nerdexam
EC-Council

312-50V13 · Question #482

You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise In order to evade IDS?

The correct answer is D. nmap -sT -O -T0. Explanation Option D (nmap -sT -O -T0) is correct because -sT performs a TCP connect scan on common ports (not all ports), -O enables OS detection, and critically, -T0 (Paranoid timing) is the slowest and stealthiest timing template, sending packets with maximum delays to avoid t

Submitted by minji_kr· Mar 6, 2026Evading IDS, Firewalls, and Honeypots

Question

You are attempting to run an Nmap port scan on a web server. Which of the following commands would result in a scan of common ports with the least amount of noise In order to evade IDS?

Options

  • Anmap -sP -p-65535 -T5
  • Bnmap -A --host-timeout 99 -T1
  • Cnmap -A -Pn
  • Dnmap -sT -O -T0

How the community answered

(46 responses)
  • A
    4% (2)
  • B
    15% (7)
  • C
    9% (4)
  • D
    72% (33)

Explanation

Explanation

Option D (nmap -sT -O -T0) is correct because -sT performs a TCP connect scan on common ports (not all ports), -O enables OS detection, and critically, -T0 (Paranoid timing) is the slowest and stealthiest timing template, sending packets with maximum delays to avoid triggering IDS/IPS threshold-based detection rules.

Why the distractors are wrong:

  • Option A uses -T5 (Insane speed) and -p-65535 (all ports) - this is the loudest possible scan, virtually guaranteed to trigger an IDS
  • Option B uses -T1 (Sneaky) which is better, but -A enables aggressive scanning (OS detection, version detection, scripts, traceroute), generating significant noise that defeats the stealth purpose
  • Option C uses -A (aggressive) with no timing control, making it noisy; -Pn only skips host discovery but does nothing for IDS evasion

Memory Tip: Think of T0 = "Time Out" - you're telling Nmap to slow down so much that the IDS "times out" waiting for a pattern to emerge. The lower the T-value (0–5), the stealthier the scan: lower number = lower noise.

Topics

#Nmap#Port Scanning#IDS Evasion#Stealth Scanning

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice