EC-Council
312-50V9 · Question #449
312-50V9 Question #449: Real Exam Question with Answer & Explanation
The correct answer is D: The host is likely a printer.. The combination of open ports 515 (LPD), 631 (IPP), and 9100 (raw/JetDirect printing) strongly identifies the target as a network printer rather than a general-purpose OS.
Question
A penetration tester is conducting a port scan on a specific host. The tester found several ports opened that were confusing in concluding the Operating System (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS? Starting NMAP 5.21 at 2011-03-15 11:06 NMAP scan report for 172.16.40.65 Host is up (1.00s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 515/tcp open 631/tcp open ipp 9100/tcp open MAC Address: 00:00:48:0D:EE:89
Options
- AThe host is likely a Windows machine.
- BThe host is likely a Linux machine.
- CThe host is likely a router.
- DThe host is likely a printer.
Explanation
The combination of open ports 515 (LPD), 631 (IPP), and 9100 (raw/JetDirect printing) strongly identifies the target as a network printer rather than a general-purpose OS.
Common mistakes.
- A. Windows systems do not natively open ports 515, 631, or 9100; these are printer-specific ports not associated with a standard Windows install.
- B. While Linux can run LPD and IPP services, having all three printing ports open simultaneously alongside FTP, Telnet, and NetBIOS is characteristic of embedded printer firmware, not a Linux OS installation.
- C. Routers typically expose ports for management protocols such as 22, 23, 80, and 161 (SNMP), and would not open printing-specific ports like 515, 631, or 9100.
Concept tested. Network port analysis for device identification
Reference. https://nmap.org/book/toc.html
Community Discussion
No community discussion yet for this question.