PT0-002 · Question #279
PT0-002 Question #279: Real Exam Question with Answer & Explanation
The correct answer is A: nmap -sn -n -exclude 10.1.1.15 10.1.1.0/24 -oA target_txt. To perform host discovery on a local LAN segment, exclude the attacking machine, and save the results, the Nmap command should use -sn for ping scan, -exclude for the attacker's IP, and -oA for comprehensive output.
Question
The attacking machine is on the same LAN segment as the target host during an internal penetration test. Which of the following commands will BEST enable the attacker to conduct host discovery and write the discovery to files without returning results of the attack machine?
Options
- Anmap -sn -n -exclude 10.1.1.15 10.1.1.0/24 -oA target_txt
- Bnmap -iR 10 -n -oX out.xml | grep "Nmap" | cut -d "" -f5 > live-hosts.txt
- Cnmap -Pn -sV -O -iL target.txt -oA target_text_Service
- Dnmap -sS -Pn -n -iL target.txt -oA target_txt1
Explanation
To perform host discovery on a local LAN segment, exclude the attacking machine, and save the results, the Nmap command should use -sn for ping scan, -exclude for the attacker's IP, and -oA for comprehensive output.
Common mistakes.
- B. The -iR 10 option scans 10 random hosts, which is not suitable for a specific LAN segment, and the post-processing using grep and cut is an inefficient and less reliable method compared to Nmap's dedicated output options.
- C. The -Pn option skips host discovery and treats all hosts as online, which is contrary to the goal of host discovery, and -sV -O are for service/OS detection, not basic host discovery.
- D. The -sS option performs a SYN port scan, not just host discovery, and -Pn skips host discovery, making it unsuitable for the stated objective.
Concept tested. Nmap host discovery and output options
Reference. https://nmap.org/book/man.html
Topics
Community Discussion
No community discussion yet for this question.