nerdexam
Exams200-201Questions#316
CiscoCisco

200-201 · Question #316

200-201 Question #316: Real Exam Question with Answer & Explanation

The correct answer is A: Identified a firewall device preventing the port state from being returned.. From the Nmap scan, the attacker identified the presence of a firewall device actively preventing the true state of ports from being returned, often indicated by a 'filtered' status.

Submitted by zhang_li· Mar 6, 2026Network Intrusion Analysis

Question

Refer to the exhibit. An attacker scanned the server using Nmap. What did the attacker obtain from this scan?

Options

  • AIdentified a firewall device preventing the port state from being returned.
  • BIdentified open SMB ports on the server.
  • CGathered information on processes running on the server.
  • DGathered a list of Active Directory users.

Explanation

From the Nmap scan, the attacker identified the presence of a firewall device actively preventing the true state of ports from being returned, often indicated by a 'filtered' status.

Common mistakes.

  • B. A 'filtered' port state does not identify open ports; it indicates that a device is preventing the port's true state from being determined.
  • C. Nmap's standard port scan does not gather information on processes running on the server; that requires more advanced techniques like OS or service version detection, which are distinct from port state.
  • D. An Nmap port scan does not gather a list of Active Directory users; this would require authentication and directory-specific enumeration tools.

Concept tested. Nmap scan output interpretation (filtered ports)

Reference. https://nmap.org/book/man-port-scanning-basics.html

Topics

#Nmap#Port scanning#Network reconnaissance#Firewall detection

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 200-201 PracticeBrowse All 200-201 Questions