CompTIA CySA+ (CS0-003) — Question 239

A security analyst needs to identify services in a small, critical infrastructure ICS network. Many components in the network are likely to break if they receive malformed or unusually large requests. Which of the following is the safest method to use when identifying service versions?

Answer options

• A. Use nmap -sV to identify all assets on the network.
• B. Use Burp Suite to conduct service identification.
• C. Use nc to manually perform banner grabbing.
• D. Use Nessus with restricted concurrent connections.

Correct answer: C

Explanation

Using nc for manual banner grabbing is the safest option because it allows for controlled and minimal interaction with the services, reducing the risk of causing disruptions. In contrast, nmap -sV and Burp Suite could send larger or malformed requests that might destabilize the critical infrastructure. Nessus, while useful, may also generate excessive load depending on its configuration, which could lead to service failures.