CompTIA CASP+ (CAS-002) — Question 4

The security engineer receives an incident ticket from the helpdesk stating that DNS lookup requests are no longer working from the office. The network team has ensured that Layer 2 and Layer 3 connectivity are working. Which of the following tools would a security engineer use to make sure the DNS server is listening on port 53?

Answer options

• A. PING
• B. NESSUS
• C. NSLOOKUP
• D. NMAP

Correct answer: D

Explanation

The correct answer is D, NMAP, as it is designed to scan networks and can check if a specific port, such as 53 for DNS, is open and listening. PING (A) checks for host availability but does not assess port status, while NESSUS (B) is primarily a vulnerability scanner and not intended for port checking. NSLOOKUP (C) is used for querying DNS records but does not test if the DNS service is actively listening on the specified port.