Which port state is used only for the IP ID idle scan where Nmap can't determine if closed or filtered?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards

From $9.99Unlock all

Study for the Nmap/ZenMap Switches Test. Prepare with flashcards and multiple choice questions, each question provides hints and explanations. Get ready for your exam!

Multiple Choice

Which port state is used only for the IP ID idle scan where Nmap can't determine if closed or filtered?

IP ID idle scan relies on how the zombie host’s IP ID value changes in response to spoofed probes to infer the target’s state. When a port’s behavior is ambiguous—there’s no clear sign that it’s open or closed, and the result could plausibly be due to filtering by a firewall—the scanner can’t decide between closed and filtered. In that situation, Nmap uses the combined state close|filtered to indicate this ambiguity. This label is specifically used for the IP ID idle scan because other scans can usually classify between closed or filtered more directly, but idle scan sometimes yields results that can only be described as “either closed or filtered.” So the correct choice reflects that unique, ambiguous outcome.

Which port state is used only for the IP ID idle scan where Nmap can't determine if closed or filtered?

Study for the Nmap/ZenMap Switches Test. Prepare with flashcards and multiple choice questions, each question provides hints and explanations. Get ready for your exam!

Which port state is used only for the IP ID idle scan where Nmap can't determine if closed or filtered?

Get the latest from Examzify