Exam PT0-002 topic 1 question 159 discussion

B is correct. The switch -sN in D is not correct.

Option A uses a /16 CIDR notation, which covers a Class B network and will scan a much larger range of IP addresses than necessary. Option C includes an extra dot in the IP range, which will cause an error in the nmap command. Option D uses the -sN flag, which is used for TCP NULL scans, and does not scan for active systems.

it is B

A Class C network typically has a /24 subnet mask, and if the goal is to quickly identify active systems within that network, the penetration tester would likely want to perform a ping sweep. Among the provided options, the correct command for this task is: B. nmap -sn 192.168.0.1-254 Explanation: Option B: This command uses the "-sn" flag (No port scan) to perform a ping sweep, targeting all IP addresses in the range from 192.168.0.1 to 192.168.0.254. This range encompasses the entire Class C network.

This command would be used to run a network scan on the IP range 192.168.0.1 through 254. It would do a simple scan to determine active hosts on the local subnet without performing port scans or service enumeration.

B is a faster scan no ports -sN is a real switch but it's slower gives you ports

B is correct 100%

Gonna have to go with B. Running this on my Kali VM, it was "fast" and returned Active (host is up) hosts. D returned "Host is up"on all hosts, and required sudo.

ChatGPT says B

D. nmap -sN 192.168.0.0/24 A class C network IP address range is from 192.168.0.0 to 192.168.255.255. To identify active systems quickly in a Class C network, a penetration tester could use the Nmap command 'nmap -sN 192.168.0.0/24' which performs a "ping scan" (-sN) on the entire Class C network range (192.168.0.0/24). This will identify all active systems that are responding to ping requests in the network. Option A is not correct, because it uses the wrong CIDR notation. option B is not correct because it uses incorrect range of IP address. Option C is not correct because it uses incorrect syntax.

-sn is faster than -sN

-sN isn't a valid switch. /16 is a class B. It just says examine a class C network. It doesn't specify the IP range it has to be as it doesn't say a whole class C IP range.

Answer A is B class - NO Answer B does not consist of a whole /24 class network, it lacks .0 .255 IPs which are not intended to be used by normal host broadcast IPs. So it contains all USABLE ip addresses in C class - MAYBE it is correct. nmap states that by default, likely network/broadcast addresses like .0 and .255 are not scanned, but the '-A' option allows you to do this if you wish. But -sn scans allow you to check this. Look at the results below. In my opinion it lacks 2 addresses in C class. Answer C scans only 2 addresses - NO D is a complete C class, but it uses -sN which is not a quick way to identify if the host is up, it also scans ports which is more than is asked in the question. - Probably NO sudo nmap -sN 10.0.0.1/24 Nmap done: 256 IP addresses (11 hosts up) scanned in 21.99 seconds What would you choose, based on this observations? D contains all IPs but is slow and does more than asked B is quick, but does not contain .0 and .255 broadcast IP

D is the only class C network. /24

I think A is correct