Which scan type is a variant of inverse TCP scanning that uses the FIN, URG, and PUSH flags set to send a TCP frame to a remote device?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam. Study with comprehensive questions and explanations. Equip yourself with the skills needed for success!

Multiple Choice

Which scan type is a variant of inverse TCP scanning that uses the FIN, URG, and PUSH flags set to send a TCP frame to a remote device?

Explanation:
This question is about recognizing a TCP scan technique by the flags it uses. The key idea is that different flag combinations in a TCP header create distinct scan methods, each with its own behavior and purpose for probing ports. The Xmas scan sets FIN, URG, and PUSH (PSH) flags all at once in a single TCP segment. This combination gives the packet a “lit Christmas tree” appearance, which is where the name comes from. It’s considered a variant of FIN-based scans that aim to be stealthier, by sending unusual-looking packets that may bypass some simple firewalls or detection rules. How the target responds (or doesn’t respond) helps infer whether a port is open or closed: typically, a closed port replies with a reset, while an open port often yields no response. This pattern is exactly what the described method is designed to do—send a TCP frame with those specific flags to a remote device in order to probe port status covertly. Other options involve different flag usage or probing techniques that don’t match this FIN/URG/PSH flag combination, so they aren’t the same method.

This question is about recognizing a TCP scan technique by the flags it uses. The key idea is that different flag combinations in a TCP header create distinct scan methods, each with its own behavior and purpose for probing ports.

The Xmas scan sets FIN, URG, and PUSH (PSH) flags all at once in a single TCP segment. This combination gives the packet a “lit Christmas tree” appearance, which is where the name comes from. It’s considered a variant of FIN-based scans that aim to be stealthier, by sending unusual-looking packets that may bypass some simple firewalls or detection rules. How the target responds (or doesn’t respond) helps infer whether a port is open or closed: typically, a closed port replies with a reset, while an open port often yields no response. This pattern is exactly what the described method is designed to do—send a TCP frame with those specific flags to a remote device in order to probe port status covertly.

Other options involve different flag usage or probing techniques that don’t match this FIN/URG/PSH flag combination, so they aren’t the same method.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy