nerdexam
Exams312-50V12Questions#224
EC-CouncilEC-Council

312-50V12 · Question #224

312-50V12 Question #224: Real Exam Question with Answer & Explanation

The correct answer is D: Send a FIN or RST packet to close the connection.. After completing a TCP three-way handshake (SYN → SYN/ACK → ACK), the ethical hacker has established a full connection and should properly terminate it. The correct next step is to send a FIN or RST packet to close the connection gracefully or abruptly.

Submitted by jordan8· Mar 4, 2026Network and Perimeter Hacking

Question

An ethical hacker is performing a network scan to evaluate the security of a company's IT infrastructure. During the scan, he discovers an active host with multiple open ports running various services. The hacker uses TCP communication flags to establish a connection with the host and starts communicating with it. He sends a SYN packet to a port on the host and receives a SYN/ACK packet back. He then sends an ACK packet for the received SYN/ACK packet, which triggers an open connection. Which of the following actions should the ethical hacker perform next?

Options

  • ASend a PSH packet to inform the receiving application about the buffered data.
  • BConduct a vulnerability scan on the open port to identify any potential weaknesses.
  • CScan another port on the same host using the SYN, ACK, and RST flags.
  • DSend a FIN or RST packet to close the connection.

Explanation

After completing a TCP three-way handshake (SYN → SYN/ACK → ACK), the ethical hacker has established a full connection and should properly terminate it. The correct next step is to send a FIN or RST packet to close the connection gracefully or abruptly.

Common mistakes.

  • A. A PSH (Push) flag is used to push buffered data to the receiving application during an active data-transfer session, not as a step in port enumeration or connection teardown after confirming a port is open.
  • B. Conducting a vulnerability scan is a separate phase of assessment that comes after reconnaissance/port scanning is complete; it is not the immediate next TCP-level action following the three-way handshake in this scanning context.
  • C. Scanning another port using SYN, ACK, and RST flags describes a different scanning technique (e.g., ACK scanning) and is a new scan action, not the logical next step for the currently established TCP connection that needs to be closed.

Concept tested. TCP three-way handshake and connection teardown

Reference. https://learn.microsoft.com/en-us/troubleshoot/windows-server/networking/three-way-handshake-via-tcpip

Topics

#TCP handshake#Vulnerability scanning#Port scanning#Network communication

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V12 PracticeBrowse All 312-50V12 Questions