Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

ISC2 Exam ISSAP Topic 4 Question 39 Discussion

Actual exam question for ISC2's Information Systems Security Architecture Professional exam
Question #: 39
Topic #: 4
[All Information Systems Security Architecture Professional Questions]

John works as an Ethical Hacker for company Inc. He wants to find out the ports that are open in company's server using a port scanner. However, he does not want to establish a full TCP connection. Which of the following scanning techniques will he use to accomplish this task?

Show Suggested Answer Hide Answer
Suggested Answer: D

SYN scanning is also known as half-open scanning because in this a full TCP connection is never opened. The steps of TCP SYN scanning are

as follows:

1.The attacker sends SYN packet to the target port.

2.If the port is open, the attacker receives SYN/ACK message.

3.Now the attacker breaks the connection by sending an RST packet.

4.If the RST packet is received, it indicates that the port is closed.

This type of scanning is hard to trace because the attacker never establishes a full 3-way handshake connection and most sites do not create

a log of incomplete TCP connections.

Answer option C is incorrect. In TCP SYN/ACK scanning, an attacker sends a SYN/ACK packet to the target port. If the port is closed, the victim

assumes that this packet was mistakenly sent by the attacker, and sends the RST packet to the attacker. If the port is open, the SYN/ACK

packet will be ignored and the port will drop the packet. TCP SYN/ACK scanning is stealth scanning, but some intrusion detection systems can

detect TCP SYN/ACK scanning.

Answer option A is incorrect. TCP FIN scanning is a type of stealth scanning, through which the attacker sends a FIN packet to the target port.

If the port is closed, the victim assumes that this packet was sent mistakenly by the attacker and sends the RST packet to the attacker. If the

port is open, the FIN packet will be ignored and the port will drop that packet. TCP FIN scanning is useful only for identifying ports of non

Windows operating system because Windows operating systems send only RST packets irrespective of whether the port is open or closed.

Answer option B is incorrect. Xmas Tree scanning is just the opposite of null scanning. In Xmas Tree scanning, all packets are turned on. If the

target port is open, the service running on the target port discards the packets without any reply. According to RFC 793, if the port is closed,

the remote system replies with the RST packet. Active monitoring of all incoming packets can help system network administrators detect an

Xmas Tree scan.


by Evangelina at May 06, 2022, 04:52 AM

Limited Time Offer

25%

Off

Get Premium ISSAP Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!


Save Cancel