A new web server has been provisioned at a third party hosting provider for processing credit card
transactions. The security administrator runs the netstat command on the server and notices that ports
80, 443, and 3389 are in a `listening’ state. No other ports are open. Which of the following services
should be disabled to ensure secure communications?

A.
HTTPS

B.
HTTP

C.
RDP

D.
TELNET

Explanation:
HTTP uses port 80. HTTP does not provide encrypted communications. Port 443 is used by HTTPS which
provides secure encrypted communications. Port 3389 is used by RDP (Remote Desktop Protocol) which
does provide encrypted communications.
Incorrect Answers:
A: HTTPS uses port 443. HTTPS uses SSL or TLS certificates to secure HTTP communications. HTTPS (HTTP
over SSL or HTTP Secure) is the use of Secure Socket Layer (SSL) or Transport Layer Security (TLS) as a
sublayer under regular HTTP application layering. HTTPS encrypts and decrypts user page requests as well
as the pages that are returned by the Web server. HTTP is secure so this answer is incorrect.
C: RDP (Remote Desktop Protocol) is used to remotely connect to a Windows computer. RDP uses
encrypted communications and is therefore considered secure. This answer is therefore incorrect.
D: Telnet uses port 23. This is not one of the ports listed as open in the question. This answer is therefore
incorrect.

http://searchsoftwarequality.techtarget.com/definition/HTTPS
http://en.wikipedia.org/wiki/List_of_TCP_and_UDP_port_numbers