CompTIA
CAS-002 · Question #321
CAS-002 Question #321: Real Exam Question with Answer & Explanation
The correct answer is D: NMAP. Verifying that a specific port is open and a service is actively listening requires a port-scanning tool, not a connectivity or name-resolution utility.
Question
The security engineer receives an incident ticket from the helpdesk stating that DNS lookup requests are no longer working from the office. The network team has ensured that Layer 2 and Layer 3 connectivity are working. Which of the following tools would a security engineer use to make sure the DNS server is listening on port 53?
Options
- APING
- BNESSUS
- CNSLOOKUP
- DNMAP
Explanation
Verifying that a specific port is open and a service is actively listening requires a port-scanning tool, not a connectivity or name-resolution utility.
Common mistakes.
- A. PING uses ICMP echo requests to test Layer 3 reachability and provides no information about whether any specific TCP or UDP port is open.
- B. Nessus is a vulnerability scanner used for detecting security weaknesses, not a targeted tool for quickly verifying a single port's listening state.
- C. NSLOOKUP sends actual DNS queries and reports resolution results, but it cannot confirm whether the DNS daemon is listening on port 53 if the service is unresponsive or misconfigured.
Concept tested. Using NMAP to verify service port availability
Reference. https://nmap.org/book/man-port-scanning-basics.html
Community Discussion
No community discussion yet for this question.