{
  "query": "If a network scanner lists Windows share names without using credentials what does this most likely indicate?",
  "options": [
    {
      "text": "Misidentified Apache vulnerability",
      "explanation": "The scanner incorrectly flagged an Apache issue that lacks CVE or vendor references.",
      "correct": false,
      "selected": false
    },
    {
      "text": "Authenticated SMB listing with valid credentials",
      "explanation": "The scan result reflects an SMB enumeration performed after successful authentication.",
      "correct": false,
      "selected": false
    },
    {
      "text": "Anonymous SMB null session allowed",
      "explanation": "Unauthenticated SMB connections can enumerate shares without credentials.",
      "correct": true,
      "selected": false
    }
  ],
  "answer": "<p>The correct answer is <b>Anonymous SMB null session allowed</b>.</p><p>A network scanner that lists Windows share names without credentials most likely exploited an anonymous SMB logon and performed a null session. Null sessions permit unauthenticated clients to enumerate IPC endpoints and share names on systems that allow anonymous access, and many scanner tools use this to reveal share listings without any username or password.</p><p><i>Misidentified Apache vulnerability</i> is incorrect because enumerating Windows file shares is an SMB protocol action and not related to the Apache web server. An Apache vulnerability would not explain seeing SMB share names on Windows hosts.</p><p><i>Authenticated SMB listing with valid credentials</i> is incorrect because the scenario describes listings obtained without supplying credentials. An authenticated listing requires valid user credentials and would not appear as an anonymous enumeration.</p>",
  "batch_id": "1437",
  "answerCode": "3",
  "type": "multiple-choice",
  "originalQuery": "A vulnerability scan has returned the following results: -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Detailed Results 10.56.17.21 (APACHE-2.4) Windows Shares Category: Windows CVE ID: - Vendor Ref: - Bugtraq ID: - Service Modified - 8.30.2017 Enumeration Results: print$ c:\\windows\\system32\\spool\\drivers files c:\\FileShare\\Accounting Temp c:\\temp -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- What best describes the meaning of this output?",
  "originalOptions": "A. There is an unknown bug in an Apache server with no Bugtraq ID<br/>B. Connecting to the host using a null session allows enumeration of the share names on the host<br/>C. Windows Defender has a known exploit that must be resolved or patched<br/>D. There is no CVE present, so this is a false positive caused by Apache running on a Windows server",
  "domain": "Reconnaissance Techniques for Ethical Hacking",
  "hasImage": false,
  "queryImage": "",
  "queryImages": [],
  "allImages": [],
  "hasAnyImage": false,
  "deprecatedReference": false,
  "deprecatedMatches": {},
  "hasPre": false,
  "qid": "2379s",
  "tip": "<p>When a scanner shows shares without credentials try a manual anonymous SMB connection with <i>smbclient</i> or run an Nmap <i>smb-enum-shares</i> script to confirm whether a <i>null session</i> is allowed.</p>",
  "references": [
    "<a href=\"https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares\">https://learn.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/network-access-do-not-allow-anonymous-enumeration-of-sam-accounts-and-shares</a>",
    "<a href=\"https://nmap.org/nsedoc/scripts/smb-enum-shares.html\">https://nmap.org/nsedoc/scripts/smb-enum-shares.html</a>",
    "<a href=\"https://wiki.samba.org/index.php/Null_sessions\">https://wiki.samba.org/index.php/Null_sessions</a>"
  ],
  "video_url": "https://certificationation.com/videos/others/eccouncil/ethical-hacker/eccouncil-the-following-results-detailed-exam-2379.html",
  "url": "https://certificationation.com/questions/others/eccouncil/ethical-hacker/eccouncil-the-following-results-detailed-exam-2379.html"
}