During a penetration test, Mikaela needs to identify systems, but she hasn't gained sufficient access on the system she is using to generate raw packets. What type of scan should she run to verify the most open services?

When a tester does not have raw packet creation privileges, such as when she has not escalated privileges on a compromised host, a TCP connect scan can be used. TCP SYN scans require elevated privileges on most Linux systems due to the need to write raw packets. A UDP scan will miss most services that are provided via TCP, and an ICMP scan is merely a ping sweep of systems that respond to pings and won't identify services at all.