Exam 312-50v12 topic 1 question 11 discussion

Correct answer is A. From the nmap manual: "-sA (TCP ACK scan) This scan is different than the others discussed so far in that it never determines open (or even open|filtered) ports. It is used to map out firewall rulesets, determining whether they are stateful or not and which ports are filtered."

A: -sA One of the most interesting uses of ACK scanning is to differentiate between stateful and stateless firewalls. See the section called “ACK Scan” for how to do this and why you would want to.

A -sA (ACK scan): This type of scan can help determine if a firewall is stateful or stateless. It sends ACK packets to a target and analyzes the response. Stateless firewalls will typically drop the packets, while stateful firewalls will either drop them silently or return RST packets.

A. -sA

When a TCP ACK scan sends an ACK packet to a port that is not expecting it, a stateful firewall will recognize that the packet does not belong to any existing connection, and will drop it or send an ICMP error message. A stateless firewall will not be able to tell if the packet is part of a connection or not, and will only check if the port is open or closed. If the port is open or closed, the target host will send a RST packet in response to the ACK packet. This will cause Nmap to report the port as unfiltered.

correct option is A: -sA

C. -sT The "-sT" option in Nmap performs a TCP connect scan, which involves establishing a full TCP connection with the target host. This type of scan can help determine if the firewall is stateful because it requires the firewall to maintain and track the state of the TCP connections. If the scan is successful and shows open ports, it indicates that the firewall is likely stateful since it allows the establishment of full TCP connections

TCP ACK Scan (-sA)

C. -sT The -sT option in Nmap is used to perform a TCP connect scan. This scan involves attempting to establish a full TCP connection with the target host on the specified port(s). If the connection is successful, it indicates that the target port is open and that the firewall is stateful (i.e., it is allowing traffic that is part of an established connection). If the connection is unsuccessful, it indicates that the target port is either closed or filtered by a stateless firewall (i.e., a firewall that does not keep track of the state of network connections). Note that some stateless firewalls may block TCP connect scans altogether, so this method may not always be effective in identifying whether a firewall is stateful or stateless.