Which scan type is a variant of inverse TCP scanning that uses the FIN, URG, and PUSH flags set to send a TCP frame to a remote device?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which scan type is a variant of inverse TCP scanning that uses the FIN, URG, and PUSH flags set to send a TCP frame to a remote device?

Explanation:
This question is about recognizing a TCP scan technique by the flags it uses. The key idea is that different flag combinations in a TCP header create distinct scan methods, each with its own behavior and purpose for probing ports. The Xmas scan sets FIN, URG, and PUSH (PSH) flags all at once in a single TCP segment. This combination gives the packet a “lit Christmas tree” appearance, which is where the name comes from. It’s considered a variant of FIN-based scans that aim to be stealthier, by sending unusual-looking packets that may bypass some simple firewalls or detection rules. How the target responds (or doesn’t respond) helps infer whether a port is open or closed: typically, a closed port replies with a reset, while an open port often yields no response. This pattern is exactly what the described method is designed to do—send a TCP frame with those specific flags to a remote device in order to probe port status covertly. Other options involve different flag usage or probing techniques that don’t match this FIN/URG/PSH flag combination, so they aren’t the same method.

This question is about recognizing a TCP scan technique by the flags it uses. The key idea is that different flag combinations in a TCP header create distinct scan methods, each with its own behavior and purpose for probing ports.

The Xmas scan sets FIN, URG, and PUSH (PSH) flags all at once in a single TCP segment. This combination gives the packet a “lit Christmas tree” appearance, which is where the name comes from. It’s considered a variant of FIN-based scans that aim to be stealthier, by sending unusual-looking packets that may bypass some simple firewalls or detection rules. How the target responds (or doesn’t respond) helps infer whether a port is open or closed: typically, a closed port replies with a reset, while an open port often yields no response. This pattern is exactly what the described method is designed to do—send a TCP frame with those specific flags to a remote device in order to probe port status covertly.

Other options involve different flag usage or probing techniques that don’t match this FIN/URG/PSH flag combination, so they aren’t the same method.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy