During a security debrief you learn that attackers harvested your Windows file-server's user and group lists by establishing a null session to TCP port 445. To stop similar enumeration attempts while keeping normal authenticated SMB file sharing intact, which hardening action should you apply first?
Re-enable SMBv1 and turn off SMB signing to force legacy clients to use weaker authentication.
Disable or rename the built-in Guest account and set the registry value HKLM\SYSTEM\CurrentControlSet\Control\Lsa"RestrictAnonymous" to 2 (no anonymous enumeration).
Change the server's NetBIOS computer name so it is harder to guess on the network.
Increase the DNS record Time-to-Live (TTL) for the server to limit name-resolution requests.
Null-session enumeration relies on the ability to connect to the IPC$ share without credentials and then query security identifiers (SIDs) and other account information. Setting the LSA registry value RestrictAnonymous to 2 (often combined with disabling or renaming the built-in Guest account) blocks anonymous SID/ name translation and prevents this data from being disclosed, while leaving standard, authenticated SMB functionality unaffected. Changing the NetBIOS name or DNS TTL does nothing to stop anonymous logons, and re-enabling SMBv1 or disabling SMB signing would actually lower security rather than improve it.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a null session?
Open an interactive chat with Bash
What is the function of the registry value 'RestrictAnonymous'?
Open an interactive chat with Bash
What does TCP port 445 handle in Windows systems?
Open an interactive chat with Bash
What is a null session in Windows?
Open an interactive chat with Bash
What does the registry value RestrictAnonymous set to 2 do?
Open an interactive chat with Bash
How does disabling or renaming the Guest account enhance security?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Reconnaissance Techniques
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .