nerdexam
Exams312-50V9Questions#554
EC-Council

312-50V9 · Question #554

312-50V9 Question #554: Real Exam Question with Answer & Explanation

The correct answer is D: 139 and 445. Null sessions in Windows environments exploit unauthenticated anonymous connections over NetBIOS and SMB, which operate on ports 139 and 445.

Question

Null sessions are un-authenticated connections (not using a username or password.) to an NT or 2000 system. Which TCP and UDP ports must you filter to check null sessions on your network?

Options

  • A137 and 139
  • B137 and 443
  • C139 and 443
  • D139 and 445

Explanation

Null sessions in Windows environments exploit unauthenticated anonymous connections over NetBIOS and SMB, which operate on ports 139 and 445.

Common mistakes.

  • A. Port 137 is the NetBIOS Name Service used for name resolution queries, not for establishing null sessions; null sessions require session-layer ports 139 and 445.
  • B. Port 443 is HTTPS (SSL/TLS web traffic) and has no role in null session establishment; it is unrelated to NetBIOS or SMB communication.
  • C. Port 443 is HTTPS and is unrelated to null sessions; filtering only port 139 is insufficient because modern Windows systems also accept direct SMB connections on port 445.

Concept tested. Windows null session attack vectors and port filtering

Reference. https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/restrict-null-sessions

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V9 Practice