nerdexam
EC-Council

312-50V10 · Question #42

Which of the following provides a security professional with most information about the system's security posture?

The correct answer is D. Port scanning, banner grabbing, service identification. Port scanning, banner grabbing, and service identification provide direct technical evidence of exposed services, software versions, and potential vulnerabilities that reflect a system's true security posture.

Scanning Networks

Question

Which of the following provides a security professional with most information about the system's security posture?

Options

  • AWardriving, warchalking, social engineering
  • BSocial engineering, company site browsing, tailgating
  • CPhishing, spamming, sending trojans
  • DPort scanning, banner grabbing, service identification

How the community answered

(33 responses)
  • A
    3% (1)
  • C
    3% (1)
  • D
    94% (31)

Why each option

Port scanning, banner grabbing, and service identification provide direct technical evidence of exposed services, software versions, and potential vulnerabilities that reflect a system's true security posture.

AWardriving, warchalking, social engineering

Wardriving and warchalking focus on discovering wireless networks, and social engineering targets human behavior - neither directly reveals the technical security posture of a specific system.

BSocial engineering, company site browsing, tailgating

Social engineering, company site browsing, and tailgating are reconnaissance and physical access techniques that yield organizational information but not technical system security details.

CPhishing, spamming, sending trojans

Phishing, spamming, and sending trojans are offensive attack delivery methods, not reconnaissance or assessment techniques used to evaluate security posture.

DPort scanning, banner grabbing, service identificationCorrect

Port scanning reveals which services are listening on a target, banner grabbing identifies specific software and version information, and service identification maps the full attack surface. Together these techniques give a security professional concrete, actionable data about vulnerabilities and misconfigured services that directly reflect the system's security posture.

Concept tested: Active reconnaissance techniques for security assessment

Source: https://csrc.nist.gov/publications/detail/sp/800-115/final

Topics

#security assessment#port scanning#banner grabbing#service identification

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice