A new SQL server is identified as allowing FTP access to all users. Which of the following would a systems administrator most likely do to ensure only the required services are allowed?
A.
Disable unused ports on the server.
B.
Change default passwords on all servers.
C.
Delete the NGFW rules that allow all FTP traffic.
D.
Configure server ACLs on the switches that the SQL traffic traverses.
If a SQL server is allowing FTP access to all users, the most direct and best practice action is to disable unused services/ports on the server itself. Network+ (N10-009) security objectives emphasize host hardening and the principle of least functionality: only required services should be running and listening. If FTP is not required for the SQL server’s role, stopping and disabling the FTP service (and closing the associated ports on the host firewall) reduces the attack surface regardless of network firewall rules. This approach ensures the server cannot be reached via FTP even if it is placed on a different network segment or if upstream controls are misconfigured later.
Changing default passwords is important, but it does not address the unnecessary exposure of an unneeded service. Deleting NGFW rules that allow all FTP traffic could help at the perimeter, but it may unintentionally break legitimate FTP usage elsewhere and still doesn’t guarantee the server isn’t reachable from internal networks. Switch ACLs along SQL traffic paths are indirect and easy to misapply; they also add operational complexity and may not cover all access paths. The best “only required services are allowed” control is to disable the unused service/ports on the server.
===========
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit