Systems Security Certified Practitioner – SSCP – Question0996

What is the primary reason why some sites choose not to implement Trivial File Transfer Protocol (TFTP)?

A.
It is too complex to manage user access restrictions under TFTP
B. Due to the inherent security risks
C. It does not offer high level encryption like FTP
D. It cannot support the Lightwight Directory Access Protocol (LDAP)

Correct Answer: B

Explanation:

Some sites choose not to implement Trivial File Transfer Protocol (TFTP) due to the inherent security risks. TFTP is a UDP-based file transfer program that provides no security. There is no user authentication.
Source: KRUTZ, Ronald L. & VINES, Russel D., The CISSP Prep Guide: Mastering the Ten Domains of Computer Security, 2001, John Wiley & Sons, Page 88.