TCP/80 vs TCP/143

[Russ Troutt]

I was going through practice questions with my students yesterday and we were given the question, "An HTTPS application is secured using the SSL/TLS protocol but should use a different port for unencrypted HTTP. Which port should unencrypted HTTP use"?

We all agreed the answer was TCP/80, but that was incorrect, with the correct answer being TCP/143. I wanted to reach out the community of other instructors here so I could get a better understanding of why the answer was 143 and not 80, not just for myself but for my students as well. From reading the CompTIA A+ book, TCP/143 is HTTP associated with IMAP and reading mail messages on a server mailbox, where TCP/80 is your standard HTTP for unsecure websites. Thanks in advance for any input and clarification as to why the answer to this question is TCP/143 and not TCP/80.

 

[Michael Pawlik]

I think the program got confused and mixed-up mail and internet. This seemed to happen between asking the question and presenting the answers.
Port 80 is HTTP and HTTPS is port 443.

The question might have thought it was talking about securing email, but that isn't the question.

 

[aleibl]

As @Michael Pawlik said, it’s port 80 for unencrypted and port 443 for HTTP over TLS/SSL. The answer text seems to be a mix up of several topics. Just forget this practice question.

 

[Thomas Rawding]

I was going through practice questions with my students yesterday and we were given the question, "An HTTPS application is secured using the SSL/TLS protocol but should use a different port for unencrypted HTTP. Which port should unencrypted HTTP use"?

We all agreed the answer was TCP/80, but that was incorrect, with the correct answer being TCP/143. I wanted to reach out the community of other instructors here so I could get a better understanding of why the answer was 143 and not 80, not just for myself but for my students as well. From reading the CompTIA A+ book, TCP/143 is HTTP associated with IMAP and reading mail messages on a server mailbox, where TCP/80 is your standard HTTP .

The question is poorly worded: "An HTTPS application..." That is the issue. The question should have been worded and referred as "email client application" or "web server". Back in day, some application server ports would be switch from thier default know ports as a security harding measure.

 

[LarryH]

Yes, I agree with Russ. The question mentioned using S/MIME to encrypt email. To receive encrypted email, IMAP uses port 993. Also, SMTP uses 587 to encrypt mail that is being sent.

 

[Jarrel]

The question is poorly worded: "An HTTPS application..." That is the issue. The question should have been worded and referred as "email client application" or "web server". Back in day, some application server ports would be switch from thier default know ports as a security harding measure.

i echo the post of @Thomas Rawding
the "https application" it is referring to is an email application.

Yes, I agree with Russ. The question mentioned using S/MIME to encrypt email. To receive encrypted email, IMAP uses port 993. Also, SMTP uses 587 to encrypt mail that is being sent.

the question mentioned using s/mime? i didn't see that in the screenshot

but if it is indeed in the question, then that would be the hint to answering it.

 

[aleibl]

What when wrong with this question and how it came about is an interesting topic and we may never figure that out for sure. I do sympathise with the need to understand everything, I am like that. Drives my wife crazy at times.

However, for people preparing for the exam the best advise is to just discard this question. Don't waste your precious mental and time resources trying to figure it out. We've all seen bad questions like this in many practice decks and not to dwell on them is the advise I give my students.

Why? If they do that on the test questions (dwell on them for too long) they will do it in the exam and lose too much time.

 

[Jarrel]

that's good advice to students, probably.
but for trainers, we need to get it corrected especially that the material is from CertMaster Learn.

 

[aleibl]

that's good advice to students, probably.
but for trainers, we need to get it corrected especially that the material is from CertMaster Learn.

Absolutely!

 

[admar]

I think that showing by wireshark practices would help deep understand two these protocol. I use always this method with my students when we are using protocols and applications on network

 

[admar]

Port 143 is about (Internet Mail Access Protocol) recieve mail and port 80 is about HTTP no encrypted channel

 

[Michael Pawlik]

Yes, I agree with Russ. The question mentioned using S/MIME to encrypt email. To receive encrypted email, IMAP uses port 993. Also, SMTP uses 587 to encrypt mail that is being sent.

The question did not mention S/MIME or email.

Yes, I agree with Russ. The question mentioned using S/MIME to encrypt email. To receive encrypted email, IMAP uses port 993. Also, SMTP uses 587 to encrypt mail that is being sent.

I do wish the question didn’t have to be so tricky and I wish the explanation would explain what “HTTPS applications”might mean and even further explain the logic behind the question. I realize that CompTIA is trying to test ‘assimilation of knowledge’ where we know the ports and we read the problem and we must create a solution based on the two. There are a lot of questions like this and as an instructor I need to know how to ready my students (not teach them the answers). I’m attending both the 1101 and 1102 TTTs and while the information is good I would love more of the caveat scenarios training.
Anyone know if a good resource on breaking down questions on CompTIA exams?
Obviously, I’m easily derailed by such a simple question. And If I saw S/MIME in the question I would have paid more attention to the HTTPS part.