nerdexam
EC-Council

312-50V10 · Question #179

An attacker is using nmap to do a ping sweep and a port scanning in a subnet of 254 addresses. In which order should he perform these steps?

The correct answer is C. First the ping sweep to identify live hosts and then the port scan on the live hosts. This way he. Efficient network reconnaissance requires a ping sweep first to identify live hosts, then port scanning only those hosts to avoid wasting time on inactive addresses.

Scanning Networks

Question

An attacker is using nmap to do a ping sweep and a port scanning in a subnet of 254 addresses. In which order should he perform these steps?

Options

  • AThe sequence does not matter. Both steps have to be performed against all hosts.
  • BFirst the port scan to identify interesting services and then the ping sweep to find hosts
  • CFirst the ping sweep to identify live hosts and then the port scan on the live hosts. This way he
  • DThe port scan alone is adequate. This way he saves time.

How the community answered

(40 responses)
  • A
    8% (3)
  • B
    3% (1)
  • C
    88% (35)
  • D
    3% (1)

Why each option

Efficient network reconnaissance requires a ping sweep first to identify live hosts, then port scanning only those hosts to avoid wasting time on inactive addresses.

AThe sequence does not matter. Both steps have to be performed against all hosts.

Running both steps against all 254 hosts regardless of liveness wastes significant time and generates unnecessary traffic scanning hosts that are offline.

BFirst the port scan to identify interesting services and then the ping sweep to find hosts

Port scanning before knowing which hosts are live means scanning potentially 254 dead hosts, which is inefficient and produces no useful data from inactive machines.

CFirst the ping sweep to identify live hosts and then the port scan on the live hosts. This way heCorrect

Performing a ping sweep first with 'nmap -sn' identifies which of the 254 hosts are actually alive, reducing the port scan target list. Port scanning only the live hosts dramatically reduces scan time and network noise, which is a core efficiency principle in penetration testing reconnaissance.

DThe port scan alone is adequate. This way he saves time.

A port scan alone sends probes to all hosts including offline ones; without first filtering live hosts, it does not save time and may miss hosts that block ICMP but respond to TCP.

Concept tested: Nmap reconnaissance order - ping sweep before port scan

Source: https://nmap.org/book/man-host-discovery.html

Topics

#ping sweep#port scanning#nmap#host discovery

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice