CompTIA PenTest+ (PT0-002) — Question 16

A penetration tester is scanning a corporate lab network for potentially vulnerable services.
Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?

Answer options

• A. nmap 192.168.1.1-5 -PU22-25,80
• B. nmap 192.168.1.1-5 -PA22-25,80
• C. nmap 192.168.1.1-5 -PS22-25,80
• D. nmap 192.168.1.1-5 -Ss22-25,80

Correct answer: C

Explanation

The correct answer is C because the -PS option is used for TCP SYN ping scanning, which helps in discovering open ports that may be vulnerable. Options A and B use -PU and -PA, which are used for UDP and TCP ACK scans, respectively, and are less effective for identifying vulnerable TCP services. Option D uses -Ss, which is a stealth SYN scan but does not specifically target the ports in question for vulnerability scanning.