nerdexam
Exams312-50V9Questions#538
EC-Council

312-50V9 · Question #538

312-50V9 Question #538: Real Exam Question with Answer & Explanation

The correct answer is F: No response. Per RFC 793, an open port receiving a NULL scan packet with no flags set returns no response, while a closed port responds with RST/ACK.

Question

What is the proper response for a NULL scan if the port is open?

Options

  • ASYN
  • BACK
  • CFIN
  • DPSH
  • ERST
  • FNo response

Explanation

Per RFC 793, an open port receiving a NULL scan packet with no flags set returns no response, while a closed port responds with RST/ACK.

Common mistakes.

  • A. A SYN packet is sent by a client to initiate a new connection and is never generated as a server response to an incoming NULL probe.
  • B. An ACK is used to acknowledge received data within an established session, not as a response to a flagless probe on an open port.
  • C. A FIN is used to gracefully terminate an existing connection and would not be sent in response to a NULL scan on an open port.
  • D. PSH is a data-pushing flag used within an active data transfer session and has no relevance as a response to a NULL probe.
  • E. An RST/ACK response is sent only when the port is closed, which is the opposite state being asked about here.

Concept tested. TCP NULL scan open port response behavior

Reference. https://www.rfc-editor.org/rfc/rfc793

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V9 Practice