You need to quickly discover which hosts are up in the 192.168.1.0/24 subnet and determine which TCP ports are open on those hosts. You want to avoid extra enumeration such as OS fingerprinting or NSE script execution so that the scan finishes as fast as possible. Which Nmap command best meets these requirements?
The -sS option triggers a TCP SYN scan. By default Nmap first performs host-discovery probes and then sends half-open SYN probes to the most common TCP ports, identifying which hosts are up and which of those ports are open. Because it does not enable OS detection (-O), version detection, or NSE scripts (which -A would), it completes more quickly while still providing both live-host information and port status. Using -sn (formerly -sP) would only perform host discovery and would not report any open ports. The -O and -A options both add additional enumeration steps that slow the scan and were specifically excluded in the scenario.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a Ping Scan in Nmap?
Open an interactive chat with Bash
What is the difference between 'nmap -sP' and 'nmap -A'?
Open an interactive chat with Bash
What does 'nmap -sS' do and why is it not suitable for just identifying live hosts?