CompTIA PenTest+ (PT1-002) — Question 64

A penetration tester ran an Nmap scan on an Internet-facing network device with the `"F option and found a few open ports. To further enumerate, the tester ran another scan using the following command: nmap `"O `"A `"sS `"p- 100.100.100.50
Nmap returned that all 65,535 ports were filtered. Which of the following MOST likely occurred on the second scan?

Answer options

• A. A firewall or IPS blocked the scan.
• B. The penetration tester used unsupported flags.
• C. The edge network device was disconnected.
• D. The scan returned ICMP echo replies.

Correct answer: A

Explanation

The most likely cause of all ports being reported as filtered is that a firewall or IPS is actively blocking the scan attempts, preventing access to the ports. The other options are less plausible; unsupported flags would typically result in an error rather than filtered ports, a disconnected device would not return filtered status, and ICMP echo replies do not pertain to port filtering.