Exam 312-50v11 topic 1 question 337 discussion

-D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys -n/-R: Never do DNS resolution/Always resolve [default: sometimes] -o (whatever) defines the Output method -T<0-5>: Set timing template (higher is faster) So, -T0 would make the scans slower, and help evade.

The correct option is A. Flag -D fragments packets

should be -D

See here: https://nmap.org/book/man-bypass-firewalls-ids.html Which makes option D also right. that is flags -/oN/-oX/-G true

The only one that fits is Decoy https://www.hackingloops.com/nmap-scanning-tutorial-firewall-and-ids-evasion/

IDS/Firewall Evasion Techniques - IP Address Decoy IP address decoy technique refers to generating or manually specifying the IP addresses of decoys in order to evade an IDS or firewall. #Nmap -D RND:10 <target IP address> (P.359/343)

The answer is A. check this : https://nmap.org/book/man-bypass-firewalls-ids.html

The answer is A. The -D stands for decoy scan

From nmap site: https://nmap.org/book/man-briefoptions.html FIREWALL/IDS EVASION AND SPOOFING: -f; --mtu <val>: fragment packets (optionally w/given MTU) -D <decoy1,decoy2[,ME],...>: Cloak a scan with decoys

Correct A -D <señuelo1 [,señuelo2][,ME],...> (Esconde un sondeo con señuelos) Realiza un sondeo con señuelos. Esto hace creer que el/los equipo/s que utilice como señuelos están también haciendo un sondeo de la red. De esta manera sus IDS pueden llegar a informar de que se están realizando de 5 a 10 sondeos de puertos desde distintas direcciones IP, pero no sabrán qué dirección IP está realizando el análisis y cuáles son señuelos inocentes. Aunque esta técnica puede vencerse mediante el seguimiento del camino de los encaminadores, descarte de respuesta («response-dropping», N. del T.), y otros mecanismos activos, generalmente es una técnica efectiva para esconder su dirección IP.

Check Nmap's official page here:https://nmap.org/book/man-bypass-firewalls-ids.html The answer, based on the available options here, would be -D (Decoy)

Decoy scan is used to evade ids - it is the most correct option of all.

-D is IP address Decoy Scan to generate or manually specify IP addresses of the decoys to evade IDS/firewalls.

According to "NMAP network scanning" by Gordon "Fyodor" Lyon re Timing Templates (-T) page 142: "The first two (i.e. paranoid and sneaky) are for IDS evasion."

D Decoy

decoy evation IDS or Firewall

Textbook mentions Decoy as a way of evading the firewall; the attacker generates or manually specifies IP addresses of decoys so that the IDS/firewall cannot determine the actual IP address.