Bird
Raised Fist0
Cybersecurityknowledge~20 mins

Port scanning with Nmap in Cybersecurity - Practice Problems & Coding Challenges

Choose your learning style10 modes available
LearnWhyDeepVisualPracticeChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Challenge - 5 Problems
🎖️
Nmap Port Scanning Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
📋 Factual
intermediate
2:00remaining
What does the Nmap command nmap -sS 192.168.1.1 perform?

Choose the correct description of what the command nmap -sS 192.168.1.1 does.

Cybersecurity
nmap -sS 192.168.1.1
APerforms a TCP SYN scan to check open ports on the target IP 192.168.1.1
BPerforms a UDP scan to check open UDP ports on the target IP 192.168.1.1
CPerforms a full TCP connect scan on all ports of 192.168.1.1
DPerforms a ping sweep to check if the host 192.168.1.1 is alive
Attempts:
2 left
💡 Hint

The -sS option is a common scan type in Nmap that uses a stealthy method.

🧠 Conceptual
intermediate
2:00remaining
Which Nmap option is used to scan only specific ports?

Identify the correct Nmap option to scan only ports 22, 80, and 443 on a target.

A-sP 22,80,443
B-p 22,80,443
C-T 22,80,443
D-oN 22,80,443
Attempts:
2 left
💡 Hint

Look for the option that specifies ports directly.

🔍 Analysis
advanced
2:00remaining
What is the main difference between nmap -sS and nmap -sT scans?

Analyze the difference in behavior between the two scan types and select the correct statement.

A<code>-sS</code> scans all ports; <code>-sT</code> scans only top 1000 ports
B<code>-sS</code> scans UDP ports; <code>-sT</code> scans TCP ports
C<code>-sS</code> performs a ping scan; <code>-sT</code> performs a SYN scan
D<code>-sS</code> performs a stealthy SYN scan without completing TCP handshake; <code>-sT</code> performs a full TCP connect scan completing the handshake
Attempts:
2 left
💡 Hint

Consider how each scan interacts with the TCP handshake process.

Reasoning
advanced
2:00remaining
If you want to scan a target without sending any packets that establish a full TCP connection, which Nmap scan should you use?

Select the Nmap scan type that avoids completing the TCP handshake to reduce detection risk.

A-sS (SYN scan)
B-sT (TCP connect scan)
C-sU (UDP scan)
D-sA (ACK scan)
Attempts:
2 left
💡 Hint

Think about which scan sends SYN packets but does not complete the handshake.

Comparison
expert
2:00remaining
Given the Nmap output below, which port is confirmed open and why?
PORT    STATE  SERVICE
22/tcp  open   ssh
80/tcp  filtered http
443/tcp closed https

Analyze the port states and select the correct explanation for the open port.

APort 80 is open because filtered means it is reachable
BPort 443 is open because it is closed but responds to probes
CPort 22 is open because Nmap received a response indicating the port is accepting connections
DPort 80 is open because it is filtered and may be open or closed
Attempts:
2 left
💡 Hint

Recall what 'open', 'filtered', and 'closed' mean in Nmap results.

Practice

(1/5)
1. What is the primary purpose of using nmap in cybersecurity?
easy
A. To find open ports on a network device
B. To encrypt network traffic
C. To create firewalls
D. To monitor user activity

Solution

  1. Step 1: Understand what port scanning means

    Port scanning is the process of checking which ports on a device are open and listening for connections.

  2. Step 2: Identify Nmap's role

    Nmap is a tool designed to perform port scanning to find open ports and services on devices.

  3. Final Answer:

    To find open ports on a network device -> Option A

  4. Quick Check:

    Port scanning = Finding open ports [OK]
Hint: Nmap scans ports to find open network services [OK]
Common Mistakes:
  • Confusing port scanning with encryption
  • Thinking Nmap creates firewalls
  • Assuming Nmap monitors user activity
2. Which of the following is the correct basic syntax to scan a single IP address using Nmap?
easy
A. nmap -open 192.168.1.1
B. nmap scan 192.168.1.1
C. nmap --check 192.168.1.1
D. nmap -sS 192.168.1.1

Solution

  1. Step 1: Recall Nmap command structure

    Nmap commands start with 'nmap' followed by options and then the target IP.

