nerdexam
EC-Council

112-52 · Question #170

112-52 Question #170: Real Exam Question with Answer & Explanation

The correct answer is C. SYN Scan. SYN Scan (also called a "half-open scan") works by sending a packet with only the SYN flag set - if the port is open, the target responds with SYN-ACK, but Nmap immediately sends RST instead of completing the handshake with ACK, leaving the connection half-open. This is why C is

Information Gathering and Vulnerability Analysis

Question

Which Nmap scan sends packets with only the SYN flag set and does not complete the TCP handshake?

Options

  • ATCP Connect Scan
  • BACK Scan
  • CSYN Scan
  • DFIN Scan

Explanation

SYN Scan (also called a "half-open scan") works by sending a packet with only the SYN flag set - if the port is open, the target responds with SYN-ACK, but Nmap immediately sends RST instead of completing the handshake with ACK, leaving the connection half-open. This is why C is correct: it initiates but never completes the TCP three-way handshake.

  • A (TCP Connect Scan) is wrong because it does complete the full three-way handshake (SYN → SYN-ACK → ACK), making it more detectable and logged by the OS.
  • B (ACK Scan) is wrong because it sends packets with only the ACK flag set - it's used for firewall rule mapping, not port discovery.
  • D (FIN Scan) is wrong because it sends packets with only the FIN flag set, exploiting RFC behavior to infer open/closed ports - no SYN involved.

Memory tip: Think "SYN = half-open handshake" - SYN starts a connection but never seals it, just like the letter S starts the word "Stealth," which is exactly why this scan is preferred for stealthy reconnaissance.

Topics

#Nmap#SYN Scan#TCP Handshake#Reconnaissance

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 112-52 Practice