ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-002 All Questions

View all questions & answers for the PT0-002 exam
Go to Exam

Exam PT0-002 topic 1 question 293 discussion

Actual exam question from CompTIA's PT0-002
Question #: 293
Topic #: 1
[All PT0-002 Questions]

During a vulnerability scan a penetration tester enters the following Nmap command against all of the non-Windows clients:

nmap –sX –T4 –p 21-25, 67, 80, 139, 8080 192.168.11.191

The penetration tester reviews the packet capture in Wireshark and notices that the target responds with an RST packet flag set for all of the targeted ports. Which of the following does this information most likely indicate?

  • A. All of the ports in the target range are closed.
  • B. Nmap needs more time to scan the ports in the target range.
  • C. The ports in the target range cannot be scanned because they are common UDP ports.
  • D. All of the ports in the target range are open.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Big_Dre at Feb. 29, 2024, 4:05 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Etc_Shadow28000
11 months, 1 week ago
Selected Answer: A
The -sX option specifies a Xmas scan, which sends packets with the FIN, PSH, and URG flags set. The target’s response to such a scan provides information about the state of the ports. When the penetration tester reviews the packet capture in Wireshark and notices that the target responds with an RST (reset) packet for all of the targeted ports, this most likely indicates: A. All of the ports in the target range are closed. Explanation: B. The response received (RST packets) is definitive and indicates the state of the ports, so additional time would not change these results. C. The ports listed (21-25, 67, 80, 139, 8080) are primarily TCP ports (except for port 67 which is typically used for DHCP, a UDP service). However, the response being an RST indicates the scan was conducted over TCP. D. If the ports were open, the target would not send RST packets in response to a Xmas scan. Typically, open ports would simply ignore the Xmas scan packet (no response).
upvoted 1 times
...
aee9303
1 year, 3 months ago
There are a few circumstances in which a TCP packet might not be expected; the two most common are: The packet is an initial SYN packet trying to establish a connection to a server port on which no process is listening. The packet arrives on a TCP connection that was previously established, but the local application already closed its socket or exited and the OS closed the socket. Other circumstances are possible, but are unlikely outside of malicious behavior such as attempts to hijack a TCP connection.
upvoted 1 times
...
Big_Dre
1 year, 3 months ago
Selected Answer: A
all targeted ports are close
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel