Null Scan — CompTIA PenTest+ (PT0-002) Practice Questions

A null scan is a TCP reconnaissance technique in which a probe packet is sent with no flags set in the TCP header. Because RFC 793-compliant closed ports respond with a RST packet while open ports typically drop the probe silently, null scans can infer port state while potentially evading simple firewall rule sets. PT0-002 tests candidates on when and why to choose null scans versus other scan types, and on their limitations against modern stateful firewalls and Windows hosts. Understanding the technique also requires knowing how intrusion detection systems may still fingerprint it based on the anomalous header.

Free questions on null scan