CompTIA PenTest+ (PT0-002) — Question 321

A local firewall is configured to drop all incoming packets with the TCP SYN or URG flags set. Which of the following Nmap commands should a penetration tester use to scan the ports 22, 53, 80, and 443 on the target machine and get the most reliable results?

Answer options

• A. nmap -sY 10.4.7.18 -Pn -p 22,53,80,443
• B. nmap -sS 10.4.7.18 -Pn -p 22,53,80,443
• C. nmap -sA 10.4.7.18 -Pn -p 22,53,80,443
• D. nmap -sT 10.4.7.18 -Pn -p 22,53,80,443

Correct answer: C

Explanation

The correct answer is C, as the -sA (ACK scan) option allows the tester to determine whether ports are filtered without sending SYN packets, which are blocked by the firewall. The other options, A, B, and D, utilize SYN, SYN stealth, or TCP connect scans that would be dropped by the firewall, making them less reliable for this scenario.