Exam PT0-002 topic 1 question 15 discussion

D is the only answer that doesnt actually RUN so I dont see why that's the majority answer. Looking at nmap --help clearly shows: -PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports We want TCP, so -PS will do the job. So I have to say C.

The correct answer is D. nmap 192.168.1.1-5 -Ss22-25,80. This command will perform a SYN scan of ports 22 through 25 and port 80 on the IP addresses 192.168.1.1 through 192.168.1.5. This scan will return any potentially vulnerable ports that might be of interest to an attacker. The capital 'S' stands for the SYN flag, which is used to initiate a connection on a TCP port. The lowercase 's' stands for the stealth flag, which is used to hide the source IP address of the scan and make it harder to detect.

the answere "C" say: _PS that is a ping scan, specified on the port after listed. the answer "D" it's incorrect because do non exist a command -Ss 'cause nmap it's case-sensitive and give you back an error. you can try as a proof.

The -sS scan (commonly called a SYN scan) is the best option for identifying vulnerable ports, as it actively scans the target ports and detects open services. This scan is non-intrusive and efficient, making it a preferred method for penetration testers to enumerate services and locate potential attack vectors. To further refine the scan for vulnerable services, additional options such as -sV (version detection) and --script=vuln (vulnerability scanning scripts) can be added: nmap -sS -sV --script=vuln 192.168.1.1-5 -p22-25,80

-PS is the best switch for Host Discovery which is what this question requires. -PS/PA/PU/PY[portlist]: TCP SYN/ACK, UDP or SCTP discovery to given ports -sS/sT/sA/sW/sM: TCP SYN/Connect()/ACK/Window/Maimon scans

The command provided in Option D, nmap 192.168.1.1-5 -Ss22-25,80, is not valid and would indeed not run as expected. The correct syntax should be: Copy code nmap 192.168.1.1-5 -sS 22-25,80 The lowercase -sS specifies a TCP SYN scan, while the uppercase -Ss would be incorrect. --------- The next best option would be: C. nmap 192.168.1.1-5 -PS22-25,80

C. `nmap 192.168.1.1-5 -PS22-25,80` Explanation: - The `-PS` option performs a TCP SYN ping scan, which sends SYN packets to the specified ports (22-25,80) on the target hosts (192.168.1.1-5) to check if those ports are open. - While this does not perform a full vulnerability scan, it is useful for identifying live hosts with open ports, which can be the first step in identifying potentially vulnerable services. The other options (`-PU` for UDP ping and `-PA` for ACK ping) are less likely to be useful for identifying open ports and potentially vulnerable services in this context. If the -sS option (note the correct lowercase -sS instead of -Ss) is a SYN scan, which is the most effective and common way to scan for open ports. This type of scan sends SYN packets to the specified ports and determines if they are open based on the responses, making it useful for identifying potentially vulnerable services.

The -Ss scan will provide information about open ports, which is essential for assessing potential risks.

C is definitely the correct answer

The correct answer to the question is option B: nmap 192.168.1.1-5 "PA22-25,80". The "PA" option specifies a port scan and identifies services based on their response to specific probes. This scan will return open ports 22-25 and 80, and attempt to identify potential vulnerabilities in those services.

Nmap is a widely used tool for network discovery and security auditing. Different options can be used to perform various types of scans. In the given context, you would likely want to use a stealthy SYN scan to identify open ports that might be running vulnerable services. The SYN scan is a popular method that's useful in port scanning as it doesn't complete the TCP handshake and is therefore considered "stealthier." The correct option for performing a SYN scan over the specified range of IPs and ports would be: D. `nmap 192.168.1.1-5 -sS 22-25,80` Note the correct flag for a SYN scan is `-sS`, not `-Ss`. Therefore, it appears there may be a typographical error in the options provided, and based on the context, option D should be the correct choice if corrected to `-sS`.

The -sS option tells the nmap command to perform a TCP SYN scan, which is a stealthy way to scan a network. The 22-25,80 option tells the nmap command to scan the specified ports, which are commonly used by vulnerable services. Option C, nmap 192.168.1.1-5 -PS22-25,80, will return all open ports that are listening for proxy services, which are not typically vulnerable.

C is correct. Ss is invalid syntax. But if it were sS, then the answer would be D for sure.

D is incorrect for an obvious reason running -Ss would result in an error, it would be the correct answer if it were -sS

C is correct answer

The Ports 22,25,80 are all tcp ports. A syn scan (-sS) would have done the job but since it is not listed, the -PS flag would also do a tcp syn scan.

The only issue is have is that it is write as -Ss instead of -sS