CompTIA PenTest+ (PT0-001) — Question 23

A penetration tester is performing initial intelligence gathering on some remote hosts prior to conducting a vulnerability scan.
The tester runs the following command:
nmap -D 192.168.1.1, 192.168.1.2, 192.168.1.3 -sV -o --max-rate 2 192.168.1.130
Which of the following BEST describes why multiple IP addresses are specified?

Answer options

• A. The network is subnetted as a/25 or greater, and the tester needed to access hosts on two different subnets.
• B. The tester is trying to perform a more stealthy scan by including several bogus addresses.
• C. The scanning machine has several interfaces to balance the scan request across at the specified rate.
• D. A discovery scan is run on the first set of addresses, whereas a deeper, more aggressive scan is run against the latter host.

Correct answer: B

Explanation

The correct answer, B, indicates that the tester is using the -D option in Nmap to include decoy addresses, which helps mask the real scanning source and makes the scan less detectable. Option A is incorrect because the command does not imply subnet access needs. Option C is not right as the use of multiple interfaces is not necessary with the command shown. Option D is misleading since both sets of IPs are part of the same command execution, and there is no indication of different scanning types being applied.