Cisco
210-255 · Question #54
210-255 Question #54: Real Exam Question with Answer & Explanation
The correct answer is B: ports. Port numbers are directly mapped to specific protocols and services, making them the key element for both threat actors scanning for vulnerable entry points and analysts identifying the protocol used in malicious traffic.
Question
Which element can be used by a threat actor to discover a possible opening into a target network and can also be used by an analyst to determine the protocol of the malicious traffic?
Options
- ATTLs
- Bports
- CSMTP replies
- DIP addresses
Explanation
Port numbers are directly mapped to specific protocols and services, making them the key element for both threat actors scanning for vulnerable entry points and analysts identifying the protocol used in malicious traffic.
Common mistakes.
- A. TTL values are used for OS fingerprinting and preventing routing loops, but do not directly identify application protocols or reveal specific vulnerable services.
- C. SMTP replies are specific to email communication and cannot serve as a general mechanism for discovering entry points across diverse services or identifying arbitrary malicious protocols.
- D. IP addresses identify source and destination hosts in network communication but do not inherently indicate the protocol or service being used in the traffic.
Concept tested. Port numbers for protocol identification and attack surface discovery
Reference. https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml
Community Discussion
No community discussion yet for this question.