CompTIA PenTest+ (PT0-002) — Question 43

A penetration tester ran an Nmap scan on an Internet-facing network device with the -F option and found a few open ports. To further enumerate, the tester ran another scan using the following command: nmap -O -A -sS -p- 100.100.100.50
Nmap returned that all 65,535 ports were filtered
Which of the following MOST likely occurred on the second scan?

Answer options

• A. A firewall or IPS blocked the scan.
• B. The penetration tester used unsupported flags.
• C. The edge network device was disconnected.
• D. The scan returned ICMP echo replies.

Correct answer: A

Explanation

The correct answer is A because if all ports are reported as filtered, it indicates that a security mechanism like a firewall or IPS is actively blocking the scan. Option B is incorrect as the flags used are supported by Nmap. Option C is unlikely since the first scan found open ports, suggesting the device was connected. Option D is incorrect because ICMP echo replies would not result in all ports being marked as filtered.