Palo Alto Networks (PANW) Certified Cybersecurity Entry-level Technician (PCCET) Practice Exam

How do attackers prevent port scans from being noticed by monitoring software?

• A. A. Scan ports so quickly it is finished before it can be detected and stopped
• B. B. Scan ports so slowly it looks like random attempts to connect, rather than a concerted attack
• C. C. Scan ports from an internal device
• D. D. Scan ports through WiFi instead of Ethernet

The correct answer is: B. Scan ports so slowly it looks like random attempts to connect, rather than a concerted attack

Attackers often adopt strategies to remain undetected while conducting reconnaissance activities such as port scanning. Scanning ports slowly can help them blend their activities into seemingly normal network traffic, making it harder for monitoring software to discern a pattern that indicates an attack. By mimicking random attempts to connect, the scanning process may appear similar to legitimate user behavior. This subtlety can serve to avoid triggering alerts or other defensive mechanisms that are set up to detect and respond to more rapid and concentrated scanning efforts, which are often recognized as malicious behavior. In contrast, scanning ports quickly may indeed lead to detection due to the unusually high volume of attempts in a short time frame, which would raise alarms with monitoring tools. Scanning from an internal device and through WiFi instead of Ethernet does not inherently prevent detection; the visibility of such actions largely depends on network design and monitoring strategies in place. Therefore, adopting a slower scanning pace represents a more sophisticated and less detectable approach to gathering information about the target network.