Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us [email protected]
Menu

Unlimited Access

Get Unlimited Contributor Access to the all ExamTopics Exams!
Take advantage of PDF Files for 1000+ Exams along with community discussions and pass IT Certification Exams Easily.
Eccouncil Discussions

Exam 312-50v11 topic 1 question 307 discussion

Actual exam question from ECCouncil's 312-50v11
Question #: 307
Topic #: 1
[All 312-50v11 Questions]

While performing an Nmap scan against a host, Paola determines the existence of a firewall.
In an attempt to determine whether the firewall is stateful or stateless, which of the following options would be best to use?

  • A. -sA
  • B. -sX
  • C. -sT
  • D. -sF
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by blacksheep6r at Oct. 16, 2021, 7:19 p.m.

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Submit Cancel
blacksheep6r
Highly Voted 2 years, 6 months ago
-sA (TCP ACK scan) This scan is different than the others discussed so far in that it never determines open (or even open|filtered) ports. It is used to map out firewall rulesets, determining whether they are stateful or not and which ports are filtered. The ACK scan probe packet has only the ACK flag set (unless you use --scanflags). When scanning unfiltered systems, open and closed ports will both return a RST packet. Nmap then labels them as unfiltered, meaning that they are reachable by the ACK packet, but whether they are open or closed is undetermined. Ports that don't respond, or send certain ICMP error messages back (type 3, code 0, 1, 2, 3, 9, 10, or 13), are labeled filtered. https://nmap.org/book/man-port-scanning-techniques.html
upvoted 25 times
mileke2
1 year, 11 months ago
Thank you for not just replying "Correct"
upvoted 8 times
...
...
Daniel8660
Most Recent 1 year, 6 months ago
Selected Answer: A
ACK Flag Probe scan ACK flag probe scanning can also be used to check the filtering system of a target.Attackers send an ACK probe packet with a random sequence number, and no response implies that the port is filtered (stateful firewall is present), whereas an RST response means that the port is not filtered. # Nmap -sA -v <target IP address> (P.311/295)
upvoted 4 times
...
AbusedInk
1 year, 8 months ago
Selected Answer: A
The TCP ACK scan comes in handy when checking if the firewall protecting a host is stateful or stateless. #nmap -sA <target>.
upvoted 3 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel