CompTIA PenTest+ (PT0-003) — Question 142

A penetration tester wants to identify all the TLS versions used in a web service in order to determine potentially insecure versions. Which of the following commands should the tester use?

Answer options

• A. nmap --script ssl-enum-ciphers
• B. curl --tls-max 3
• C. wget --server-response
• D. openssl version

Correct answer: A

Explanation

The correct command is A, 'nmap --script ssl-enum-ciphers', as it specifically enumerates the supported TLS versions and ciphers of a service. Options B, C, and D do not provide the comprehensive analysis of TLS versions; B restricts the maximum TLS version, C focuses on server responses, and D only displays the OpenSSL version in use.