PT0-002 Question #487: Real Exam Question with Answer & Explanation

Question

During a reconnaissance exercise, a penetration tester runs the following Nmap command: nmap -sT -sV -T2 -p 1-65535 domain.com After watching the scan run for more than two hours, the tester wants to optimize the full scan. Which of the following is the best way to speed up the scan?

Options

• AScan fewer ports list.
• BScan via UDP to improve speed.
• CChange -sT to -sS.
• DKeep the scan timing.

Explanation

The best way to significantly speed up the Nmap scan is to change the -sT (TCP connect scan) to -sS (SYN scan). A SYN scan is faster because it performs a half-open connection, avoiding the full three-way handshake and therefore being less resource-intensive and quicker than a full TCP connect scan.

Common mistakes.

• A. While scanning fewer ports (-p 1-65535 is a full port scan) would speed up the scan, it compromises the comprehensiveness of the reconnaissance by potentially missing open ports.
• B. Scanning via UDP (-sU) is generally much slower than TCP scans because UDP is connectionless and requires longer timeouts to determine if a port is open or filtered, often yielding less definitive results for 'open' states.
• D. Keeping the scan timing (-T2 which is 'Polite', meaning very slow) would explicitly prevent speeding up the scan; the goal is to optimize and accelerate it.

Concept tested. Nmap scan types and timing optimization

Reference. https://nmap.org/book/man-port-scanning-techniques.html

No community discussion yet for this question.