CompTIA PenTest+ (PT1-002) — Question 23

A penetration tester is scanning a corporate lab network for potentially vulnerable services. Which of the following Nmap commands will return vulnerable ports that might be interesting to a potential attacker?

Answer options

• A. nmap 192.168.1.1-5 ג€"PU22-25,80
• B. nmap 192.168.1.1-5 ג€"PA22-25,80
• C. nmap 192.168.1.1-5 ג€"PS22-25,80
• D. nmap 192.168.1.1-5 ג€"Ss22-25,80

Correct answer: C

Explanation

The correct command is C, which uses the -PS option to perform a TCP SYN ping scan, identifying open ports on the target. Option A uses -PU, which is a UDP ping scan, and while it can help discover hosts, it may not reveal all open TCP ports. Option B employs -PA, which is a TCP ACK ping scan, and is less effective for identifying open ports. Option D uses -Ss, which is a TCP SYN scan but is not a ping scan and requires root privileges, making it less suitable for the context of the question.