PT0-003 · Question #251
PT0-003 Question #251: Real Exam Question with Answer & Explanation
The correct answer is A: nmap --script ssl-enum-ciphers. Explanation nmap --script ssl-enum-ciphers is correct because it uses Nmap's scripting engine to actively probe a target web service and enumerate all supported SSL/TLS versions and cipher suites, giving the tester a complete picture of which potentially insecure protocols (e.g.,
Question
A penetration tester wants to identify all the TLS versions used in a web service in order to determine potentially insecure versions. Which of the following commands should the tester use?
Options
- Anmap --script ssl-enum-ciphers
- Bcurl --tls-max 3
- Cwget --server-response
- Dopenssl version
Explanation
Explanation
nmap --script ssl-enum-ciphers is correct because it uses Nmap's scripting engine to actively probe a target web service and enumerate all supported SSL/TLS versions and cipher suites, giving the tester a complete picture of which potentially insecure protocols (e.g., SSLv3, TLS 1.0) are enabled. Option B (curl --tls-max 3) simply sets a maximum TLS version for a single connection attempt rather than enumerating all supported versions. Option C (wget --server-response) only retrieves HTTP response headers and provides no SSL/TLS version enumeration. Option D (openssl version) merely displays the version of the locally installed OpenSSL library - it tells you nothing about what a remote server supports.
Memory Tip: Think "nmap scripts = reconnaissance" - whenever an exam question asks about enumerating or discovering service configurations on a remote target, Nmap's --script option (NSE) is almost always the right tool. The keyword "enum" in ssl-enum-ciphers is a direct giveaway that this script is built for enumeration.
Topics
Community Discussion
No community discussion yet for this question.