Version 4.1 - 3.6 FTP and SFTP
This is another topic that you should already know. If you are at the point where you're studying for the CCIE Security Written, you should really know FTP (and SFTP). The Wikipedia page is a good place to start. In the interest of time (mine), I'm going to lightly cover this and basically point out the highlights.
You should know the difference (and the ports) for active vs passive mode. You should know that (active) FTP uses two ports - tcp port 20 for data and tcp port 21 for control/command. Passive mode uses the command PASV. Know the difference between a binary and ascii transfer. You should probably know the FTP Commands. Most notably, you should know "USER" and "PASS" - because you can use those commands to find/filter usernames and passwords in Wireshark. FTP will send those in clear text - remember this is an old protocol that was created in the time when the entire Internet knew each other by name. [Don't forget anonymous ftp.]
Other than those basic things about FTP itself, you should probably know the difference between SFTP and FTPS. That seems like a "tricky" question that someone would think to ask. SFTP is FTP over SSH - whereas FTPS is FTP over SSL. As we have noted multiple times here, SSL is pretty broken and obsolete. I remember FTPS being around for a while, but now if you're talking about securing FTP, you're going to use SFTP. It uses tcp port 22 (SSH).
The other thing you should know are the vulnerabilities of FTP:
# Brute Force Attack
# FTP Bounce Attack
# Packet capture
# Port stealing
# Spoofing attack
# Username enumeration
Other than that, I think this topic itself is a bit thin for any kind of deep questions. I would think that instead of asking a direct question on ftp itself, this may crop up in some form of an access-list question. Be prepared to detect that - with a scenario to secure specific ftp/sftp traffic and access-list configurations to select.