Scanning for services is an easy job for Bob as there are so many tools available from the Internet. In order for him to check the vulnerability of Brownies Inc., he went through a few scanners that are currently available.
Here are the scanners that he used:
Axent’s NetRecon (http://www.axent.com)
SARA, by Advanced Research Organization (http://www-arc.com/sara/)
VLAD the Scanner, by Razor (http://razor.bindview.com/tools/)
However, are there any other alternative ways to make sure that the services that have been scanned will be more accurately reported and detailed for Bob? What would be the best method to accurately identify the services running on a victim host?

A.
Using a vulnerability scanner to try to probe each port to verify or figure out which service is running for Brownies Inc.

B.
Using Cheops-ng to identify the devices of Brownies Inc.

C.
Using the default port and OS to make a best guess of what services are running on each port for Brownies Inc

D.
Using the manual method of telnet to each of the open ports of Brownies Inc.

Explanation:
By running a telnet connection to the open ports you will receive banners that tells you what service is answering on that specific port.