CREST Practitioner Security Analyst (CPSA) Practice

Disable ads (and more) with a membership for a one time $2.99 payment

Master the CREST Practitioner Security Analyst Exam. Prepare with quizzes and comprehensive study guides that include tips and explanations. Excel in your certification journey!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which tool is commonly used for passive OS fingerprinting?

  1. NMap

  2. Wireshark

  3. Aircrack-ng

  4. Metasploit

The correct answer is: Wireshark

The correct choice is Wireshark, as it is a powerful network protocol analyzer that allows security analysts to capture and inspect data packets transmitted over a network. In the context of passive OS fingerprinting, Wireshark can analyze the characteristics of the packets sent by devices on the network, including TCP/IP stack behaviors, protocol implementations, and other subtle network signatures. By interpreting this data, analysts can infer the operating systems of the devices without actively probing them, making this method particularly stealthy and useful in scenarios where avoiding detection is critical. While NMap is a popular tool for active OS fingerprinting, which involves sending specific packets to devices and analyzing their responses to determine the OS, it doesn’t fall within the realm of passive techniques. Aircrack-ng is primarily used for wireless network security assessments and cracking WEP and WPA/WPA2 keys, which does not relate to OS fingerprinting. Metasploit is a framework used for penetration testing and exploiting vulnerabilities, which again does not specialize in passive fingerprinting methodologies.

More Questions Like This