nerdexam
Exams312-50V11Questions#968
EC-Council

312-50V11 · Question #968

312-50V11 Question #968: Real Exam Question with Answer & Explanation

The correct answer is D: -D. The -D switch in Nmap creates decoy scans to obscure the real scanner's identity, helping evade IDS and firewall detection.

Evading IDS, Firewalls, and Honeypots

Question

Which Nmap switch helps evade IDS or firewalls?

Options

  • A-n/-R
  • B-0N/-0X/-0G
  • C-T
  • D-D

Explanation

The -D switch in Nmap creates decoy scans to obscure the real scanner's identity, helping evade IDS and firewall detection.

Common mistakes.

  • A. -n/-R control DNS resolution behavior (no DNS lookup or always reverse DNS) and have no IDS or firewall evasion function.
  • B. -oN/-oX/-oG are output format switches that save scan results in normal, XML, or grepable format, not evasion techniques.
  • C. -T sets timing templates (0-5) to control scan speed, which can reduce detectability through slowness but does not actively evade IDS via packet-source manipulation.

Concept tested. Nmap decoy scanning for IDS evasion

Reference. https://nmap.org/book/man-bypass-firewalls-ids.html

Topics

#Nmap decoy scan#IDS evasion#firewall evasion#-D flag

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V11 Practice
Which Nmap switch helps evade IDS or firewalls? | 312-50V11 Q#968 Answer | NerdExam