PrepAway - Latest Free Exam Questions & Answers

You need to configure Server1 to support the client connections from App1.exe

Your network contains an Active Directory domain named contoso.com. The domain contains an
Application server named Server1. Server1 runs Windows Server 2012 R2.
Server1 is configured as an FTP server.

Client computers use an FTP Application named App1.exe. App1.exe uses TCP port 21 as the control
port and dynamically requests a data port.
On Server1, you create a firewall rule to allow connections on TCP port 21.
You need to configure Server1 to support the client connections from App1.exe.
What should you do?

PrepAway - Latest Free Exam Questions & Answers

A.
Run netshadvfirewall set global statefulftp enable.

B.
Create an inbound firewall rule to allow App1.exe.

C.
Create a tunnel connection security rule.

D.
Run Set-NetFirewallRule -DisplayName DynamicFTP -Profile Domain

Explanation:
The netsh firewall context is supplied only for backward compatibility. We recommend that you do
not use this context on a computer that is running Windows Vista or a later version of Windows.
In the netsh advfirewall firewall context, the add command only has one variation, the add rule
command. Netsh advfirewall set global statefulftp:
Configures how Windows Firewall with Advanced Security handles FTP traffic that uses an initial
connection on one port to request a data connection on a different port.
When statefulftp is enabled, the firewall examines the PORT and PASV requests for these other port
numbers and then allows the corresponding data connection to the port number that was
requested.
Syntax
set global statefulftp { enable | disable | notconfigured }
Parameters
statefulftp can be set to one of the following values:
enable
The firewall tracks the port numbers specified in PORT command requests and in the responses to
PASV requests, and then allows the incoming FTP data traffic entering on the requested port
number.
disable
This is the default value. The firewall does not track outgoing PORT commands or PASV responses,
and so incoming data connections on the PORT or PASV requested port is blocked as an unsolicited
incoming connection.
notconfigured
Valid only when netsh is configuring a GPO by using the set store command.

4 Comments on “You need to configure Server1 to support the client connections from App1.exe

  2. JoeBob says:

    A) would block FTP traffic. that is not the answer
    this command would turn on stateful inspection for FTP traffic

    I would actually think this is
    B
    because 21 is already open so you need a rule for the dynamic data port of APP1




    0



    0
    1. MdeBruijn says:

      As stated in the question there is a firewall rule to allow connections on TCP port 21.

      I think B is wrong in this case as an inbound firewall rule is created for secure FTP over SSL (FTPS) traffic.

      In the question nothing is being said about secure FTP so we can assume they are referring to non-secure FTP traffic. In that case netsh advfirewall set global StatefulFtp enable can be used




      0



      0
  3. Nadezhda says:

    Windows Firewall and non-secure FTP traffic

    Windows firewall can be configured from command line using netsh command. 2 simple steps are required to setup Windows Firewall to allow non-secure FTP traffic

    1) Open port 21 on the firewall

    netsh advfirewall firewall add rule name=”FTP (no SSL)” action=allow protocol=TCP dir=in localport=21

    2) Activate firewall application filter for FTP (aka Stateful FTP) that will dynamically open ports for data connections

    netsh advfirewall set global StatefulFtp enable

    http://blogs.iis.net/jaroslad/windows-firewall-setup-for-microsoft-ftp-publishing-service-for-iis-7-0




    1



    0

Leave a Reply