210-255 · Question #54
Which element can be used by a threat actor to discover a possible opening into a target network and can also be used by an analyst to determine the protocol of the malicious traffic?
The correct answer is B. ports. Port numbers are directly mapped to specific protocols and services, making them the key element for both threat actors scanning for vulnerable entry points and analysts identifying the protocol used in malicious traffic.
Question
Which element can be used by a threat actor to discover a possible opening into a target network and can also be used by an analyst to determine the protocol of the malicious traffic?
Options
- ATTLs
- Bports
- CSMTP replies
- DIP addresses
How the community answered
(49 responses)- A4% (2)
- B94% (46)
- D2% (1)
Why each option
Port numbers are directly mapped to specific protocols and services, making them the key element for both threat actors scanning for vulnerable entry points and analysts identifying the protocol used in malicious traffic.
TTL values are used for OS fingerprinting and preventing routing loops, but do not directly identify application protocols or reveal specific vulnerable services.
Port numbers are assigned to specific protocols and services by IANA - for example, port 22 maps to SSH, port 80 to HTTP, and port 443 to HTTPS. Threat actors perform port scans to discover open services that represent potential attack surfaces or unauthorized entry points into a target network. Analysts can examine destination port numbers in captured traffic to identify the protocol in use, even when deep packet inspection is not available.
SMTP replies are specific to email communication and cannot serve as a general mechanism for discovering entry points across diverse services or identifying arbitrary malicious protocols.
IP addresses identify source and destination hosts in network communication but do not inherently indicate the protocol or service being used in the traffic.
Concept tested: Port numbers for protocol identification and attack surface discovery
Source: https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml
Topics
Community Discussion
No community discussion yet for this question.