PT0-002 Question #216: Real Exam Question with Answer & Explanation

Question

A consultant just performed a SYN scan of all the open ports on a remote host and now needs to remotely identify the type of services that are running on the host. Which of the following is an active reconnaissance tool that would be BEST to use to accomplish this task?

Options

• Atcpdump
• BSnort
• CNmap
• DNetstat
• EFuzzer

Explanation

To identify the types of services running on open ports after a SYN scan, Nmap is the best active reconnaissance tool due to its robust service version detection capabilities.

Common mistakes.

• A. Tcpdump is a packet analyzer used for passive network monitoring and traffic capture, not for actively scanning remote hosts to identify running services.
• B. Snort is an intrusion detection/prevention system (IDS/IPS) used for passive traffic analysis and threat detection, not for active service identification on remote hosts.
• D. Netstat is a command-line tool used to display network connections and statistics on the local machine, not for performing remote active reconnaissance of services.
• E. A fuzzer is used for vulnerability testing by sending malformed data to applications, not for the initial identification of service types running on open ports.

Concept tested. Service version detection with Nmap

Reference. https://nmap.org/book/man-service-detection.html

No community discussion yet for this question.