What is the primary purpose of using the Nmap flag -sS?
-sS is the SYN stealth scan flag.
Why this answer
The Nmap flag -sS instructs Nmap to perform a SYN stealth scan, also known as a half-open scan. It sends a TCP SYN packet to the target port and, if a SYN/ACK is received, the port is considered open; the scanner then sends a RST to tear down the connection before the full TCP three-way handshake completes. This technique avoids completing the connection, making it less likely to be logged by the target's application layer and is the default scan type when run with root privileges.
Exam trap
EC-Council often tests the distinction between -sS (SYN stealth) and -sT (TCP connect), where candidates mistakenly think -sS completes the handshake or that -sT is the stealthier option.
How to eliminate wrong answers
Option A is wrong because OS detection is enabled with the -O flag, not -sS. Option C is wrong because a UDP scan is performed using the -sU flag, which sends UDP packets to target ports. Option D is wrong because a TCP connect scan uses the -sT flag, which completes the full three-way handshake using the operating system's connect() system call, unlike the half-open SYN scan.