According to CEH v13 Module 03: Scanning Networks, when using Nmap for service enumeration and fingerprinting, the flag to determine service version and type information is:
-sV — Version Detection Scan
nmap -sV instructs Nmap to actively connect to open ports and probe the services running on those ports. This technique helps identify:
The service name (e.g., Apache, Nginx, etc.)
The version number (e.g., Apache 2.4.54)
The OS or device details (when possible)
This is especially useful when ports like 80 (HTTP) and 443 (HTTPS) are open, as it helps determine which web server is running (e.g., Apache, IIS, Nginx) and its version — which is critical for vulnerability assessment.
Why Other Options Are Incorrect:
A. -sv
❌ Incorrect syntax. Nmap flags are case-sensitive and this is a typo. Correct flag is -sV.
B. -Pn
Skips host discovery (ping scan). It does not provide service version info.
C. -V
Displays Nmap’s version, not the service version on the target.
D. -ss
Incorrect spelling. You may have meant -sS (TCP SYN scan), which is for port scanning, not version detection.
Correct Option is A, assuming the intent is to write the correct syntax as -sV. However, strictly speaking, if this is a case-sensitive exam, and the listed option is -sv (lowercase 'v'), it would be invalid. But based on CEH exam context where minor casing issues are accepted if conceptually correct, A is the best answer.
Reference from CEH v13 Study Guide and Courseware:
Module 03 – Scanning Networks, Section: Nmap Scan Types and Options
EC-Council iLabs: Performing Version Detection Using nmap -sV
Nmap Official Docs (Referenced in CEH): https://nmap.org/book/man-version-detection.html
-h | findstr " -sV" -sV: Probe open ports to determine service/version info
