Three-Way Handshake — CompTIA PenTest+ (PT0-002) Practice Questions

The TCP three-way handshake is the connection establishment process in which a client sends a SYN packet, the server responds with a SYN-ACK, and the client completes the exchange with an ACK, after which data transfer can begin. For the PT0-002 exam, this concept underpins the distinction between different Nmap scan types, particularly the full connect scan versus the SYN (stealth) scan, which sends a SYN but resets the connection before it completes. Understanding the handshake also explains why certain firewalls and intrusion detection systems trigger on incomplete or malformed sequences. Candidates are expected to know how the handshake informs scan detection risk and what each variation reveals about a target port's state.

Free questions on three-way handshake