What is the meaning of Nmap's fingerprinting, and which options contribute to it (OS, service/version, NSE) and how do they complement each other?

Fingerprinting in Nmap is about building a profile of the target by analyzing how it responds to probes, revealing what operating system it runs, what services are active, and which versions are in use, with NSE scripts adding extra context. The OS detection option (-O) analyzes how the host’s TCP/IP stack behaves—things like TTL, window size, and response quirks—to infer the operating system. The service/version option (-sV) probes open ports to identify running services and their versions, giving concrete information about what’s exposed. The NSE (Nmap Scripting Engine) adds depth by running scripts that can check for misconfigurations, find specific software versions, or look for vulnerabilities and other details not captured by port/service banners alone. Together, these elements complement each other: OS identification tells you the host type, service/version reveals what’s actually running, and NSE provides additional checks and context, producing a fuller, more actionable fingerprint of the target. The other choices miss the scope of fingerprinting or misstate its purpose.