CompTIA PenTest+ (PT0-002) — Question 287

A penetration tester is scanning a customer subnet and wants to scan ports that are known to have only well-known UDP services present. Which of the following can the tester use to scan for SNMP. NTP, NetBIOS, and DNS?

Answer options

• A. nmap -vv -sUV -p 53,123,137-139,161 192.168.1.0/24 -oA udpscan
• B. nmap -vv -sXV -p 53-123,137,139,161 192.168.1.0/24 -oA udpscan
• C. nmap -vv -sTV -p 53, 123, 137-139,161,123 192.168.1.0/24 -oA udpscan
• D. nmap -vv -sUV -p 53-161,192.168.1.0 -oA udpscan

Correct answer: A

Explanation

The correct answer is A because it uses the appropriate nmap flags for a UDP scan (-sUV) and specifies the correct ports for SNMP (161), NTP (123), NetBIOS (137-139), and DNS (53). Option B incorrectly uses the -sXV flag, which is for TCP scans, while option C utilizes the -sTV flag, also meant for TCP. Option D incorrectly includes an IP address in the port specification, which is not valid syntax.