I choose D

looks good to me

It was on the exam

My2 cents. A or D = FACT Telnet is running. A would be the second best choice, B being BEST as providing the most detail. They are looking for the BEST explanation. I could be wrong and is Nmap throwing false positives :)

A.Answer: The organization did not disable Telnet Explanation: NMap is a network mapper tool used to discover the state of ports and the services on them. In this situation, port 22 is closed and port 23 is open to SSH which means that some application is running on that port. Telnet is a protocol that runs as a client-server application and typically used the TCP (Transmission Control Protocol) to establish a connection, it by default used port 23. Although the client has indicated that they've disabled Telnel but, the open port, 23 indicated that the Tenel services are running and the organization has not disabled Telnet. Other options cannot be true as: → Although the SSH service can run on other non-standard ports but, this range would be from port 1024 to 32767, hence port 23 cannot be in this range. → The NMap has stated that port 22 is closed, therefore port 22 cannot be filtered as if NMap is not able to get any response from a port it states it as filtered, and if a port is closed that means it is actually closed. Threfore, the port 22 cannot be filtered or port 23 as false positive.

A, the company closed the wrong port why would they turn off SSH and not Telnet they might have missed clicked or miss typed. Also if they were to change ports for SSH to another port, changing it to port 23 wont accomplish anything meaning full.

first -aV is not a valid parameter, I'm assuming it should be -sV that would identify service versions on each port. Given the results of port 23 seems to have SSH. The first 3 options don't explain the situation we're seeing in the results but if we change option 4 to be "SSH is running on a non-standard port" the question and answers make more sense.

Perhaps the answer should actually be B: Nmap results contain a false positive for port 23? Personally I think it's a reach, but the fact the question is probing as to what the best explanation for Telnet not being disabled is, plus the fact port 23 is open to SSH rather than Telnet could lead to the explanation being that Telnet is actually disabled? Meaning that port 23 showing Telnet to be enabled is in fact a false positive? However, if Telnet is actually still enabled it could lead me to believe D to be the right answer, as it doesn't seem like it's currently running on port 23 (the question indicates SSH is using that port) which would mean the only logical conclusion must be Telnet running on some other non-standard port? Then there's also answer A which could by all means also be the answer CompTIA are looking for? This question has me beyond confused, not enough information provided to pick a clear answer..

The organization said it had disabled but it's not so A is the answer?

The question specifically asks about telnet. I believe that all the other information about port 22 (SSH) is irrelevant to the question. Seems like unnecessary rabbit holes to me. That being said, the organization thinks it disabled Telnet, but nmap says otherwise. Therefore, the organization failed to disable Telnet.

Technically it's not "Disabled" because it's responding to the nmap scan. "A closed port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it." -Nmap website

I agree it is running on an non standard port, however what is the correct answer in the eyes of sybex and comptia, even if they are incorrect? At the end of the day if the test deems A to be correct for the sake of the test the answer is A... Can anyone confirm that?

Got this from SYBEX Book A. - Network Mapper (Nmap) is used to discover hosts and services on a computer network by sending packets and analyzing the responses. Nmap will identify what devices are running on a client’s systems, discover hosts and services that are available, find open ports, and detect security risks. In this scenario, the organization did not disable Telnet because port 23 is still open. Telnet is a client-server protocol, based on a reliable connection-oriented transport. Typically, this protocol is used to establish a connection to Transmission Control Protocol (TCP) by using port 23, where a Telnet server application (telnetd) is listening.

Maybe: D. The service is running on a non-standard port ? Can you remove Telnet and run SSH on port 23 ?