PT0-002 · Question #37
PT0-002 Question #37: Real Exam Question with Answer & Explanation
The correct answer is A: A firewall or IPS blocked the scan.. {"question_number": 4, "correct_answer": "A", "explanation": "The first scan used -F (fast mode, top 100 ports) and found open ports, confirming the host was reachable. The second scan used -p- (all 65,535 ports) with OS detection (-O) and aggressive mode (-A), which is far more
Question
A penetration tester ran an Nmap scan on an Internet-facing network device with the -F option and found a few open ports. To further enumerate, the tester ran another scan using the following command: nmap -O -A -sS -p- 100.100.100.50 Nmap returned that all 65,535 ports were filtered. Which of the following MOST likely occurred on the second scan?
Options
- AA firewall or IPS blocked the scan.
- BThe penetration tester used unsupported flags.
- CThe edge network device was disconnected.
- DThe scan returned ICMP echo replies.
Explanation
{"question_number": 4, "correct_answer": "A", "explanation": "The first scan used -F (fast mode, top 100 ports) and found open ports, confirming the host was reachable. The second scan used -p- (all 65,535 ports) with OS detection (-O) and aggressive mode (-A), which is far more intrusive and generates significantly more traffic. A firewall or IPS (Intrusion Prevention System) detected this aggressive scan pattern and blocked or filtered all traffic to the target, causing all 65,535 ports to appear filtered. The flags used (-O, -A, -sS, -p-) are all valid Nmap flags, ruling out B. The host was reachable moments before, ruling out C. Filtered ports indicate dropped packets - not ICMP replies - ruling out D.", "generated_by": "claude-sonnet", "llm_judge_score": 4}
Topics
Community Discussion
No community discussion yet for this question.