ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-002 All Questions

View all questions & answers for the PT0-002 exam
Go to Exam

Exam PT0-002 topic 1 question 405 discussion

Actual exam question from CompTIA's PT0-002
Question #: 405
Topic #: 1
[All PT0-002 Questions]

A local firewall is configured to drop all incoming packets with the TCP SYN or URG flags set. Which of the following Nmap commands should a penetration tester use to scan the ports 22, 53, 80, and 443 on the target machine and get the most reliable results?

  • A. nmap -sY 10.4.7.18 -Pn -p 22,53,80,443
  • B. nmap -sS 10.4.7.18 -Pn -p 22,53,80,443
  • C. nmap -sA 10.4.7.18 -Pn -p 22,53,80,443
  • D. nmap -sT 10.4.7.18 -Pn -p 22,53,80,443
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by zemijan at Dec. 18, 2024, 11:28 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Snagggggin
3 months ago
Selected Answer: C
I'm going C here. Here's why: A: -sY will use the SCTP protocol and will not give reliable results on the list of TCP ports you are scanning for. B: -sS will obviously not work because it replies on the SYN for its scan. C: -sA while this will not return if the ports are open or not, you will be able to gather information on if the ports are filtered or unfiltered. The question does not explicitly state that you are trying to find if the ports are "open" rather it is asking you which scan will give you the most reliable results. D: -sT is wrong because it still replies on the SYN TCP scan to initiate the full handshake. The firewall will drop all of these packets and you will not get results for these ports.
upvoted 3 times
...
e21089f
3 months, 1 week ago
Selected Answer: C
A TCP three-way handshake starts with a SYN packet from a client to a server requesting a connection. It would be blocked by the firewall and the three-way handshake would never take place, so option D would not work. An ACK scan is the only one that makes sense given the options.
upvoted 1 times
...
Alex818119
3 months, 2 weeks ago
Selected Answer: C
Why -sA (Option C) is Still the Better Choice: Firewall Dropping SYN Packets: The problem statement specifies that the firewall drops all incoming packets with the SYN flag. Even a TCP Connect scan (-sT) relies on SYN to start the handshake, making it likely to fail. Purpose of ACK Scan (-sA): Mapping Filtered vs. Unfiltered Ports: The -sA scan checks if a port is "filtered" (i.e., blocked by the firewall) or "unfiltered" (i.e., no filtering occurs). This scan does not rely on SYN packets, making it reliable in this scenario. The -sA scan is designed for environments with firewalls that block SYN packets, providing insight into how the firewall treats traffic without attempting full connections. TCP Connect Scan Drawbacks: If the firewall is aggressively blocking SYN packets or enforcing strict stateful filtering, the initial SYN packet of -sT will be dropped, rendering the scan ineffective. Even if -sT works, it is noisier and more likely to trigger intrusion detection systems (IDS), as it establishes full TCP connections.
upvoted 1 times
...
Alex818119
3 months, 3 weeks ago
Selected Answer: D
According to bing AI it's D: Given that the firewall drops packets with the TCP SYN or URG flags set, using an Nmap command that avoids these flags is essential. The TCP SYN scan (-sS) won't be effective because it relies on SYN packets. The TCP ACK scan (-sA) won't help either since it's mainly used to map out firewall rules. The TCP Stealth scan (-sY) is also not suitable for this scenario. The most appropriate choice would be: D. nmap -sT 10.4.7.18 -Pn -p 22,53,80,443 The -sT option performs a TCP connect scan, which completes the three-way handshake. This method doesn’t use SYN or URG flags directly and is most likely to bypass the firewall's restrictions.
upvoted 1 times
Alex818119
3 months, 2 weeks ago
For whatever reason it is now saying C. Here is why it said it's not D: Why -sA (Option C) is Still the Better Choice: Firewall Dropping SYN Packets: The problem statement specifies that the firewall drops all incoming packets with the SYN flag. Even a TCP Connect scan (-sT) relies on SYN to start the handshake, making it likely to fail. Purpose of ACK Scan (-sA): Mapping Filtered vs. Unfiltered Ports: The -sA scan checks if a port is "filtered" (i.e., blocked by the firewall) or "unfiltered" (i.e., no filtering occurs). This scan does not rely on SYN packets, making it reliable in this scenario. The -sA scan is designed for environments with firewalls that block SYN packets, providing insight into how the firewall treats traffic without attempting full connections. TCP Connect Scan Drawbacks: If the firewall is aggressively blocking SYN packets or enforcing strict stateful filtering, the initial SYN packet of -sT will be dropped, rendering the scan ineffective. Even if -sT works, it is noisier and more likely to trigger intrusion detection systems (IDS), as it establishes full TCP connections.
upvoted 1 times
...
...
zemijan
4 months, 1 week ago
Selected Answer: D
The correct command in this scenario is: D. nmap -sT 10.4.7.18 -Pn -p 22,53,80,443 Here's the reasoning: The local firewall is configured to drop all incoming packets with the TCP SYN or URG flags set. The -sS option in Nmap performs a TCP SYN scan, which will be blocked by the firewall. The -sY option is for SCTP INIT scans, which is not relevant here. The -sA option performs a TCP ACK scan, which is used to map out firewall rulesets but does not provide information about open ports. The -sT option performs a TCP connect scan, which completes the three-way handshake and is not blocked by the firewall's SYN flag rule. Therefore, option D (nmap -sT 10.4.7.18 -Pn -p 22,53,80,443) will provide the most reliable results for scanning the specified ports on the target machine.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago