During a penetration test, which command helps quickly identify live hosts on a network without a full port scan?

Using the command "nmap -sn 192.168.1.1/24" is an effective way to identify live hosts on a network without performing a full port scan. The "-sn" option instructs Nmap to perform a "ping scan," which means it will send ICMP echo requests to the specified range of IP addresses (in this case, the subnet 192.168.1.1/24) and report back which hosts respond. This allows for quick identification of active devices on the network.

The key benefit of using the ping scan is its speed and efficiency in discovering live hosts without the overhead of checking numerous ports, which is what a full port scan entails. By focusing solely on identifying which devices are currently reachable and responding, this command provides a straightforward way to map out the network without overwhelming it with excessive traffic or revealing detailed information about services running on those hosts.

The other options involve different types of scanning techniques. For instance, using "-PU" specifies a UDP port scan, which could take a longer time and might not be as effective for quickly listing live hosts. Similarly, options "-PA" and "-PS" specify TCP ACK and SYN scans respectively to probe specific ports for live hosts, but they