What should you do?

70-410 0 Comments

Your network contains an Active Directory domain named contoso.com. The domain contains an Application server named Server1. Server1 runs Windows Server 2012 R2.

Server1 is configured as an FTP server.

Client computers use an FTP Application named App1.exe. App1.exe uses TCP port 21 as the control port and dynamically requests a data port.

On Server1, you create a firewall rule to allow connections on TCP port 21.

You need to configure Server1 to support the client connections from App1.exe.

What should you do?
A . Run netsh advfirewall set global statefulftp enable.
B . Create an inbound firewall rule to allow App1.exe.
C . Create a tunnel connection security rule.
D . Run Set-NetFirewallRule -DisplayName DynamicFTP -Profile Domain

Answer: A

Explanation:

The netsh firewall context is supplied only for backward compatibility. We recommend that you do not use this context on a computer that is running Windows Vista or a later version of Windows.

In the netsh advfirewall firewall context, the add command only has one variation, the add rule command. Netsh advfirewall set global statefulftp:

Configures how Windows Firewall with Advanced Security handles FTP traffic that uses an initial connection on one port to request a data connection on a different port.

When statefulftp is enabled, the firewall examines the PORT and PASV requests for these other port numbers and then allows the corresponding data connection to the port number that was requested.

Syntax

set global statefulftp { enable | disable | notconfigured }

Parameters

statefulftp can be set to one of the following values:

enable

The firewall tracks the port numbers specified in PORT command requests and in the responses to PASV requests, and then allows the incoming FTP data traffic entering on the requested port number.

disable

This is the default value. The firewall does not track outgoing PORT commands or PASV responses, and so incoming data connections on the PORT or PASV requested port is blocked as an unsolicited incoming connection.

notconfigured

Valid only when netsh is configuring a GPO by using the set store command.

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments