How does the -D option implement decoy scans and what effect does that have on the target's logs?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the Nmap/ZenMap Switches Test. Prepare with flashcards and multiple choice questions, each question provides hints and explanations. Get ready for your exam!

Multiple Choice

How does the -D option implement decoy scans and what effect does that have on the target's logs?

Explanation:
Using decoys with this option adds spoofed source IPs to each probe alongside your real address. What the target sees in its logs are probes coming from several different IPs, not just one. That spreads the activity across multiple sources and makes it harder to link all the log entries to a single scanner, which is the main purpose of decoying. At the same time, the true initiating host can still be inferred by some systems from other signals like timing patterns or traffic behavior, so attribution isn’t guaranteed to be complete.

Using decoys with this option adds spoofed source IPs to each probe alongside your real address. What the target sees in its logs are probes coming from several different IPs, not just one. That spreads the activity across multiple sources and makes it harder to link all the log entries to a single scanner, which is the main purpose of decoying. At the same time, the true initiating host can still be inferred by some systems from other signals like timing patterns or traffic behavior, so attribution isn’t guaranteed to be complete.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy