nerdexam
EC-Council

312-50V11 · Question #932

In order to tailor your tests during a web-application scan, you decide to determine which web- server version is hosting the application. On using the sV flag with Nmap. you obtain the following resp

The correct answer is B. Banner grabbing. Banner grabbing is the technique of reading service response headers or banners to identify the software type and version running on a target system, which is exactly what Nmap's -sV flag performs.

Scanning Networks

Question

In order to tailor your tests during a web-application scan, you decide to determine which web- server version is hosting the application. On using the sV flag with Nmap. you obtain the following response:

80/tcp open http-proxy Apache Server 7.1.6 What Information-gathering technique does this best describe?

Options

  • AWhOiS lookup
  • BBanner grabbing
  • CDictionary attack
  • DBrute forcing

How the community answered

(53 responses)
  • A
    4% (2)
  • B
    92% (49)
  • C
    2% (1)
  • D
    2% (1)

Why each option

Banner grabbing is the technique of reading service response headers or banners to identify the software type and version running on a target system, which is exactly what Nmap's -sV flag performs.

AWhOiS lookup

A WHOIS lookup queries domain registration databases for ownership and contact information, not web server version details returned by a live service.

BBanner grabbingCorrect

Banner grabbing is an information-gathering technique where an attacker connects to an open port and reads the service banner returned by the server to determine the software and version. Nmap's -sV (version detection) flag probes open ports and interprets the responses - in this case retrieving 'Apache Server 7.1.6' directly from the HTTP service banner on port 80.

CDictionary attack

A dictionary attack attempts authentication by systematically trying words from a predefined wordlist, which is not involved in reading service version banners.

DBrute forcing

Brute forcing systematically tries all possible credential combinations to gain unauthorized access, not to passively identify service versions.

Concept tested: Nmap service version detection and banner grabbing

Source: https://nmap.org/book/man-version-detection.html

Topics

#banner grabbing#Nmap#service version detection#information gathering

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice