CISSP-ISSAP · Question #131
John works as an Ethical Hacker for company Inc. He wants to find out the ports that are open in company's server using a port scanner. However, he does not want to establish a full TCP connection. Wh
The correct answer is D. TCP SYN. TCP SYN scanning (option D) is the correct answer because it performs a "half-open" scan - the scanner sends only a SYN packet and, upon receiving a SYN/ACK response from an open port, immediately sends a RST to tear down the attempt, never completing the three-way handshake and
Question
John works as an Ethical Hacker for company Inc. He wants to find out the ports that are open in company's server using a port scanner. However, he does not want to establish a full TCP connection. Which of the following scanning techniques will he use to accomplish this task? (ISC)2 CISSP-ISSAP Exam
Options
- ATCP FIN
- BXmas tree
- CTCP SYN/ACK
- DTCP SYN
How the community answered
(39 responses)- A8% (3)
- B18% (7)
- C3% (1)
- D72% (28)
Explanation
TCP SYN scanning (option D) is the correct answer because it performs a "half-open" scan - the scanner sends only a SYN packet and, upon receiving a SYN/ACK response from an open port, immediately sends a RST to tear down the attempt, never completing the three-way handshake and thus never establishing a full TCP connection.
Options A (TCP FIN) and B (Xmas tree) are distractors because while they are also stealth techniques that avoid full connections, they work by sending unusual flag combinations to elicit RST responses from closed ports, making them unreliable on modern systems (especially Windows) and not the standard tool for general port discovery. Option C (TCP SYN/ACK) is wrong because sending a SYN/ACK without a preceding SYN is a server-response packet, not a scan initiation - it's used for firewall ACK filtering detection, not port enumeration.
Memory tip: Think SYN = "half-handshake" - it starts a conversation but never finishes it. The acronym helps: Stealth, Yet No full connection.
Topics
Community Discussion
No community discussion yet for this question.