PT0-001 Question #165: Real Exam Question with Answer & Explanation

The correct answer is B: nmap -T4 -v -iL /tmp/list .txt -Pn --script smb-os-disccvery. The smb-os-discovery NSE script queries SMB (port 445/139) to extract OS name, version, and domain information from Windows hosts - exactly what the question asks for. Option B is correct: -T4 sets aggressive timing, -v enables verbose output, -iL /tmp/list.txt reads targets from

Reconnaissance and enumeration

Question

A consultant is identifying versions of Windows operating systems on a network Which of the following Nmap commands should the consultant run?

Options

Anmap -T4 -v -sU -iL /tmp/list.txt -Pn --script smb-system-info
Bnmap -T4 -v -iL /tmp/list .txt -Pn --script smb-os-disccvery
Cnmap -T4 -v -6 -iL /tmp/liat.txt -Pn --script smb-os-discovery -p 135-139
Dnmap -T4 -v --script smb-system-info 192.163.1.0/24

Explanation

The smb-os-discovery NSE script queries SMB (port 445/139) to extract OS name, version, and domain information from Windows hosts - exactly what the question asks for. Option B is correct: -T4 sets aggressive timing, -v enables verbose output, -iL /tmp/list.txt reads targets from a file, -Pn skips host discovery (treats all hosts as online), and --script smb-os-discovery runs the correct script. Option A uses smb-system-info (a different, less focused script) combined with -sU (UDP scan), which is wrong for SMB-based OS discovery. Option C includes -6 (IPv6 mode), which is unnecessary and would restrict scanning to IPv6 targets, plus limiting ports to 135-139 may miss port 445. Option D uses smb-system-info instead of smb-os-discovery and lacks the -iL flag to read from the target list file.

Topics

#Nmap#OS fingerprinting#SMB#network scanning

Community Discussion

No community discussion yet for this question.

Full PT0-001 Practice