  2. Step 2: Identify correct option for scanning

    The '-sS' option is a common scan type (TCP SYN scan) and is valid syntax.

  3. Final Answer:

    nmap -sS 192.168.1.1 -> Option D

  4. Quick Check:

    Correct Nmap scan syntax = nmap -sS 192.168.1.1 [OK]
Hint: Use 'nmap -sS <IP>' for a basic TCP SYN scan [OK]
Common Mistakes:
  • Using 'scan' as a command option
  • Using invalid options like '-open' or '--check'
  • Omitting the scan type option
3. What will be the result of running nmap -p 22,80 192.168.0.10?
medium
A. Scan ports 22 and 80 on 192.168.0.10
B. Scan all ports on 192.168.0.10
C. Scan ports 22 to 80 on 192.168.0.10
D. Scan only port 80 on 192.168.0.10

Solution

  1. Step 1: Understand the '-p' option in Nmap

    The '-p' option specifies which ports to scan. Comma-separated values mean specific ports.

  2. Step 2: Analyze the ports listed

    Ports 22 and 80 are explicitly listed, so only these two ports will be scanned.

  3. Final Answer:

    Scan ports 22 and 80 on 192.168.0.10 -> Option A

  4. Quick Check:

    '-p 22,80' means scan ports 22 and 80 [OK]
Hint: Comma lists in '-p' scan only those ports [OK]
Common Mistakes:
  • Assuming '-p 22,80' scans all ports
  • Thinking it scans a range from 22 to 80
  • Ignoring the port list format
4. Identify the error in this Nmap command: nmap -p 80-22 192.168.1.5
medium
A. IP address format is incorrect
B. Port range is reversed; should be 22-80
C. Missing scan type option
D. No error; command is correct

Solution

  1. Step 1: Check port range syntax

    Port ranges must be in ascending order, e.g., 22-80, not 80-22.

  2. Step 2: Verify other parts of the command

    The IP address format is correct, and scan type is optional; default scan works.

  3. Final Answer:

    Port range is reversed; should be 22-80 -> Option B

  4. Quick Check:

    Port ranges must ascend, not descend [OK]
Hint: Port ranges must go from smaller to larger number [OK]
Common Mistakes:
  • Using descending port ranges
  • Thinking IP format is wrong
  • Believing scan type is always required
5. You want to scan a network range from 192.168.1.1 to 192.168.1.254 for open HTTP ports (port 80) only. Which Nmap command should you use?
hard
A. nmap -p 80 192.168.1.0-254
B. nmap -p 80 192.168.1.1/24
C. nmap -p 80 192.168.1.1-192.168.1.254
D. nmap -p 80 192.168.1.0/24

Solution

  1. Step 1: Understand how to specify IP ranges in Nmap

    Nmap accepts explicit ranges like '192.168.1.1-192.168.1.254' to scan all addresses in that range.

  2. Step 2: Check port and target correctness

    Port 80 is specified correctly with '-p 80'. The range '192.168.1.1-192.168.1.254' covers all hosts from .1 to .254.

  3. Step 3: Evaluate other options

    nmap -p 80 192.168.1.0-254 scans from 192.168.1.0 to 192.168.1.254, including the unwanted network address .0. nmap -p 80 192.168.1.1/24 uses CIDR /24 which scans the entire subnet (.0 to .255). nmap -p 80 192.168.1.0/24 scans the entire subnet including .0 and .255.

  4. Final Answer:

    nmap -p 80 192.168.1.1-192.168.1.254 -> Option C

  5. Quick Check:

    Explicit IP range with '-p 80' = nmap -p 80 192.168.1.1-192.168.1.254 [OK]
Hint: Use full IP range for precise scanning [OK]
Common Mistakes:
  • Using shorthand range 192.168.1.0-254 (includes .0)
  • Confusing CIDR notation with explicit ranges
  • Including network address (.0) in scan