CompTIA PenTest+ (PT0-002) — Question 406

A penetration tester wants to scan a target network without being detected by the client's IDS.
Which of the following scans is MOST likely to avoid detection?

Answer options

• A. nmap -P0 -T0 -sS 192.168.1.10
• B. nmap -sA -sV --host-timeout 60 192.168.1.10
• C. nmap -f --badsum 192.168.1.10
• D. nmap -A -n 192.168.1.10

Correct answer: A

Explanation

The correct answer, A, uses a stealthy SYN scan with a low timing template, making it less likely to trigger alerts. Option B is more aggressive with service detection and a specified timeout, which increases the chance of detection. Option C uses fragmentation to evade detection but is generally less effective than a pure SYN scan, while option D performs a more comprehensive scan that is likely to be detected by IDS.