How would you limit version detection to a subset of ports?

• A. Use -sV with -p to constrain ports, e.g., -sV -p 80,443
• B. Using -sV alone does not constrain port selection.
• C. Using -p alone limits version detection to those ports.
• D. Using -sV with -T4 enables timing, not port limiting.

Answer: (A)

Version detection runs only on the ports that Nmap actually checks. To limit which ports are analyzed for version information, you specify the ports first and then request version detection. Using -sV together with -p to pick a subset of ports, for example -sV -p 80,443, tells Nmap to scan only those ports and perform service/version detection on them. If you only use -sV, you’re enabling version detection on whatever ports are scanned by default, which may be more than you want. If you only use -p, you restrict which ports are scanned but won’t get version information unless you also include -sV. The timing option -T4 affects scan speed, not port limiting. So the combination of -sV with -p is the correct approach to limit version detection to a subset of ports.