Bird
Raised Fist0
Cybersecurityknowledge~5 mins

Scanning and enumeration in Cybersecurity - Cheat Sheet & Quick Revision

Choose your learning style10 modes available
LearnWhyDeepVisualPracticeChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Recall & Review
beginner
What is the main purpose of scanning in cybersecurity?
Scanning is used to discover live hosts, open ports, and services on a network to identify potential targets for further analysis.
Click to reveal answer
beginner
Define enumeration in the context of cybersecurity.
Enumeration is the process of gathering detailed information about network resources, users, shares, and services after scanning has identified potential targets.
Click to reveal answer
intermediate
How does scanning differ from enumeration?
Scanning identifies live systems and open ports, while enumeration digs deeper to extract detailed information like usernames, network shares, and service versions.
Click to reveal answer
beginner
Name two common tools used for scanning and enumeration.
Nmap is widely used for scanning networks and ports. Tools like NetBIOS enumeration tools or SNMPwalk are used for enumeration to gather detailed network information.
Click to reveal answer
intermediate
Why is scanning and enumeration important in penetration testing?
They help identify vulnerabilities by mapping the network and gathering detailed information, which guides the tester to exploit weaknesses effectively.
Click to reveal answer
What does scanning primarily detect in a network?
ALive hosts and open ports
BUser passwords
CMalware infections
DFirewall rules
Which process involves gathering usernames and network shares?
AScanning
BPhishing
CExploitation
DEnumeration
Which tool is commonly used for network scanning?
AWireshark
BMetasploit
CNmap
DJohn the Ripper
What is the next step after scanning in a penetration test?
AEnumeration
BReporting
CExploitation
DPassword cracking
Why should scanning and enumeration be done carefully?
AThey delete important files
BThey can alert network defenders
CThey always cause system crashes
DThey are illegal in all cases
Explain the difference between scanning and enumeration in cybersecurity.
Think about what each step discovers about the network.
You got /2 concepts.
    Describe why scanning and enumeration are important steps in penetration testing.
    Consider how these steps help a tester understand the network.
    You got /4 concepts.

      Practice

      (1/5)
      1. What is the main purpose of scanning in cybersecurity?
      easy
      A. To find active devices and open ports on a network
      B. To collect detailed user account information
      C. To encrypt data during transmission
      D. To block unauthorized access automatically

      Solution

      1. Step 1: Understand scanning basics

        Scanning is used to detect which devices are active and which ports are open on a network.

      2. Step 2: Differentiate from enumeration

        Enumeration goes deeper to gather detailed info, but scanning is about discovery.

      3. Final Answer:

        To find active devices and open ports on a network -> Option A

      4. Quick Check:

        Scanning = Finding devices and ports [OK]
      Hint: Scanning finds devices and ports first, enumeration follows [OK]
      Common Mistakes:
      • Confusing scanning with enumeration
      • Thinking scanning encrypts data
      • Assuming scanning blocks access
      2. Which of the following is the correct syntax to run a basic port scan using the Nmap tool?
      easy
      A. nmap scan 192.168.1.1 -open
      B. nmap -sS 192.168.1.1
      C. scan -nmap 192.168.1.1
      D. nmap --list-ports 192.168.1.1

      Solution

      1. Step 1: Identify correct Nmap command format

        The correct Nmap syntax for a TCP SYN scan is nmap -sS [target].

      2. Step 2: Check options for errors

        Options like 'scan' or '--list-ports' are incorrect or invalid in this context.

      3. Final Answer:

        nmap -sS 192.168.1.1 -> Option B

      4. Quick Check:

        Nmap SYN scan = nmap -sS [IP] [OK]
      Hint: Nmap SYN scan uses -sS flag before target IP [OK]
      Common Mistakes:
      • Using invalid flags like --list-ports
      • Placing options after IP incorrectly
      • Confusing scan command syntax
      3. Consider this Nmap output snippet:
      PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
443/tcp  closed https

      What does this output tell you about port 443?
      medium
      A. Port 443 is closed and not accepting connections
      B. Port 443 is filtered by a firewall
      C. Port 443 is open and accepting connections
      D. Port 443 is in an unknown state

      Solution

      1. Step 1: Read port state from output

        The output shows port 443/tcp as 'closed', meaning it is not open for connections.

      2. Step 2: Understand port states

        'Closed' means the port is reachable but no service is listening; 'filtered' would mean blocked by firewall.

      3. Final Answer:

        Port 443 is closed and not accepting connections -> Option A

      4. Quick Check:

        Port 443 state = closed means no connection [OK]
      Hint: Closed port means reachable but no service listening [OK]
      Common Mistakes:
      • Confusing closed with filtered
      • Assuming closed means open
      • Ignoring port state labels
      4. You run an enumeration command but get no detailed user info. Which of these is the most likely cause?
      medium
      A. The target device is offline
      B. The network cable is unplugged
      C. You used scanning instead of enumeration
      D. The enumeration tool lacks proper permissions

      Solution

      1. Step 1: Analyze why enumeration fails

        Enumeration requires permissions to access detailed info; without them, it returns nothing.

      2. Step 2: Eliminate other options

        If the device was offline or cable unplugged, scanning would fail too; scanning vs enumeration is about info depth, not success.

      3. Final Answer:

        The enumeration tool lacks proper permissions -> Option D

      4. Quick Check:

        Permissions needed for enumeration details [OK]
      Hint: No info? Check permissions for enumeration tool [OK]
      Common Mistakes:
      • Confusing scanning failure with enumeration failure
      • Ignoring permission requirements
      • Assuming device offline without checking
      5. You want to create a report listing all active devices and their open ports on a network, then gather usernames from those devices. Which sequence of actions is best?
      hard
      A. Run enumeration first, then scanning
      B. Only run enumeration since it finds devices and usernames
      C. Run scanning to find devices and ports, then enumeration for usernames
      D. Only run scanning since it finds all info needed

      Solution

      1. Step 1: Understand scanning and enumeration roles

        Scanning finds active devices and open ports; enumeration collects detailed info like usernames.

      2. Step 2: Determine correct order

        You must scan first to identify targets, then enumerate those targets for detailed info.

      3. Final Answer:

        Run scanning to find devices and ports, then enumeration for usernames -> Option C

      4. Quick Check:

        Scan first, then enumerate details [OK]
      Hint: Scan to find devices, enumerate for details next [OK]
      Common Mistakes:
      • Reversing scanning and enumeration order
      • Assuming scanning finds usernames
      • Skipping scanning step