When would you use -sC versus -sV and -A, and what does the -A option enable?

• A. -sC runs default NSE scripts; -sV detects service versions; -A enables aggressive detection including -O, -sV, and default NSE; use when thorough fingerprinting is needed.
• B. -sC disables NSE scripts; -sV detects only OS; -A disables OS detection.
• C. -sC performs OS detection; -sV runs a vulnerability scan; -A disables scripting.
• D. -sC toggles logging; -sV toggles verbosity; -A toggles all outputs.

Answer: (A)

Understanding how Nmap’s script, version, and aggressive options work together helps you choose the right scan setup for fingerprinting a target.

The default NSE scripts are run with the script-scan option. This adds extra checks and information by running a set of scripts against the discovered services. Version detection with the version option analyzes open ports to determine the exact service names and versions running behind them. The aggressive mode ties these together with extra steps: it enables OS detection, version detection, script scanning (using the default NSE scripts), and traceroute. This makes the scan thorough, giving you a comprehensive fingerprint, but it also makes the scan heavier and more noticeable on the network.

So, the combination described—default NSE scripts, version detection, and aggressive detection including OS detection and scripts—best matches when you want thorough fingerprinting. The other statements misstate what the switches do: -sC does not disable NSE scripts; it actually runs them. -sV does not detect only OS, it focuses on identifying service versions. -A does not disable OS detection; it enables it along with version detection, script scanning, and traceroute.