312-50V13 Question #490: Real Exam Question with Answer & Explanation

Question

An ethical hacker is scanning a target network. They initiate a TCP connection by sending an SYN packet to a target machine and receiving a SYN/ACK packet in response. But instead of completing the three-way handshake with an ACK packet, they send an RST packet. What kind of scan is the ethical hacker likely performing and what is their goal?

Options

• AThey are performing an SYN scan to stealthily identify open ports without fully establishing a
• BThey are performing a TCP connect scan to identify open ports on the target machine
• CThey are performing a vulnerability scan to identify any weaknesses in the target system
• DThey are performing a network scan to identify live hosts and their IP addresses

Explanation

SYN Scan (Half-Open Scan) Explanation

Option A is correct because the described behavior - sending SYN, receiving SYN/ACK, then deliberately sending RST instead of completing the handshake - is the defining characteristic of a SYN scan (also called a "half-open" or "stealth" scan), used to identify open ports while avoiding full connection logging on many systems. Option B is wrong because a TCP Connect scan completes the full three-way handshake (SYN → SYN/ACK → ACK), making it more detectable. Option C is incorrect because vulnerability scanning goes beyond port detection to actively test for specific security weaknesses in services/software. Option D is wrong because host discovery scans (ping sweeps) focus on determining which IP addresses are live, not probing individual ports on a known target.

🧠 Memory Tip: Think of SYN scan as a "knock and run" technique - you knock on the door (SYN), the host answers (SYN/ACK confirming the port is open), but you slam it shut (RST) before fully entering, leaving minimal traces. SYN = Sneaky, Half-open = Half committed!

No community discussion yet for this question.