ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-002 All Questions

View all questions & answers for the PT0-002 exam
Go to Exam

Exam PT0-002 topic 1 question 309 discussion

Actual exam question from CompTIA's PT0-002
Question #: 309
Topic #: 1
[All PT0-002 Questions]

A security engineer is trying to bypass a network IPS that isolates the source when the scan exceeds 100 packets per minute. The scope of the san is to identify web servers in the 10.0.0.0/16 subnet. Which of the following commands should the engineer use to achieve the objective in the least amount of time?

  • A. nmap –T3 –p 80 10.0.0.0/16 ––max-hostgroup 100
  • B. nmap –T0 –p 80 10.0.0.0/16
  • C. nmap –T4 –p 80 10.0.0.0/16 ––max-rate 60
  • D. nmap –T5 –p 80 10.0.0.0/16 ––min-rate 80
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by deae0e6 at Feb. 29, 2024, 4:36 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Sebatian20
Highly Voted 11 months, 2 weeks ago
Selected Answer: B
B is the answer. C is wrong.. --max-rate is per SEC, not Min. Thus, setting --max-rate 60 is 60 per sec or 3,600 per min.
upvoted 16 times
outnumber_gargle024
10 months, 3 weeks ago
yup good catch. lotta follow the leader around here
upvoted 4 times
...
...
euca2023
Most Recent 1 week, 2 days ago
Selected Answer: B
even B isn't the best option others over the IPS limitation, so I'll go with B
upvoted 1 times
...
study_study
3 weeks ago
Selected Answer: C
C. It might not scan exactly 100 but the rate at which the scan will complete is much much faster than the multiple days that B would take and this is about efficiency. Doesn't seem to be a trick question, but maybe I'm wrong. You never know with CompTIA
upvoted 1 times
...
kinny4000
2 months, 1 week ago
Selected Answer: B
B is the answer, after doing some math I found that this scan would take between 3.8 and 7.6 days to complete. Paranoid is a good word for this type of scan, way too slow, a better choice would be T2 with --max-rate 1.5 which would take about 12 hours.
upvoted 1 times
...
Fart2023
5 months ago
Selected Answer: C
You are all missing "the least amount of time" T0 is sloooowwww, C is correct.
upvoted 1 times
...
StillFiguringItOut
8 months ago
Selected Answer: B
B is correct. Refer to Sebatian20 comment
upvoted 1 times
...
FasterN8
9 months, 1 week ago
Selected Answer: B
The --max-rate setting of nmap is measured in packets per SECOND. B. is the only option that can stay under 100 packets per MINUTE.
upvoted 1 times
...
djash22
9 months, 1 week ago
Considering the need to stay below 100 packets per minute while completing the scan in the least amount of time, Option C (nmap -T4 -p 80 10.0.0.0/16 --max-rate 60) is the best choice. It balances efficiency and compliance with the IPS limit, using a rate that is safely below the threshold and a timing template that expedites the scan without being overly aggressive
upvoted 1 times
...
Etc_Shadow28000
9 months, 2 weeks ago
Selected Answer: C
C. nmap –T4 –p 80 10.0.0.0/16 ––max-rate 60: The –max-rate 60 option ensures that Nmap will not send more than 60 packets per second, which is well under the limit of 100 packets per minute. The T4 timing template balances speed and caution, allowing the scan to complete in a reasonable time frame while staying under the packet limit. A. While the –max-hostgroup option can control the number of hosts scanned in parallel, it doesn’t control the rate of packets sent. The T3 timing template might still exceed 100 packets per minute. B. The T0 timing template is very slow and would take a very long time to scan the entire subnet. D. The T5 timing template is very aggressive, and the –min-rate 80 option specifies a minimum rate of 80 packets per second, which would definitely exceed the 100 packets per minute limit set by the IPS.
upvoted 1 times
...
PhillyCheese
10 months, 1 week ago
Selected Answer: A
A security engineer is trying to bypass a network IPS that isolates the source when the scan exceeds 100 packets per minute. The scope of the san is to identify web servers in the 10.0.0.0/16 subnet. Which of the following commands should the engineer use to achieve the objective in the least amount of time?
upvoted 1 times
PhillyCheese
10 months, 1 week ago
Please erase, this was posted by mistake.
upvoted 1 times
...
...
PhillyCheese
10 months, 1 week ago
Selected Answer: B
--max-rate limits a scan's sending rate to a given maximum. Use --max-rate 100, for example, to limit sending to 100 packets per second on a fast network. https://nmap.org/book/man-performance.html The nmap command allows you to control the rate at which packets are sent during a scan. Here are the relevant options: --min-rate <number>: Specifies the minimum packet rate (packets per second). --max-rate <number>: Specifies the maximum packet rate (packets per second).
upvoted 2 times
PhillyCheese
10 months, 1 week ago
While the fine-grained timing controls discussed in the previous section are powerful and effective, some people find them confusing. Moreover, choosing the appropriate values can sometimes take more time than the scan you are trying to optimize. Fortunately, Nmap offers a simpler approach, with six timing templates. You can specify them with the -T option and their number (0–5) or their name. The template names are paranoid (0), sneaky (1), polite (2), normal (3), aggressive (4), and insane (5). The first two are for IDS evasion. Polite mode slows down the scan to use less bandwidth and target machine resources. Normal mode is the default and so -T3 does nothing. Aggressive mode speeds scans up by making the assumption that you are on a reasonably fast and reliable network. Finally insane mode assumes that you are on an extraordinarily fast network or are willing to sacrifice some accuracy for speed.
upvoted 1 times
PhillyCheese
10 months, 1 week ago
While -T0 and -T1 may be useful for avoiding IDS alerts, they will take an extraordinarily long time to scan thousands of machines or ports. For such a long scan, you may prefer to set the exact timing values you need rather than rely on the canned -T0 and -T1 values. The main effects of T0 are serializing the scan so only one port is scanned at a time, and waiting five minutes between sending each probe
upvoted 1 times
...
...
...
deeden
1 year ago
Selected Answer: C
--max-rate <number>: Send packets no faster than <number> per second I agree with option C. Although the nmap --help show this number per second, meaning --max-rate 60 will potentially go up to 3600 packets per minute. The IPS blocks 100 packets per minute so I guess it ought to be lower than 60?
upvoted 1 times
...
041ba31
1 year, 1 month ago
Selected Answer: C
Option C specifies a scan (nmap) targeting port 80 (common for web servers) across the 10.0.0.0/16 subnet. It uses the --max-rate option to limit the scan rate to 60 packets per minute, staying below the IPS threshold of 100 packets per minute. The -T4 option speeds up the scan while still respecting the rate limit, optimizing for both efficiency and stealth
upvoted 1 times
...
Big_Dre
1 year, 1 month ago
Selected Answer: C
C. nmap –T4 –p 80 10.0.0.0/16 ––max-rate 60: This option explicitly sets the maximum scan rate to 60 packets per second, which is below the IPS threshold, and it scans port 80 as required. Therefore, this seems to be the best option.
upvoted 2 times
...
Rezaee
1 year, 1 month ago
Selected Answer: C
C. nmap –T4 –p 80 10.0.0.0/16 ––max-rate 60
upvoted 1 times
...
deae0e6
1 year, 1 month ago
B is the answer the others will all exceed 100 packets per minute as the min and max rate set the packets per second
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago