Which of the following best describes the observable behavior indicating a port scan?

Study for the Wireshark Block 5 Exam. Prepare with flashcards and multiple choice questions, each offering hints and explanations. Ace your exam with the best resources!

Multiple Choice

Which of the following best describes the observable behavior indicating a port scan?

Explanation:
Port scanning shows up in traffic as probes across many ports to a single target. The clearest indicator is sending TCP SYN packets to a range of different ports on the same host, effectively checking which ports respond and which don’t. That pattern—multiple SYNs aimed at multiple ports—directly maps to the act of discovering open or closed ports. A single DNS query is just one lookup, not a scan across ports. A flood of UDP packets to DNS targets a DNS service and doesn’t imply scanning multiple ports. Repeated ARP requests relate to resolving MAC addresses on the local network, not testing port states on a remote host.

Port scanning shows up in traffic as probes across many ports to a single target. The clearest indicator is sending TCP SYN packets to a range of different ports on the same host, effectively checking which ports respond and which don’t. That pattern—multiple SYNs aimed at multiple ports—directly maps to the act of discovering open or closed ports.

A single DNS query is just one lookup, not a scan across ports. A flood of UDP packets to DNS targets a DNS service and doesn’t imply scanning multiple ports. Repeated ARP requests relate to resolving MAC addresses on the local network, not testing port states on a remote host.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy