nerdexam
EC-Council

312-50V11 · Question #343

A security engineer is attempting to map a company's internal network. The engineer enters in the following NMAP command: NMAP -n -sS -P0 -p 80 ... What type of scan is this?

The correct answer is C. Stealth scan. The -sS flag in Nmap performs a TCP SYN stealth scan, which never completes the three-way handshake, reducing the likelihood of detection in application logs.

Scanning Networks

Question

A security engineer is attempting to map a company's internal network. The engineer enters in the following NMAP command:

NMAP -n -sS -P0 -p 80 ... What type of scan is this?

Options

  • AQuick scan
  • BIntense scan
  • CStealth scan
  • DComprehensive scan

How the community answered

(34 responses)
  • A
    6% (2)
  • B
    3% (1)
  • C
    91% (31)

Why each option

The -sS flag in Nmap performs a TCP SYN stealth scan, which never completes the three-way handshake, reducing the likelihood of detection in application logs.

AQuick scan

A Quick scan in Nmap uses the -T4 -F flags to scan fewer ports at a faster timing template and does not correspond to the -sS flag used in this command.

BIntense scan

An Intense scan uses flags such as -T4 -A -v to enable OS detection, version detection, script scanning, and traceroute, none of which appear in this command.

CStealth scanCorrect

The -sS flag instructs Nmap to send SYN packets and, upon receiving a SYN-ACK, immediately reply with a RST to tear down the connection before it is fully established - a half-open technique that avoids creating a full session entry in many application-layer logs. The additional flags -n (skip DNS resolution) and -P0 (assume hosts are up, skip ping) further reduce the scan's footprint and make it harder to detect.

DComprehensive scan

A Comprehensive scan would include a much broader flag set such as -A and full port range (-p-), which are absent from this command.

Concept tested: Nmap SYN stealth scan identification (-sS flag)

Source: https://nmap.org/book/synscan.html

Topics

#Nmap#SYN scan#stealth scan#network scanning

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice