Skillset can help you prepare! Sign up for your free Skillset account and take the first steps towards your certification.
You are preparing to initiate a scan of a remote host using nmap. Which of the following scan types is the BEST choice to gather the most information while minimizing the chance of detection?
Xmas scan (-sX)
SYN scan (-sS)
TCP connect scan (-sT)
UDP scan (-sU)
The SYN scan, also known as "half-open" scan, is the best option for stealthy informative scanning using nmap. The SYN scan initiates TCP connections to the target, but never completes them. Each port that responds with SYN/ACK is marked as open, while a RST response indicates a closed port.
The TCP connect scan carries a higher likelihood of detection since it fully establishes TCP connections, which may be logged by the host. Both UDP and Xmas scans can more stealthy than SYN scans in some cases, but the way UDP and Xmas scans work do not provide as much clearly defined information as TCP scanning methods.
For more information, review the nmap documentation for port scanning techniques: https://nmap.org/book/man-port-scanning-techniques.html
Edit: please correct me if I'm wrong. TCP connect scan can be logged by host. But many SYN scans can be detected by IDS/IPS and such scanning can be blocked. Nowadays almost all systems are protected by IPS, so probability of detecting SYN scan is greater than full TCP scan. So both answers are ambitious.
Train with Skillset and pass your certification exam. Faster. Guaranteed.
Study thousands of practice questions that organized by skills and ranked by difficulty.
Create a tailored training plan based on the knowledge you already possess.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.