nerdexam
Cisco

210-255 · Question #32

Which two options can be used by a threat actor to determine the role of a server? (Choose two.)

The correct answer is C. running processes E. applications. Running processes and installed applications both directly expose what services a server provides, making them primary reconnaissance targets for identifying a server's role.

Host-Based Analysis

Question

Which two options can be used by a threat actor to determine the role of a server? (Choose two.)

Options

  • APCAP
  • Btracert
  • Crunning processes
  • Dhard drive configuration
  • Eapplications

How the community answered

(31 responses)
  • A
    10% (3)
  • B
    6% (2)
  • C
    81% (25)
  • D
    3% (1)

Why each option

Running processes and installed applications both directly expose what services a server provides, making them primary reconnaissance targets for identifying a server's role.

APCAP

PCAP (packet capture) records network traffic and can reveal communication patterns, but it does not directly enumerate the services or software defining a server's role without substantial additional analysis.

Btracert

Traceroute (tracert) maps network path hops and round-trip latency between hosts but provides no information about what role or services the destination server is running.

Crunning processesCorrect

Running processes reveal active services (e.g., httpd, mysqld, sshd) that directly indicate the server's function, and enumerating them is a well-documented discovery technique catalogued under MITRE ATT&CK T1057.

Dhard drive configuration

Hard drive configuration reveals storage partitioning and volume layout but does not directly indicate what services or applications the server is running or what role it fulfills.

EapplicationsCorrect

Installed applications expose the full software stack and configured services on a server, allowing a threat actor to infer specific roles such as web server, database server, or mail server from the application inventory.

Concept tested: Threat actor reconnaissance techniques for identifying server roles

Source: https://attack.mitre.org/techniques/T1518/

Topics

#server fingerprinting#running processes#reconnaissance#threat actor

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice