Certified Ethical Hacker (CEH) — Question 9

Which NMAP command combination would let a tester scan every TCP port from a class C network that is blocking ICMP with fingerprinting and service detection?

Answer options

• A. NMAP -PN -A -O -sS 192.168.2.0/24
• B. NMAP -P0 -A -O -p1-65535 192.168.0/24
• C. NMAP -P0 -A -sT -p0-65535 192.168.0/16
• D. NMAP -PN -O -sS -p 1-1024 192.168.0/8

Correct answer: B

Explanation

The correct answer is B because it uses the -P0 option to disable host discovery, allowing scanning even when ICMP is blocked, and specifies all TCP ports to be scanned. Options A and D are incorrect as they do not scan all TCP ports, and C is not valid for the specified class C network range.