Certified Ethical Hacker (CEH v11) — Question 190

Techno Security Inc. recently hired John as a penetration tester. He was tasked with identifying open ports in the target network and determining whether the ports are online and any firewall rule sets are encountered.
John decided to perform a TCP SYN ping scan on the target network.
Which of the following Nmap commands must John use to perform the TCP SYN ping scan?

Answer options

• A. nmap -sn -PO < target IP address >
• B. nmap -sn -PS < target IP address >
• C. nmap -sn -PA < target IP address >
• D. nmap -sn -PP < target IP address >

Correct answer: B

Explanation

The correct command is B, 'nmap -sn -PS < target IP address >', which performs a TCP SYN ping scan to check for active hosts. Option A uses the '-PO' flag for IP protocol ping, which is not a TCP scan. Option C employs the '-PA' flag, which is for TCP ACK ping scans, and option D uses '-PP' for ICMP timestamp ping, neither of which are suitable for a TCP SYN scan.