A penetration tester is performing host discovery on a subnet. Which TWO of the following Nmap options can be used to discover live hosts?
-sn is the ping sweep flag for host discovery.
Why this answer
Both -sn (ping sweep) and -sP (older alias for ping sweep) perform host discovery without port scanning. -sS and -sV are for port scanning and version detection respectively, not host discovery.