nerdexam
EC-Council

312-50V13 · Question #381

The network in ABC company is using the network address 192.168.1.64 with mask 255.255.255.192. In the network the servers are in the addresses 192.168.1.122, 192.168.1.123 and 192.168.1.124. An attac

The correct answer is C. He is scanning from 192.168.1.64 to 192.168.1.78 because of the mask /28 and the servers are. Explanation Option C is correct because a /28 subnet mask covers only 16 addresses (2⁴), meaning nmap 192.168.1.64/28 scans from 192.168.1.64 to 192.168.1.79 - the servers at .122, .123, and .124 fall well outside this range and are therefore invisible to the scan. The correct su

Submitted by jordan8· Mar 6, 2026Scanning Networks

Question

The network in ABC company is using the network address 192.168.1.64 with mask 255.255.255.192. In the network the servers are in the addresses 192.168.1.122, 192.168.1.123 and 192.168.1.124. An attacker is trying to find those servers but he cannot see them in his scanning. The command he is using is: nmap 192.168.1.64/28. Why he cannot see the servers?

Options

  • AHe needs to add the command ""ip address"" just before the IP address
  • BHe needs to change the address to 192.168.1.0 with the same mask
  • CHe is scanning from 192.168.1.64 to 192.168.1.78 because of the mask /28 and the servers are
  • DThe network must be dawn and the nmap command and IP address are ok

How the community answered

(21 responses)
  • A
    5% (1)
  • B
    14% (3)
  • C
    76% (16)
  • D
    5% (1)

Explanation

Explanation

Option C is correct because a /28 subnet mask covers only 16 addresses (2⁴), meaning nmap 192.168.1.64/28 scans from 192.168.1.64 to 192.168.1.79 - the servers at .122, .123, and .124 fall well outside this range and are therefore invisible to the scan. The correct subnet for this network is actually /26 (255.255.255.192 = 64 addresses), which would cover 192.168.1.64 to 192.168.1.127, capturing all three servers.

  • Option A is wrong because nmap doesn't use an ip address prefix - that's not valid syntax for any scanning tool.
  • Option B is wrong because changing to 192.168.1.0 would shift the scan to a different subnet entirely, not resolve the mask mismatch.
  • Option D is wrong because the servers are confirmed to exist; the issue is purely the incorrect CIDR notation used in the command.

Memory Tip: Always verify your CIDR notation matches your subnet mask - /28 = 255.255.255.240 (16 hosts), while /26 = 255.255.255.192 (64 hosts). A quick way to check: count the mask bits or use the formula 2ⁿ for host addresses.

Topics

#Nmap#Network Scanning#Subnetting#CIDR Notation

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice