CompTIA DataX (CNX-001) — Question 52
A network engineer is working on securing the environment in the screened subnet. Before penetration testing, the engineer would like to run a scan on the servers to identify the OS, application versions, and open ports. Which of the following commands should the engineer use to obtain the information?
Answer options
- A. tcpdump -ni eth0 src net 10.10.10.0/28
- B. nmap -A 10.10.10.0/28
- C. nc -v -n 10.10.10.x 1-1000
- D. hping3 -1 10.10.10.x -rand-dest -I eth0
Correct answer: B
Explanation
The correct answer is B, as 'nmap -A' is specifically designed for advanced network scanning, allowing the identification of OS, application versions, and open ports. Option A uses tcpdump, which is primarily for packet capturing, not for scanning. Option C uses netcat, which is not capable of performing comprehensive scans like nmap. Option D utilizes hping3 for sending custom TCP/IP packets, which is not intended for the same purpose as nmap.