While investigating why an Internet-facing Linux web server is accepting unexpected connections, you need to quickly determine which TCP ports on the host are reachable from the DMZ and identify the application protocol running on each open port. Intrusive vulnerability or brute-force scripts must be avoided, but speed is more important than stealth. Which Nmap command best meets these requirements?
The goal is to detect open TCP ports and perform service-version identification without launching intrusive NSE scripts. The syntax that accomplishes this is the one that enables Nmap's built-in version-detection engine (-sV) and speeds up the scan with the Aggressive timing template (-T4). No option that launches default scripts (-sC) or vulnerability probes is desired, and there is no requirement for OS fingerprinting, UDP probing, or scanning every port.
nmap -sV -T4 203.0.113.25: Performs a TCP port scan, interrogates each open port to learn the protocol and banner, and finishes quickly because of the timing template. This satisfies all stated requirements.
nmap -O -sS 203.0.113.25: Adds OS detection and a SYN scan but does not identify application protocols, so it misses the key requirement.
nmap -sU -sC 203.0.113.25: Switches to UDP scanning and launches the default NSE script set, some of which are considered intrusive; it also omits the TCP ports you need to check.
nmap -Pn -p- 203.0.113.25: Scans every port but neither detects services nor accelerates the scan, making it slower than necessary and less informative.
Therefore, nmap -sV -T4 203.0.113.25 is the command that best meets the stated requirements.