nerdexam
GIAC

GPEN · Question #271

GPEN Question #271: Real Exam Question with Answer & Explanation

The correct answer is B. 139. NetBIOS Session Service operates on TCP port 139 and is the port used to establish NetBIOS null sessions, which allow unauthenticated anonymous connections to Windows resources. Ports 137 and 138 serve NetBIOS Name Service and Datagram Service respectively.

Question

Which of the following ports is used for NetBIOS null sessions?

Options

  • A130
  • B139
  • C143
  • D131

Explanation

NetBIOS Session Service operates on TCP port 139 and is the port used to establish NetBIOS null sessions, which allow unauthenticated anonymous connections to Windows resources. Ports 137 and 138 serve NetBIOS Name Service and Datagram Service respectively.

Common mistakes.

  • A. Port 130 is not assigned to any NetBIOS service; the three NetBIOS ports are 137 (Name Service), 138 (Datagram Service), and 139 (Session Service).
  • C. Port 143 is assigned to IMAP (Internet Message Access Protocol) for email retrieval, and has no association with NetBIOS or null sessions.
  • D. Port 131 is not a standard NetBIOS port and is not used for null sessions or any other NetBIOS function.

Concept tested. NetBIOS null session port and attack surface

Reference. https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/direct-hosting-of-smb-over-tcpip

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GPEN Practice