A penetration tester ran an Nmap scan on an Internetfacing n

A penetration tester ran an nmap scan on an internetfacing n - CompTIA Pentest+ PT0-003

Question

A penetration tester ran an Nmap scan on an Internet-facing network device with the -F option and found a few open ports. To further enumerate, the tester ran another scan using the following command: nmap -O -A -sS -p- 100.100.100.50
Nmap returned that all 65,535 ports were filtered
Which of the following MOST likely occurred on the second scan?

Answers

correct

A firewall or IPS blocked the scan.
The penetration tester used unsupported flags.
The edge network device was disconnected.
The scan returned ICMP echo replies.

Explanation

Correct Answer: A. A firewall or IPS blocked the scan.

In the first scan, the penetration tester used nmap -F, which performs a fast scan of only the most common 100 ports. This scan succeeded and returned a few open ports.

In the second scan, the tester used:

css

nmap -O -A -sS -p- 100.100.100.50

This command does the following:

-O → Enables OS detection.
-A → Enables aggressive scan mode (OS detection, version detection, script scanning, and traceroute).
-sS → Performs a stealth SYN scan.
-p- → Scans all 65,535 ports instead of just common ones.

Since all 65,535 ports were returned as "filtered," this strongly indicates that a firewall or Intrusion Prevention System (IPS) blocked the scan.

Why?

A firewall or IPS may detect the aggressive scan and drop or reject the packets, making it look like all ports are "filtered."
The first scan (-F) succeeded because it was less aggressive and only checked common ports, which may have been allowed through.
The second scan (-p- -A -O -sS) was much more intrusive, triggering security controls to block the scanning attempt.

Why the Other Options Are Incorrect:

The penetration tester used unsupported flags.

The flags used (-O -A -sS -p-) are all valid and commonly used in penetration tests.
If the flags were unsupported, Nmap would return an error, not "all ports filtered."

The edge network device was disconnected.

If the device was disconnected, Nmap would not receive any response and would likely return host down (or no response) instead of all ports filtered.
A firewall/IPS blocking traffic is a more likely scenario.

The scan returned ICMP echo replies.

If an ICMP response (like a ping reply) was received, it would not result in all ports being marked as filtered.
ICMP replies indicate that the host is up, but they do not determine port filtering.

View Full Course Content Try our Free Questions

No Payment Cards Needed

CompTIA Pentest+ exam

Normally $69

$45/month

Subjects Included

CompTIA Pentest+

Additional Features

Over 300 Practice Questions with Answers
Quizzes in every Lesson Provided
Detailed Analysis of Questions with Answers and Explanations
Detailed Notes with Chapters, Topics & Lessons
24/7 Live chat support
24/7 WhatsApp support
One Full Month Access

Get Started

View Other Pricing Plans

CompTIA Prep

CompTIA Cloud+ CV0-004

Start Course Prep

CompTIA Prep

CompTIA Server+ SK0-005

Start Course Prep

Easy way to pass your test within a week with prepsaret

You don’t need one month to study and pass your test.
With Prepsaret, it takes you a few days to grasp all the concepts needed to pass your exams

View Courses Offered