Which statement about an ACK scan (-sA) is true?

• A. It directly identifies open TCP ports.
• B. It runs under UDP mode.
• C. It maps firewall rules and helps distinguish stateless vs stateful filtering; it does not confirm open ports.
• D. It requires root privileges.

Answer: (C)

An ACK scan probes how firewalls treat unsolicited TCP segments rather than trying to discover open ports. By sending TCP ACK packets to each port, it doesn’t try to complete a handshake, so you don’t get a definitive answer about whether a port is open. Instead, the target’s responses (or lack of response) reveal firewall behavior. If a port returns a reset, it’s typically considered unfiltered, meaning the packet was allowed through to provoke a response. If there’s no response, the port is considered filtered, indicating the firewall dropped or ignored the probe. This pattern lets you map firewall rules and determine whether filtering is stateful or stateless. In short, this scan is about firewall behavior and filtering state, not about confirming open ports, and it’s not a UDP scan.