Certified Ethical Hacker (CEH v10) — Question 56

An attacker scans a host with the below command. Which three flags are set? (Choose three.)
#nmap ""sX host.domain.com

Answer options

• A. This is ACK scan. ACK flag is set
• B. This is Xmas scan. SYN and ACK flags are set
• C. This is Xmas scan. URG, PUSH and FIN are set
• D. This is SYN scan. SYN flag is set

Correct answer: C

Explanation

The correct answer is C because the Xmas scan sets the URG, PUSH, and FIN flags, which is characteristic of this scanning method. Options A and B are incorrect as they misidentify the scan type and the flags that are set. Option D is wrong since it describes a SYN scan rather than the Xmas scan.