A penetration tester wants to scan a target network without being detected by the client's IDS. Which of the following scans is MOST likely to avoid detection?
A.
nmap ג€"p0 ג€"T0 ג€"sS 192.168.1.10
B.
nmap ג€"sA ג€"sV --host-timeout 60 192.168.1.10
The "-f" option in Nmap specifies fragmented IP packets. Fragmenting packets can help bypass certain network-based intrusion detection systems that may inspect complete packets but have difficulty with fragmented packets.
The "--badsum" option tells Nmap to use incorrect checksums in the packets it sends. By using incorrect checksums, Nmap attempts to evade detection by IDS systems that rely on checksum verification for packet integrity.
-sS, -T0, and -P0. Fragmentation and badchecksum are the same thing so that is only one approach within that command. IDS as well can check for fragmentation if it is configured correctly
Option d (nmap –p0 –T0 –sS 192.168.1.10) performs a SYN scan ("-sS") with no port scanning ("-p0") and the lowest timing template ("-T0"). While SYN scans are commonly used for stealthy scanning, the absence of port scanning may not provide useful information for the penetration tester's objectives.
C should be the correct answer. Just look at the nmap IDS evasion page and you will find these two options listed there
https://nmap.org/book/man-bypass-firewalls-ids.html
I agree with C, especially since it is documented in https://nmap.org/book/man-bypass-firewalls-ids.html as to what options to use to bypass firewalls and IDS. Why dispute an official nmap guide?
@OSPFv22 this is an underated comment. based on this: "While this simple command is often all that is needed, advanced users often go much further. In Example 4.3, the scan is modified with four options. -p0- asks Nmap to scan every possible TCP port, -v asks Nmap to be verbose about it, -A enables aggressive tests such as remote OS detection, service/version detection, and the Nmap Scripting Engine (NSE). Finally, -T4 enables a more aggressive timing policy to speed up the scan.
Example 4.3. More complex: nmap -p0- -v -A -T4 scanme.nmap.org"
https://nmap.org/book/port-scanning-tutorial.html
I'm not 100%... based on NMAP documentation, both A and C seem to be viable answers. -p0 will not flag the IDS MOST LIKELY since they are T0 scans (paranoid) and running -Ss, this is common knowledge. On the other hand, you have nmap documentation that specifically has -f and --badsum under the IDS/FIREWALL EVASION page... ahhh, what to choose. Thanks CompTIA.
This section is not available anymore. Please use the main Exam Page.PT1-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
rogal
Highly Voted 3 years, 5 months agobieecop
Most Recent 1 year, 10 months agoAnarckii
1 year, 11 months agobieecop
1 year, 10 months agobieecop
2 years, 4 months agobromings
2 years, 6 months agoisaphiltrick
1 year, 8 months agoOSPFv22
2 years, 11 months agoTheITStudent
2 years, 9 months ago[Removed]
2 years, 8 months agoTheITStudent
2 years, 9 months agoHashlife
3 years agoCharlieb123
3 years agosome_specialist
3 years, 1 month agobrandonl
3 years, 1 month agosir_hiccup
3 years, 1 month agotokhs
3 years, 5 months ago