PT0-002 · Question #397
PT0-002 Question #397: Real Exam Question with Answer & Explanation
The correct answer is B: ..nmap -sS -sV -F target.company.com. {"question_number": 9, "question": "Which Nmap command scans ports without establishing a full connection and also finds service version information?", "correct_answer": "B. nmap -sS -sV -F target.company.com", "explanation": "The two requirements are: (1) no full TCP connection,
Question
A penetration tester is conducting an Nmap scan and wants to scan for ports without establishing a connection. The tester also wants to find version data information for services running on Projects. Which of the following Nmap commands should the tester use?
Options
- A..nmap -sU -sV -T4 -F target.company.com
- B..nmap -sS -sV -F target.company.com
- C..nmap -sT -v -T5 target.company.com
- D..nmap -sX -sC target.company.com
Explanation
{"question_number": 9, "question": "Which Nmap command scans ports without establishing a full connection and also finds service version information?", "correct_answer": "B. nmap -sS -sV -F target.company.com", "explanation": "The two requirements are: (1) no full TCP connection, and (2) service version detection. -sS is the SYN scan (also called a 'stealth' or 'half-open' scan) - it sends a SYN packet and analyzes the response (SYN-ACK or RST) without completing the three-way handshake, so no full connection is established. -sV enables service/version detection. -F (fast) scans only the top 100 most common ports, which is acceptable here. Option A (-sU) is a UDP scan, which is different. Option C (-sT) performs a full TCP connect scan, which does establish complete connections. Option D (-sX) is an Xmas scan (a stealth scan) but -sC runs default scripts rather than version detection, and Xmas scans are less reliable. Only option B satisfies both requirements.", "generated_by": "claude-sonnet", "llm_judge_score": 5}
Topics
Community Discussion
No community discussion yet for this question.