PrepAway - Latest Free Exam Questions & Answers

Which of the following should the administrator use?

During a security assessment, an administrator wishes to see which services are running on a remote server. Which of the following should the administrator use?

PrepAway - Latest Free Exam Questions & Answers

A.
Port scanner

B.
Network sniffer

C.
Protocol analyzer

D.
Process list

Explanation:
Different services use different ports. When a service is enabled on a computer, a network port is opened for that service. For example, enabling the HTTP service
on a web server will open port 80 on the server. By determining which ports are open on a remote server, we can determine which services are running on that
server.
A port scanner is a software application designed to probe a server or host for open ports. This is often used by administrators to verify security policies of their
networks and by attackers to identify running services on a host with the view to compromise it. A port scan or portscan can be defined as a process that sends
client requests to a range of server port addresses on a host, with the goal of finding an active port. While not a nefarious process in and of itself, it is one used by
hackers to probe target machine services with the aim of exploiting a known vulnerability of that service. However the majority of uses of a port scan are not attacks
and are simple probes to determine services available on a remote machine.
Incorrect Answers:
B: A network sniffer is another name for a protocol analyzer. A Protocol Analyzer is a hardware device or more commonly a software program used to capture
network data communications sent between devices on a network. It may be possible to determine which services are open on a server by analyzing the network
traffic to and from the server. However, it would be administratively difficult. A port scanner is a much simpler solution. Therefore, this answer is incorrect.
C: A Protocol Analyzer is a hardware device or more commonly a software program used to capture network data communications sent between devices on a
network. It may be possible to determine which services are open on a server by analyzing the network traffic to and from the server. However, it would be
administratively difficult. A port scanner is a much simpler solution. Therefore, this answer is incorrect.
D: A process list would list all processes running on a computer, including services. However, this question is asking about a remote server. It would be difficult to
obtain a process list from a remote server without having full access to the server. You can scan the server for open ports without having full access to the server.
Therefore, this answer is incorrect.

http://en.wikipedia.org/wiki/Port_scanner


Leave a Reply