CompTIA Security Plus Mock Test Q655

During a security assessment, an administrator wishes to see which services are running on a remote server. Which of the following should the administrator use?

A. Port scanner
B. Network sniffer
C. Protocol analyzer
D. Process list


Correct Answer: A
Section: Threats and Vulnerabilities

Explanation:
Different services use different ports. When a service is enabled on a computer, a network port is opened for that service. For example, enabling the HTTP service on a web server will
open port 80 on the server. By determining which ports are open on a remote server, we can determine which services are running on that server.
A port scanner is a software application designed to probe a server or host for open ports. This is often used by administrators to verify security policies of their networks and by
attackers to identify running services on a host with the view to compromise it.
A port scan or portscan can be defined as a process that sends client requests to a range of server port addresses on a host, with the goal of finding an active port. While not a
nefarious process in and of itself, it is one used by hackers to probe target machine services with the aim of exploiting a known vulnerability of that service. However the majority of
uses of a port scan are not attacks and are simple probes to determine services available on a remote machine.

Incorrect Answers:
B: A network sniffer is another name for a protocol analyzer. A Protocol Analyzer is a hardware device or more commonly a software program used to capture network data
communications sent between devices on a network. It may be possible to determine which services are open on a server by analyzing the network traffic to and from the server.
However, it would be administratively difficult. A port scanner is a much simpler solution.
C: A Protocol Analyzer is a hardware device or more commonly a software program used to capture network data communications sent between devices on a network. It may be
possible to determine which services are open on a server by analyzing the network traffic to and from the server. However, it would be administratively difficult. A port scanner is a
much simpler solution.
D: A process list would list all processes running on a computer, including services. However, this question is asking about a remote server. It would be difficult to obtain a process list
from a remote server without having full access to the server. You can scan the server for open ports without having full access to the server.

References:
http://en.wikipedia.org/wiki/Port_scanner