312-50V10 · Question #42
Which of the following provides a security professional with most information about the system's security posture?
The correct answer is D. Port scanning, banner grabbing, service identification. Port scanning, banner grabbing, and service identification provide direct technical evidence of exposed services, software versions, and potential vulnerabilities that reflect a system's true security posture.
Question
Which of the following provides a security professional with most information about the system's security posture?
Options
- AWardriving, warchalking, social engineering
- BSocial engineering, company site browsing, tailgating
- CPhishing, spamming, sending trojans
- DPort scanning, banner grabbing, service identification
How the community answered
(33 responses)- A3% (1)
- C3% (1)
- D94% (31)
Why each option
Port scanning, banner grabbing, and service identification provide direct technical evidence of exposed services, software versions, and potential vulnerabilities that reflect a system's true security posture.
Wardriving and warchalking focus on discovering wireless networks, and social engineering targets human behavior - neither directly reveals the technical security posture of a specific system.
Social engineering, company site browsing, and tailgating are reconnaissance and physical access techniques that yield organizational information but not technical system security details.
Phishing, spamming, and sending trojans are offensive attack delivery methods, not reconnaissance or assessment techniques used to evaluate security posture.
Port scanning reveals which services are listening on a target, banner grabbing identifies specific software and version information, and service identification maps the full attack surface. Together these techniques give a security professional concrete, actionable data about vulnerabilities and misconfigured services that directly reflect the system's security posture.
Concept tested: Active reconnaissance techniques for security assessment
Source: https://csrc.nist.gov/publications/detail/sp/800-115/final
Topics
Community Discussion
No community discussion yet for this question.