312-50V13 · Question #207
312-50V13 Question #207: Real Exam Question with Answer & Explanation
The correct answer is B: nmap -Pn -sU -p 44818 --script enip-info < Target IP >. The Nmap command nmap -Pn -sU -p 44818 --script enip-info <Target IP> is used to identify Ethernet/IP devices and gather detailed information from them on OT networks.
Question
Jim, a professional hacker, targeted an organization that is operating critical Industrial Infrastructure. Jim used Nmap to scan open pons and running services on systems connected to the organization's OT network. He used an Nmap command to identify Ethernet/IP devices connected to the Internet and further gathered Information such as the vendor name, product code and name, device name, and IP address. Which of the following Nmap commands helped Jim retrieve the required information?
Options
- Anmap -Pn -sT --scan-delay 1s --max-parallelism 1 -p < Port List > < Target IP >
- Bnmap -Pn -sU -p 44818 --script enip-info < Target IP >
- Cnmap -Pn -sT -p 46824 < Target IP >
- Dnmap -Pn -sT -p 102 --script s7-info < Target IP >
Explanation
The Nmap command nmap -Pn -sU -p 44818 --script enip-info <Target IP> is used to identify Ethernet/IP devices and gather detailed information from them on OT networks.
Common mistakes.
- A. This command uses a generic TCP scan (
-sT) and does not include the specific NSE script required to query Ethernet/IP devices for detailed information. - C. This command is a generic TCP scan (
-sT) on port 46824, which is not the standard port for Ethernet/IP (CIP), and it lacks the necessary NSE script for information gathering. - D. The
--script s7-infois used for Siemens S7 PLC devices, typically on TCP port 102, not for generic Ethernet/IP devices.
Concept tested. Nmap Scripting Engine (NSE) for ICS/OT reconnaissance
Topics
Community Discussion
No community discussion yet for this question.