nerdexam
EC-Council

312-50V10 · Question #113

What would you enter, if you wanted to perform a stealth scan using Nmap?

The correct answer is B. nmap -sS. The nmap -sS flag performs a TCP SYN (half-open) scan, commonly called a stealth scan because it never completes the full TCP handshake.

Scanning Networks

Question

What would you enter, if you wanted to perform a stealth scan using Nmap?

Options

  • Anmap -sU
  • Bnmap -sS
  • Cnmap -sM
  • Dnmap -sT

How the community answered

(27 responses)
  • A
    4% (1)
  • B
    89% (24)
  • D
    7% (2)

Why each option

The nmap -sS flag performs a TCP SYN (half-open) scan, commonly called a stealth scan because it never completes the full TCP handshake.

Anmap -sU

nmap -sU performs a UDP scan, not a stealth scan - it probes UDP ports rather than using the SYN stealth technique.

Bnmap -sSCorrect

nmap -sS sends a SYN packet and waits for a response, but never completes the three-way handshake by sending the final ACK. This half-open technique avoids creating a full session, making it harder for logging systems and firewalls to record the connection, which is why it is classified as a stealth scan.

Cnmap -sM

nmap -sM is the Maimon scan (FIN/ACK probe) - a lesser-used technique and not the standard stealth scan method.

Dnmap -sT

nmap -sT performs a full TCP connect scan, which completes the entire three-way handshake and is easily logged by target systems, making it the opposite of stealthy.

Concept tested: Nmap SYN stealth scan flag identification

Source: https://nmap.org/book/synscan.html

Topics

#Nmap#SYN scan#stealth scan#port scanning

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice