nerdexam
GIAC

GPEN · Question #444

GPEN Question #444: Real Exam Question with Answer & Explanation

The correct answer is C. The target host is running Linux with Samba services. Samba version strings in SMB enumeration output directly identify the target as a Linux or Unix system running the open-source Samba implementation rather than native Windows SMB.

Question

Analyze the command output below. What information can the tester infer directly from the information shown?

Exhibit

GPEN question #444 exhibit

Options

  • AThe administrator account has no password
  • BNull sessions are enabled on the target
  • CThe target host is running Linux with Samba services
  • DAccount lockouts must be reset by the Administrator

Explanation

Samba version strings in SMB enumeration output directly identify the target as a Linux or Unix system running the open-source Samba implementation rather than native Windows SMB.

Common mistakes.

  • A. The presence or absence of a password on the Administrator account cannot be determined from a service banner or basic SMB identification output alone.
  • B. Null session capability is a separate SMB configuration setting that requires a specific successful null connection attempt to confirm, not simply identifying the service type.
  • D. Account lockout reset policies require querying password policy details via tools like rpcclient or 'net accounts', which is distinct from service version identification output.

Concept tested. SMB service fingerprinting and OS identification via Samba banners

Reference. https://www.samba.org/samba/docs/current/man-html/samba.7.html

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GPEN Practice