CompTIA CySA+ (CS0-002) — Question 33

A security analyst reviews a recent network capture and notices encrypted inbound traffic on TCP port 465 was coming into the company's network from a database server. Which of the following will the security analyst MOST likely identify as the reason for the traffic on this port?

Answer options

• A. The server is configured to communicate on the secure database standard listener port.
• B. Someone has configured an unauthorized SMTP application over SSL.
• C. A connection from the database to the web front end is communicating on the port.
• D. The server is receiving a secure connection using the new TLS 1.3 standard.

Correct answer: B

Explanation

The correct answer is B because TCP port 465 is commonly associated with SMTP over SSL, which suggests that an unauthorized SMTP application might be using this port. Options A and C are less likely as they do not typically use port 465, and option D is incorrect because port 465 is not specifically linked to the new TLS 1.3 standard.