-sV Explanation: The "-sV" parameter is used to determine the service version of the target system. This parameter instructs Nmap to attempt to determine the version of any services running on the target system, such as the web server running on port 80 in this case. When the "-sV" parameter is used, Nmap will try to identify the service version by comparing the fingerprint of the service with a database of known fingerprints. This allows Nmap to determine the type and version number of the service running on the target system.

A. -sV https://nmap.org/book/man-briefoptions.html -sV: Probe open ports to determine service/version info

Guys how can it be -sV? where is the version column in the result? even if nmap was unable to find version info, it still shows a column for version information.

Not A, but B $ nmap -sV 192.168.1.1 Starting Nmap 7.80 ( https://nmap.org ) at 202X-XX-XX XX:XX UTC Nmap scan report for 192.168.1.1 Host is up (0.0020s latency). Not shown: 995 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 7.9p1 Debian 10+deb10u2 (protocol 2.0) 80/tcp open http Apache httpd 2.4.38 ((Debian)) 443/tcp open ssl/http Apache httpd 2.4.38 ((Debian)) $ nmap -sS 192.168.1.1 Starting Nmap 7.80 ( https://nmap.org ) at 202X-XX-XX XX:XX UTC Nmap scan report for 192.168.1.1 Host is up (0.00080s latency). Not shown: 995 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 443/tcp open https

-scanVersion ;)

The issue here for most is that they are interpreting the provided output in the question and entering the command that best matches that output versus answering the actual question. "What command would you use to get the version (paraphrased)". It's sort of a trick question.

If additional information of the version is needed, the scan must be supplemented with a version detection scan (-sV) Module 03 Page 319 from CEH book v12

A. -sV

A. -sV