section: Cryptography
Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft, which provides a user with a graphical interface to connect to another computer over a network
Example of RDP tracing output:
No. Time Delta Source Destination Protocol Length Info
5782, 2013-01-06 09:52:15.407, 0.000, SRC 10.7.3.187, DST 10.0.107.58, TCP, 62, 3389 > 59193 [SYN, ACK]
A: The HTTPS packet format does not include SRC, DST and SYN/ACK attributes.
C: The HTTP packet format does not include SRC, DST and SYN/ACK attributes.
D: The SFTP packet format does not include SRC, DST and SYN/ACK attributes.
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 75, 76, 274
A security analyst is reviewing firewall logs while investigating a compromised web server. The following ports appear in the log:
22, 25, 445, 1433, 3128, 3389, 6667
Which of the following protocols was used to access the server remotely?
A. LDAP B. HTTP C. RDP D. HTTPS
Correct Answer: C Section: Network Security
RDP uses TCP port 3389.
A: LDAP operates over TCP ports 636 and 389.
B: HTTP uses TCP port 80 or TCP port 8080.
D: HTTPS uses TCP port 443 (or TCP port 80 in some configurations of TLS).
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 23, 55, 56