Exam CFR-310 topic 1 question 41 discussion

A. Stealth scanning Explanation: Stealth scanning is a technique used to avoid detection by firewalls and Intrusion Prevention Systems (IPS). It works by sending packets in a way that makes it difficult for the firewall or IPS to detect and log the activity, such as using fragmented packets or SYN scans (half-open scanning), which minimizes the interaction with the target system. Why the other answers are less suitable: B. Xmas scanning: Sends packets with the FIN, PSH, and URG flags set, but it's noisy and easily detectable by most firewalls and IPS systems. It can raise alarms rather than evade them. C. FIN scanning: Sends packets with the FIN flag set, which is less noisy than Xmas scanning but still detectable by modern intrusion detection systems. D. Port scanning: While useful for enumerating open ports, typical port scanning is easily detected by firewalls and IPS, especially if the scans are frequent or comprehensive.

B. Xmas scanning Xmas scanning is a type of port scanning that sets various TCP flags (URG, PSH, and FIN) to probe a target. By sending packets with these flags set, the hacker can attempt to evade detection by the firewall or IPS. The use of unusual or unexpected TCP flag combinations may confuse or bypass certain security systems.