Scanning Practice

Map attack surface, discover live hosts, and identify open ports and services safely and efficiently.

1. Question

Which Nmap scan type is generally the FASTEST and LEAST likely to be logged by default on many systems?

-sT (TCP connect scan)-sS (SYN scan)-sU (UDP scan)-sA (ACK scan)

2. Question

You need to identify the operating system of a remote host. Which Nmap option is MOST appropriate?

-sC-sV-O-Pn

3. Question

Which of the following best describes a risk of overly aggressive scanning in a production environment?

It always guarantees full coverage of all open portsIt may crash fragile services or trigger security controlsIt hides your activity from intrusion detection systemsIt is required to comply with most security standards

4. Question

Which port and protocol combination is MOST likely associated with HTTPS during scanning?

TCP/21TCP/22TCP/80TCP/443

5. Question

Which Nmap option is BEST suited to identify versions of services running on open ports?

-sV-sU-sn-f

6. Question

When a port is reported as 'filtered' during a scan, what does this MOST likely indicate?

The port is definitely closedThe service is running but requires authenticationA firewall or filter is interfering with probe responsesThe host is offline

7. Question

Why might you perform a host discovery scan (e.g., Nmap -sn) BEFORE running detailed port scans?

To ensure that all ports are automatically opened before scanningTo identify live hosts and avoid wasting time on inactive IPsTo bypass firewalls and IDS completelyTo avoid creating any network traffic

8. Question

UDP scanning is often slower and less reliable than TCP scanning because:

UDP packets cannot be routed over the internetUDP services always require authentication firstLack of responses is ambiguous and many devices rate-limit ICMP errorsFirewalls ignore UDP traffic by default

9. Question

You want to minimize impact while still getting useful data in a sensitive environment. Which approach is MOST appropriate?

Full port scan (1–65535) with aggressive timingTargeted scans of documented ranges with conservative timingRepeated scans every minute for 24 hoursConcurrent scans from multiple networks to overwhelm defenses

10. Question

In the context of scanning, why is it helpful to correlate scan results with information from documentation or CMDBs?

To inflate the number of findings for a larger reportTo identify discrepancies between intended and actual exposureTo avoid having to perform any scanning at allTo justify unrestricted scanning across all networks

Score: 0.0 / 10 (0 of 10 correct)