Which items are examples of insecure services, protocols, or ports?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the PCI Data Security Standard Exam. Master your knowledge with interactive flashcards and multiple-choice questions, each with hints and explanations. Prepare confidently for your certification test!

Multiple Choice

Which items are examples of insecure services, protocols, or ports?

Explanation:
In PCI contexts, insecure services, protocols, or ports are ones that transmit data or credentials in the clear or rely on weak authentication, making them easy targets for eavesdropping or tampering. The set of items listed first includes several classic examples of such insecure options: FTP and Telnet both send all data, including usernames and passwords, without encryption, so any intercepted traffic can reveal sensitive information. POP3 and IMAP, when used without encryption, likewise transmit credentials in plaintext. SNMP versions 1 and 2 use community strings that travel in the clear, offering little protection against sniffing or unauthorized access. Because these protocols lack robust in-transit security, they’re considered insecure and should be avoided or replaced with secure alternatives (like SSH instead of Telnet, HTTPS/IMAPS/FTPS equivalents, or SNMPv3 for strong authentication and encryption). The other choices describe protocols and services that are designed with encryption or stronger authentication, so they’re not categorized as insecure.

In PCI contexts, insecure services, protocols, or ports are ones that transmit data or credentials in the clear or rely on weak authentication, making them easy targets for eavesdropping or tampering. The set of items listed first includes several classic examples of such insecure options: FTP and Telnet both send all data, including usernames and passwords, without encryption, so any intercepted traffic can reveal sensitive information. POP3 and IMAP, when used without encryption, likewise transmit credentials in plaintext. SNMP versions 1 and 2 use community strings that travel in the clear, offering little protection against sniffing or unauthorized access. Because these protocols lack robust in-transit security, they’re considered insecure and should be avoided or replaced with secure alternatives (like SSH instead of Telnet, HTTPS/IMAPS/FTPS equivalents, or SNMPv3 for strong authentication and encryption). The other choices describe protocols and services that are designed with encryption or stronger authentication, so they’re not categorized as insecure.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy