What does the -A option do in Nmap and what are the risks of using it on sensitive networks?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the Nmap and ZenMap Tests. Access flashcards and multiple choice questions, with hints and explanations for each question. Ensure success in your exam!

Multiple Choice

What does the -A option do in Nmap and what are the risks of using it on sensitive networks?

Explanation:
The -A option combines several discovery tasks into one scan: OS detection, version detection, script scanning, and traceroute. OS detection fingerprints the target’s operating system by examining how it responds to crafted network probes. Version detection probes services to identify the software and its version. Script scanning runs the default NSE scripts to gather additional information or checks. Traceroute maps the path to the target across the network. This makes -A a powerful single-run option, but it is resource-intensive because it touches many services, analyzes many responses, and can take longer to complete. It is also highly detectable by network defenses, since the broad probing patterns stand out to IDS/IPS systems and generate more distinctive logs. On sensitive networks, using it increases the risk of triggering alarms, violating policies, or impacting network performance. It’s best to use with explicit authorization and, when possible, opt for more targeted or lighter alternatives to minimize impact while gathering the needed information.

The -A option combines several discovery tasks into one scan: OS detection, version detection, script scanning, and traceroute. OS detection fingerprints the target’s operating system by examining how it responds to crafted network probes. Version detection probes services to identify the software and its version. Script scanning runs the default NSE scripts to gather additional information or checks. Traceroute maps the path to the target across the network.

This makes -A a powerful single-run option, but it is resource-intensive because it touches many services, analyzes many responses, and can take longer to complete. It is also highly detectable by network defenses, since the broad probing patterns stand out to IDS/IPS systems and generate more distinctive logs.

On sensitive networks, using it increases the risk of triggering alarms, violating policies, or impacting network performance. It’s best to use with explicit authorization and, when possible, opt for more targeted or lighter alternatives to minimize impact while gathering the needed information.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy