CompTIA PenTest+ (PT0-001) — Question 97

A company hires a penetration tester to determine if there are any vulnerabilities in its new VPN concentrator installation with an external IP of 100.170.60.5.
Which of the following commands will test if the VPN is available?

Answer options

• A. fpipe.exe -1 8080 -r 80 100.170.60.5
• B. ike-scan -A -t 1 --sourceip=spoof_ip 100.170.60.5
• C. nmap -sS -A -f 100.170.60.5
• D. nc 100.170.60.5 8080 /bin/sh

Correct answer: B

Explanation

The correct answer is B because 'ike-scan' is specifically designed to check for the availability of VPN services using the IKE protocol. Options A, C, and D are not suitable for testing VPN connectivity; A tests a different port, C is a more general network scan, and D attempts to initiate a shell which is not a valid method for checking VPN availability.