Test your knowledge of Nmap topics
Posted on
March 22, 2022
by

The most popular vulnerability scanner and information-gathering networking tool in the cybersecurity realm is arguably Nmap, the network mapper. Open source, free, and command-line based, Nmap is a key tool for cybersecurity specialists. Base-level knowledge of Nmap is a necessity for many security-related IT certification exams including the PenTest+ and Security+ exams offered by tech industry association CompTIA.

Given the prevalence of Nmap, it is a good idea for most IT professionals to have some familiarity with this tool and to be able to answer some simple questions about it. What follows is a self-test of 25 questions that address Nmap basics and commands. In all cases, pick the best answer(s) to each question. The answers appear at the end of the questions. Good luck!

1. You would like to scan both http and https ports. Which of the following options will accomplish this?
A. nmap -p 80,81 [address]
B. nmap -p http* [address]
C. nmap -www [address]
D. nmap -http{s} [address]

2. By default, Nmap uses which type of scan?
A. TCP MAIMON
B. TCP ACK
C. TCP CONNECT
D. TCP SYN

3. Nmap offers the ability to fragment packets. What would be a primary reason for wanting/needing to do this?
A. Transmitting across wireless network
B. Organizing a denial of service attack
C. Evading the firewall
D. To aid with application identification

4. Which of the following is the interactive, graphical, interface that can display the results Nmap has discovered?
A. OpenView
B. Nessus
C. Zenmap
D. Qdar

5. By default, how many of the most popular ports for each protocol are scanned by an Nmap scan?
A. 100
B. 1,000
C. 1,024
D. 65,535

6. What operation will the command nmap -sT {host address} perform?
A. A, Xmas Tree scan on the host specified
B. A raw Ethernet scan on the host specified
C. A forced reverse DNS scan on the host specified
D. A TCP Connect scan on the host specified

7. What is the result of using the -Pn option with Nmap?
A. The results are formatted into a tabled display format
B. Disk partitions discovered are also displayed
C. Ping is disabled
D. Persistence is added to the testing

8. What will the -O option provide with nmap?
A. Open port list
B. Syntax list for all operands
C. Open event log entries
D. Operating system detection

9. What does it mean if a port is in an “unfiltered” state?
A. The port is not accessible
B. The port is accessible, but Nmap is unable to determine whether it is open or closed
C. The port is not responding and Nmap is unable to determine if the host is up or simply not accessible
D. While the port is accessible, it will not enter LISTEN mode

10. Which option can be used to reduce a scan to 1/10th of the most common ports in each protocol typically scanned by default?
A. -F
B. -Q
C. -C
D. -X

11. Which of the following is the text value of the -T2 command?
A. Sneaky
B. Insane
C. Normal
D. Polite

12. Which command option can be used with nmap to see all available commands?
A. -?
B. -all
C. -h
D. -cm

13. Service version detection is performed by using which nmap option?
A. -sV
B. -v
C. -V
D. -s

14. Nmap can be used to find out which hosts are alive in a network by performing which of the following?
A. Port pursue
B. Network brush
C. Ping sweep
D. Host scour

15. Which of the following options will scan ports 100, 200, and 300?
A. -p [1,2,3][00]
B. -p 100-200-300
C. -p 100,200,300
D. -p 100/200/300

Please visit GoCertify to attempt the remaining 10 questions of this quiz.


ANSWERS

1. B: The command nmap -p http* [address] will scan both http and https ports on the host(s) with the specified address.
2. D: By default, Nmap uses TCP SYN scans.
3. C: Nmap offers the ability to fragment packets and one of the main reasons for wanting/needing to do this is for firewall evasion.
4. C: Zenmap is the interactive, graphical, interface that can display the results Nmap has discovered.
5. B: By default, 1,000 of the most popular ports for each protocol are scanned by an Nmap scan.
6. D: The command nmap -sT {host address} will perform a TCP Connect scan on the host specified.
7. C:  Using the -Pn option with Nmap disables the ping.
8. D: The -O option is used for operating system detection.
9. B: An unfiltered state means the port is accessible, but Nmap is unable to determine whether it is open or closed.
10. A: By default, 1,000 of the most popular ports for each protocol are scanned. When you use the -F option, this reduces the number to 100 (1/10th of the default) of the most common ports.
11. D: T2 has a text value of Polite. The six text values corresponding for T0 to T5 are: Paranoid, Sneaky, Polite, Normal, Aggressive, Insane.
12. C: The command nmap -h will show all available commands and their syntax.
13. A: Service version detection is performed by using nmap -sV.
14. C: Nmap can be used to find out which hosts are alive in a network by performing a ping sweep.
15. C: The -p option is used to specify specific ports to scan. In this case, -p 100,200,300 will scan port 100, port 200, and port 300.

About the Author

Emmett Dulaney is a professor at a small university and the author of the CompTIA Network+ Exam Cram, CompTIA Security+ Study Guide and CompTIA Cloud+ Live Lessons.

Posted to topic:
Certification