What type of scan is indicated by the presence of URG, FIN, and PSH flags being set during a penetration test?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Master the CISSP Domain 3 exam, focusing on Risk Identification, Monitoring, and Analysis with quiz questions designed with hints and explanations. Prepare efficiently and pass your exam with confidence!

Multiple Choice

What type of scan is indicated by the presence of URG, FIN, and PSH flags being set during a penetration test?

Explanation:
The presence of URG, FIN, and PSH flags being set during a penetration test indicates that the scan is an Xmas scan. In networking, an Xmas scan is a type of stealth port scan used to identify open, closed, or filtered ports on a target system. The scan gets its name because it sends TCP packets with these three flags lit up, which can illuminate the state of the various ports much like the lights on a Christmas tree. When a host receives such a packet, it may respond differently based on the state of its ports. Open ports typically do not respond, closed ports will usually respond with a RST (reset) packet, and filtered ports may not respond at all or could respond with an ICMP message indicating the destination is unreachable. This behavior enables a penetration tester to glean important information about the security posture of the network without establishing a full connection, thus helping evade detection by intrusion detection systems. Other scan types listed do not match the characteristic flags of an Xmas scan. A SYN scan primarily uses only the SYN flag to probe ports, while an ACK scan employs the ACK flag, and a TCP flag scan generally refers to various non-specific flag manipulations that don’t accurately identify this specific combination of flags.

The presence of URG, FIN, and PSH flags being set during a penetration test indicates that the scan is an Xmas scan. In networking, an Xmas scan is a type of stealth port scan used to identify open, closed, or filtered ports on a target system. The scan gets its name because it sends TCP packets with these three flags lit up, which can illuminate the state of the various ports much like the lights on a Christmas tree.

When a host receives such a packet, it may respond differently based on the state of its ports. Open ports typically do not respond, closed ports will usually respond with a RST (reset) packet, and filtered ports may not respond at all or could respond with an ICMP message indicating the destination is unreachable. This behavior enables a penetration tester to glean important information about the security posture of the network without establishing a full connection, thus helping evade detection by intrusion detection systems.

Other scan types listed do not match the characteristic flags of an Xmas scan. A SYN scan primarily uses only the SYN flag to probe ports, while an ACK scan employs the ACK flag, and a TCP flag scan generally refers to various non-specific flag manipulations that don’t accurately identify this specific combination of flags.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy