A new security policy in an organization requires that all file transfers within the organization be completed using applications that provide secure transfer. Currently, the organization uses FTP
and HTTP to transfer files.
Which of the following should the organization implement in order to be compliant with the new policy?
A. Replace FTP with SFTP and replace HTTP with TLS
B. Replace FTP with FTPS and replaces HTTP with TFTP
C. Replace FTP
with SFTP and replace HTTP with Telnet
D. Replace FTP with FTPS and replaces HTTP with IPSec
should be A,
• SFTP. Secure File Transfer Protocol (SFTP) is a secure
implementation of FTP. It is an extension of Secure Shell (SSH) using
SSH to transmit the files in an encrypted format. SFTP transmits data
using TCP port 22.
• FTPS. File Transfer Protocol Secure (FTPS) is an extension of FTP
and uses TLS to encrypt FTP traffic. Some implementations of FTPS
use TCP ports 989 and 990. However, TLS can also encrypt the traffic
over the ports used by FTP (20 and 21). Notice that the difference
between SFTP and FTPS is that SFTP uses SSH and FTPS uses TLS.
8
0