Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
Why is an XMAS port scan unlikely to be used by a stealthy attacker if they know that they are scanning a Windows machine? (Pick all correct answers)
XMAS scans are significantly slower than TCP connect scans
XMAS scans cannot be used to distinguish between open and closed ports on Windows machines.
XMAS scans can now be easily detected by IDS.
See the MITRE website's entry on TCP XMAS scans for more information (under CAPEC-303)
Distinguish between open and closed ports: Windows machines send a RST packet in response to receiving malformed TCP segments at an open port; this response can also occur if a valid TCP segment is sent to a closed port
Ease of detection: An XMAS scan uses a configuration that is non-valid according to RFC 793 (i.e. uses FIN, PSH, and URG together), meaning that it can be easily detected by IDS and some types of firewall.
Speed: XMAS scans are actually much quicker than many alternative scan types (e.g. TCP connect, UDP)
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.