GCIH · Question #648
Observe the following command; what is the analyst doing?
The correct answer is C. Determining what services are running on 192.168.230.138. The command shown performs a service and version enumeration scan against a target host, a core step in network reconnaissance.
Question
Observe the following command; what is the analyst doing?
Options
- AConnecting to an SMB share on 192.168.230.138
- BListing active network connections to 192.168.230.138
- CDetermining what services are running on 192.168.230.138
- DAcquiring a memory image from 192.168.230.138
How the community answered
(40 responses)- A3% (1)
- B3% (1)
- C95% (38)
Why each option
The command shown performs a service and version enumeration scan against a target host, a core step in network reconnaissance.
Connecting to an SMB share requires a tool like smbclient and targets port 445 specifically, not a general port and service scanner.
Listing active connections is done with local commands like netstat or ss, which show the current machine's sockets, not a remote host's running services.
Tools like nmap with the -sV or -A flag probe open ports on a target host to identify which services and software versions are running. This is standard service enumeration, allowing an analyst to map the attack surface or verify what is listening on a remote system.
Memory acquisition requires specialized forensic tools such as WinPmem or LiME and cannot be performed with a network scanning utility.
Concept tested: nmap service version detection and enumeration
Source: https://nmap.org/book/man-version-detection.html
Topics
Community Discussion
No community discussion yet for this question.