Idle Scan uses which initial TCP flag?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Study for the Nmap/ZenMap Switches Test. Prepare with flashcards and multiple choice questions, each question provides hints and explanations. Get ready for your exam!

Multiple Choice

Idle Scan uses which initial TCP flag?

Explanation:
Idle Scan hinges on initiating a TCP connection from a zombie to the target, which starts with a SYN. The technique relies on the target’s response to that initial handshake (SYN) and the zombie’s predictable IPID behavior to infer whether the port is open or closed. The other flags don’t fit this initiating step: ACK would imply continuing an existing connection, FIN would close a connection, and PSH is a data-flag, not used to start the handshake. So the initial TCP flag used is SYN.

Idle Scan hinges on initiating a TCP connection from a zombie to the target, which starts with a SYN. The technique relies on the target’s response to that initial handshake (SYN) and the zombie’s predictable IPID behavior to infer whether the port is open or closed. The other flags don’t fit this initiating step: ACK would imply continuing an existing connection, FIN would close a connection, and PSH is a data-flag, not used to start the handshake. So the initial TCP flag used is SYN.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy