nerdexam
GIAC

GPEN · Question #44

GPEN Question #44: Real Exam Question with Answer & Explanation

The correct answer is B. nmap -v -O 208.100.2.25. The nmap command with the -O flag performs OS fingerprinting and is a standard information-gathering technique. Plain netcat connections to individual ports do not provide systematic host enumeration.

Question

John works as a contract Ethical Hacker. He has recently got a project to do security checking for in the information gathering step. Which of the following commands will he use to accomplish the task? Each correct answer represents a complete solution. Choose two.

Options

  • Anc 208.100.2.25 23
  • Bnmap -v -O 208.100.2.25
  • Cnc -v -n 208.100.2.25 80

Explanation

The nmap command with the -O flag performs OS fingerprinting and is a standard information-gathering technique. Plain netcat connections to individual ports do not provide systematic host enumeration.

Common mistakes.

  • A. The command 'nc 208.100.2.25 23' opens a raw TCP connection to the Telnet port only and does not enumerate ports, fingerprint the OS, or gather broader host information.
  • C. The command 'nc -v -n 208.100.2.25 80' connects only to HTTP port 80 and at most retrieves a single service banner, providing no OS-level fingerprinting or multi-port enumeration needed for comprehensive information gathering.

Concept tested. Nmap OS detection for network information gathering

Reference. https://nmap.org/book/man-os-detection.html

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GPEN Practice