nerdexam
EC-Council

312-50V13 · Question #490

An ethical hacker is scanning a target network. They initiate a TCP connection by sending an SYN packet to a target machine and receiving a SYN/ACK packet in response. But instead of completing the th

The correct answer is A. They are performing an SYN scan to stealthily identify open ports without fully establishing a. SYN Scan (Half-Open Scan) Explanation Option A is correct because the described behavior - sending SYN, receiving SYN/ACK, then deliberately sending RST instead of completing the handshake - is the defining characteristic of a SYN scan (also called a "half-open" or "stealth" scan

Submitted by andres_qro· Mar 6, 2026Scanning Networks

Question

An ethical hacker is scanning a target network. They initiate a TCP connection by sending an SYN packet to a target machine and receiving a SYN/ACK packet in response. But instead of completing the three-way handshake with an ACK packet, they send an RST packet. What kind of scan is the ethical hacker likely performing and what is their goal?

Options

  • AThey are performing an SYN scan to stealthily identify open ports without fully establishing a
  • BThey are performing a TCP connect scan to identify open ports on the target machine
  • CThey are performing a vulnerability scan to identify any weaknesses in the target system
  • DThey are performing a network scan to identify live hosts and their IP addresses

How the community answered

(21 responses)
  • A
    90% (19)
  • B
    5% (1)
  • C
    5% (1)

Explanation

SYN Scan (Half-Open Scan) Explanation

Option A is correct because the described behavior - sending SYN, receiving SYN/ACK, then deliberately sending RST instead of completing the handshake - is the defining characteristic of a SYN scan (also called a "half-open" or "stealth" scan), used to identify open ports while avoiding full connection logging on many systems. Option B is wrong because a TCP Connect scan completes the full three-way handshake (SYN → SYN/ACK → ACK), making it more detectable. Option C is incorrect because vulnerability scanning goes beyond port detection to actively test for specific security weaknesses in services/software. Option D is wrong because host discovery scans (ping sweeps) focus on determining which IP addresses are live, not probing individual ports on a known target.

Memory Tip: Think of SYN scan as a "knock and run" technique - you knock on the door (SYN), the host answers (SYN/ACK confirming the port is open), but you slam it shut (RST) before fully entering, leaving minimal traces. SYN = Sneaky, Half-open = Half committed!

Topics

#SYN scan#Port scanning#TCP handshake#Stealth scan

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice