CompTIA Security+ (SY0-501) — Question 54

A security analyst wishes to increase the security of an FTP server. Currently, all traffic to the FTP server is unencrypted. Users connecting to the FTP server use a variety of modern FTP client software.
The security analyst wants to keep the same port and protocol, while also still allowing unencrypted connections. Which of the following would BEST accomplish these goals?

Answer options

• A. Require the SFTP protocol to connect to the file server.
• B. Use implicit TLS on the FTP server.
• C. Use explicit FTPS for connections.
• D. Use SSH tunneling to encrypt the FTP traffic.

Correct answer: C

Explanation

The correct answer is C, as explicit FTPS allows users to connect using standard FTP, but then upgrade to a secure TLS connection while still allowing unencrypted sessions. Option A is incorrect because SFTP is a different protocol altogether and does not maintain the same port. Options B and D do not meet the requirement of allowing unencrypted connections while using the same port and protocol.