210-255 · Question #32
Which two options can be used by a threat actor to determine the role of a server? (Choose two.)
The correct answer is C. running processes E. applications. Running processes and installed applications both directly expose what services a server provides, making them primary reconnaissance targets for identifying a server's role.
Question
Which two options can be used by a threat actor to determine the role of a server? (Choose two.)
Options
- APCAP
- Btracert
- Crunning processes
- Dhard drive configuration
- Eapplications
How the community answered
(31 responses)- A10% (3)
- B6% (2)
- C81% (25)
- D3% (1)
Why each option
Running processes and installed applications both directly expose what services a server provides, making them primary reconnaissance targets for identifying a server's role.
PCAP (packet capture) records network traffic and can reveal communication patterns, but it does not directly enumerate the services or software defining a server's role without substantial additional analysis.
Traceroute (tracert) maps network path hops and round-trip latency between hosts but provides no information about what role or services the destination server is running.
Running processes reveal active services (e.g., httpd, mysqld, sshd) that directly indicate the server's function, and enumerating them is a well-documented discovery technique catalogued under MITRE ATT&CK T1057.
Hard drive configuration reveals storage partitioning and volume layout but does not directly indicate what services or applications the server is running or what role it fulfills.
Installed applications expose the full software stack and configured services on a server, allowing a threat actor to infer specific roles such as web server, database server, or mail server from the application inventory.
Concept tested: Threat actor reconnaissance techniques for identifying server roles
Source: https://attack.mitre.org/techniques/T1518/
Topics
Community Discussion
No community discussion yet for this question.