Free EC-Council 312-50V13 CEH V13 Actual Exam Questions - Question 6 Discussion

D, since decoys create noise that can throw off intrusion detection systems.

D Decoys are a classic trick to confuse IDS by blending real traffic with fake sources. The others don’t really focus on evasion as directly as D does.

B/D? I get why D is popular since decoys mask the source IP, but those odd flags in B (-0N/-0X/-0G) are actually related to different scan types or obfuscations that can slip past some firewalls or IDS by changing packet types or payloads. Timing (-T) just speeds or slows scans, not true evasion. So either D or B, depending on how you define evasion—D for confusing the IDS with fake IPs, B for messing with signature detection.

I agree, D is the best choice here. Using decoys (-D) can confuse IDS by making it hard to tell which IP is the real scanner, which directly helps evade detection.

B, those look like obfuscation flags meant to confuse detection tools more than timing.

Maybe D again. The -D option throws off detection by mixing real scans with decoy IP addresses, which can confuse firewalls or IDS. The other options either relate to timing (-T), DNS resolution (-n/-R), or don’t really exist as valid switches (-0N/-0X/-0G). So it makes sense that D is the one designed specifically for evasion.

This one seems pretty straightforward-D. -D is the decoy option in Nmap to help evade IDS or firewalls by hiding your real IP among fake ones. The others don’t really fit for stealth evasion here.