The SecOps Group Exam CNSP Topic 12 Question 4 Discussion

Actual exam question for The SecOps Group's CNSP exam

Question #: 4
Topic #: 12

[All CNSP Questions]

If you find the 111/TCP port open on a Unix system, what is the next logical step to take?

ARun 'rpcinfo -p <hostname>' to enumerate the RPC services.

BTelnet to the port to look for a banner.

CTelnet to the port, send 'GET / HTTP/1.0' and gather information from the response.

DNone of the above.

Show Suggested Answer

Suggested Answer: A

Port 111/TCP is the default port for the RPC (Remote Procedure Call) portmapper service on Unix systems, which registers and manages RPC services.

Why A is correct: Running rpcinfo -p <hostname> queries the portmapper to list all registered RPC services, their programs, versions, and associated ports. This is a logical next step during a security audit or penetration test to identify potential vulnerabilities (e.g., NFS or NIS services). CNSP recommends this command for RPC enumeration.

Why other options are incorrect:

B . Telnet to the port to look for a banner: Telnet might connect, but RPC services don't typically provide a human-readable banner, making this less effective than rpcinfo.

C . Telnet to the port, send 'GET / HTTP/1.0' and gather information from the response: Port 111 is not an HTTP service, so an HTTP request is irrelevant and will likely fail.

D . None of the above: Incorrect, as A is a valid and recommended step.

by Claribel at Mar 23, 2025, 01:25 PM

Limited Time Offer

25%

12 days ago

I think the next logical step is to run 'rpcinfo -p ' to enumerate the RPC services.

upvoted 0 times

...