CBK
Explicitly in CBK / Study Guide
▼
| Port | Transport | Service | Exam Notes | |
|---|---|---|---|---|
| 22 | TCP | SSH / SFTPSecure Shell | Secure CLI access to remote systems; jumpbox/bastion host example explicitly in CBK. Port 22 exposure cited as a vulnerability risk — brute-force attack scenario. SFTP also runs over SSH on this same port. | |
| 3389 | TCP | RDPRemote Desktop Protocol | Windows remote admin; also available on macOS, Linux, iOS, Android. CBK highlights MFA and patching as key controls. Active Directory and smart card auth supported. Often targeted by attackers. | |
| 23 | TCP | TelnetInsecure — block this | CBK uses TCP/23 as the explicit example of traffic a stateless firewall should block. Plaintext protocol — no encryption. Should never be used in any cloud environment. | |
| 80 | TCP | HTTPUnencrypted web | CBK explicitly cites 80/443 together as the ports permitted in a production NSG/firewall example. Unencrypted — prefer HTTPS. Appears in WAF and API gateway discussion. | |
| 443 | TCP | HTTPS / TLSEncrypted web | Same CBK production example as port 80. Standard for all web-facing cloud services. SSL VPNs also operate on 443. TLS 1.3 is the current version — earlier versions deprecated or compromised. | |
| 20 | TCP | FTP (data)File Transfer Protocol | CBK stateful firewall example: seeing traffic on port 20 gives the firewall context to permit a dynamically negotiated high port for the actual data transfer. Paired with port 21. | |
| 21 | TCP | FTP (control)File Transfer Protocol | FTP control channel — same CBK stateful firewall example as port 20. FTP also cited as a transport for SOAP. Use SFTP (port 22) or FTPS (port 990) in practice; plain FTP is insecure. | |
| 53 | UDP / TCP | DNSDomain Name System | CBK explicitly states DNS queries use UDP/53; TCP used for zone transfers. Cache poisoning, DNS spoofing, and DNSSEC all discussed in depth. Zone transfers lack authentication by default — a key attack vector. | |
| 67 | UDP | DHCP (server)Dynamic Host Config | DHCP server listens on UDP/67 for DHCPDISCOVER. CBK explicitly covers the DORA process: Discover → Offer → Request → Acknowledge. Misconfigured DHCP can enable DoS or MITM attacks. | |
| 68 | UDP | DHCP (client)Dynamic Host Config | Server sends DHCPOFFER to the client on UDP/68. Explicitly stated alongside port 67 in the CBK DHCP section. DHCPv6 can use IPSec for authentication and encryption. |
GEN
General Knowledge — May Appear in Scenario Questions
▼
| Port | Transport | Service | Exam Notes | |
|---|---|---|---|---|
| 5900 | TCP | VNCVirtual Network Computing | CBK mentions VNC as the Unix/Linux equivalent of RDP for remote admin access — but does not state the port number explicitly. Default port is 5900. | |
| 25 | TCP | SMTPSimple Mail Transfer | Email sending protocol. SMTP named in CBK as a SOAP transport — but port not stated. May appear as context in scenario questions about email-based threats or data exfiltration. | |
| 110 | TCP | POP3Post Office Protocol v3 | Email retrieval — downloads and typically deletes from server. Not explicitly in CBK. Low exam priority; may appear in legacy protocol scenarios. | |
| 143 | TCP | IMAPInternet Message Access | Email retrieval — keeps mail on the server, supports multi-device access. Not explicitly in CBK. Lower priority than SMTP for exam purposes. | |
| 123 | UDP | NTPNetwork Time Protocol | Not in CBK explicitly, but relevant to cloud security: accurate timestamps underpin log integrity, audit trails, and certificate validity. Time synchronisation is a foundational security control. | |
| 161 | UDP | SNMPSimple Network Mgmt | Network device monitoring and management. Not explicitly in CBK. May appear in questions about network monitoring, SIEM data sources, or insecure legacy protocols (SNMPv1/v2 send community strings in plaintext). | |
| 389 | TCP | LDAPLightweight Directory | Directory services and identity lookups. CBK covers directory services and IAM in depth, but does not explicitly state the port. Prefer LDAPS (636) in practice — plain LDAP is unencrypted. | |
| 636 | TCP | LDAPSLDAP over TLS | Secure LDAP over TLS. Not explicitly in CBK but the logical secure counterpart to port 389. Relevant to questions on securing identity/directory traffic in hybrid cloud environments. | |
| 1812 | UDP | RADIUSRemote Auth Dial-In | AAA (Authentication, Authorisation, Accounting) for network access control. Not explicitly in CBK but relevant to identity federation and network access scenarios. Port 1813 used for RADIUS accounting. | |
| 500 | UDP | IKEv2 / IPSecVPN key exchange | CBK explicitly covers IKEv2/IPSec as a VPN protocol (using Diffie–Hellman for session key negotiation) but does not state the port. Also uses UDP 4500 for NAT traversal. | |
| 1194 | UDP / TCP | OpenVPNOpen-source VPN | CBK explicitly names OpenVPN as a VPN option built on OpenSSL, deployable in cloud environments — but does not state the port. Default is UDP/1194; TCP/443 also common for firewall traversal. | |
| 1433 | TCP | MS SQL ServerMicrosoft SQL | Not in CBK, but the CBK's VLAN segmentation example separates web and database tiers — knowing common DB ports is useful context for NSG/firewall rule scenarios. MySQL uses 3306, PostgreSQL 5432. |