Why is exposing port 21 (FTP) on virtual machines reachable from the public Internet a security concern?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Study for the CompTIA Cloud+ exam. Enhance your skills with flashcards and multiple choice questions, each supported by hints and explanations. Prepare effectively for your certification!

Multiple Choice

Why is exposing port 21 (FTP) on virtual machines reachable from the public Internet a security concern?

Explanation:
Exposing FTP on port 21 to the public internet highlights a problem with unencrypted communications. Classic FTP sends the control commands and all file data in plaintext, including usernames and passwords. That means anyone who can monitor the traffic between the client and the server can read credentials, directory listings, and the actual file contents without any special access. The public internet makes it easy for an attacker to capture this traffic, compromising confidentiality from the moment someone connects. Because of that, the real security concern isn’t just that someone might gain access, but that the information being transmitted itself is exposed in clear text. To mitigate, use secure alternatives such as SFTP or FTPS, and restrict access with firewalls, VPNs, or IP allowlists, as well as disable anonymous access and enforce strong authentication. Other options don’t capture the immediate risk as accurately: unauthorized access is a consequence but not the core issue, misconfigured firewall is a separate potential problem, and insufficient encryption keys isn’t the standard way FTP is described since it doesn’t use encryption by default.

Exposing FTP on port 21 to the public internet highlights a problem with unencrypted communications. Classic FTP sends the control commands and all file data in plaintext, including usernames and passwords. That means anyone who can monitor the traffic between the client and the server can read credentials, directory listings, and the actual file contents without any special access. The public internet makes it easy for an attacker to capture this traffic, compromising confidentiality from the moment someone connects.

Because of that, the real security concern isn’t just that someone might gain access, but that the information being transmitted itself is exposed in clear text. To mitigate, use secure alternatives such as SFTP or FTPS, and restrict access with firewalls, VPNs, or IP allowlists, as well as disable anonymous access and enforce strong authentication.

Other options don’t capture the immediate risk as accurately: unauthorized access is a consequence but not the core issue, misconfigured firewall is a separate potential problem, and insufficient encryption keys isn’t the standard way FTP is described since it doesn’t use encryption by default.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy