Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
When using NMAP to do a SYN Stealth scan , what would be the first TCP flag response to most likely come from a IDS/IPS filtered port?
SYN
FIN
RST
SYN/ACK
ACK
None of the above
SYN is sent by the to synchronize the initial connection. SYN/ACK is an initial response to the original SYN packet, which allows a connection to occur. (Comes as one signal) ACK acknowledges receipt of a packet or set of packets. FIN is sent when a communication is finished requesting that the connection be closed. RST is sent when the connection is to be reset, and the connection is closed immediately.
SYN would not be right, as this would be sent as an initial connection, and not as a response to a normal SYN flag. SYN/ACK would happen when scanning an open port with a SYN scan, but not from a filtered port. ACK would happen during an ongoing transmission. FIN would happen to close a connection which already has been established. RST would be a response which occurs when a port is closed, or on an open port that an IDS/IPS "sees" the SYN scan, then breaks the connection (this is usually then recorded in an audit log).
The correct answer is 'None of the above'.
The SYN packet will be dropped, and no response will be given, which tells us that the port is filtered.
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.