CompTIA PenTest+ (PT0-002) — Question 256

A penetration tester is trying to bypass an active response tool that blocks IP addresses that have more than 100 connections per minute. Which of the following commands would allow the tester to finish the test without being blocked?

Answer options

• A. nmap –sU –p 1–1024 10.0.0.15
• B. nmap –p 22, 25, 80, 3389 –T2 10.0.0.15 –Pn
• C. nmap –T5 –p 1–65535 –A 10.0.0.15
• D. nmap –T3 –F 10.0.0.15

Correct answer: B

Explanation

The correct choice, B, uses a lower timing template (–T2), which results in fewer connections per minute, helping to avoid the active response tool's threshold. Options A and C employ higher connection rates that would exceed the limit and lead to blocking. Option D, while using a moderate timing template, still runs a fast scan that could potentially result in too many connections.