nerdexam
Cisco

210-255 · Question #54

Which element can be used by a threat actor to discover a possible opening into a target network and can also be used by an analyst to determine the protocol of the malicious traffic?

The correct answer is B. ports. Port numbers are directly mapped to specific protocols and services, making them the key element for both threat actors scanning for vulnerable entry points and analysts identifying the protocol used in malicious traffic.

Network Intrusion Analysis

Question

Which element can be used by a threat actor to discover a possible opening into a target network and can also be used by an analyst to determine the protocol of the malicious traffic?

Options

  • ATTLs
  • Bports
  • CSMTP replies
  • DIP addresses

How the community answered

(49 responses)
  • A
    4% (2)
  • B
    94% (46)
  • D
    2% (1)

Why each option

Port numbers are directly mapped to specific protocols and services, making them the key element for both threat actors scanning for vulnerable entry points and analysts identifying the protocol used in malicious traffic.

ATTLs

TTL values are used for OS fingerprinting and preventing routing loops, but do not directly identify application protocols or reveal specific vulnerable services.

BportsCorrect

Port numbers are assigned to specific protocols and services by IANA - for example, port 22 maps to SSH, port 80 to HTTP, and port 443 to HTTPS. Threat actors perform port scans to discover open services that represent potential attack surfaces or unauthorized entry points into a target network. Analysts can examine destination port numbers in captured traffic to identify the protocol in use, even when deep packet inspection is not available.

CSMTP replies

SMTP replies are specific to email communication and cannot serve as a general mechanism for discovering entry points across diverse services or identifying arbitrary malicious protocols.

DIP addresses

IP addresses identify source and destination hosts in network communication but do not inherently indicate the protocol or service being used in the traffic.

Concept tested: Port numbers for protocol identification and attack surface discovery

Source: https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml

Topics

#ports#network reconnaissance#protocol analysis#threat actor techniques

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice