CompTIA PenTest+ (PT0-002) — Question 201
A security analyst is conducting an unknown environment test from 192.168.3.3. The analyst wants to limit observation of the penetration tester's activities and lower the probability of detection by intrusion protection and detection systems.
Which of the following Nmap commands should the analyst use to achieve this objective?
Answer options
- A. nmap -F 192.168.5.5
- B. nmap -datalength 2 192.168.5.5
- C. nmap -D 0.5.2.2 192.168.5.5
- D. nmap -scanflags SYNFIN 192.168.5.5
Correct answer: D
Explanation
The correct option D uses the SYNFIN scan technique, which can be effective in evading detection systems by appearing less like a traditional scan. Options A and B do not provide stealth features, while option C uses decoy scanning, which is less effective in this scenario compared to the stealth offered by SYNFIN.