nerdexam
EC-Council

312-50V10 · Question #911

Andrew is an Ethical Hacker who was assigned the task of discovering all the active devices hidden by a restrictive firewall in the IPv4 range in a given target network. Which of the following host di

The correct answer is C. app ping scan. To discover active hosts hidden by a restrictive firewall in a local IPv4 range, ARP ping scan is the optimal technique because ARP operates below the network layer where firewalls filter traffic.

Scanning Networks

Question

Andrew is an Ethical Hacker who was assigned the task of discovering all the active devices hidden by a restrictive firewall in the IPv4 range in a given target network. Which of the following host discovery techniques must he use to perform the given task?

Options

  • AUDP scan
  • BTCP Maimon scan
  • Capp ping scan
  • DACK flag probe scan

How the community answered

(43 responses)
  • A
    5% (2)
  • B
    12% (5)
  • C
    77% (33)
  • D
    7% (3)

Why each option

To discover active hosts hidden by a restrictive firewall in a local IPv4 range, ARP ping scan is the optimal technique because ARP operates below the network layer where firewalls filter traffic.

AUDP scan

UDP scan is a port-scanning technique used to identify open UDP services on already-known hosts, not a host discovery method capable of bypassing firewall filtering.

BTCP Maimon scan

TCP Maimon scan sends FIN/ACK probes to infer port state on known hosts and is a port scanning technique, not a host discovery method designed to circumvent firewalls.

Capp ping scanCorrect

ARP ping scan ('app ping scan' is likely a typographical rendering of 'arp ping scan') sends ARP requests at OSI Layer 2, which bypasses firewall rules that operate at Layer 3 and above. Because ARP is fundamental to IP communication on local networks, it is almost never filtered, allowing discovery of hosts that block ICMP or TCP-based probes. Nmap implements this via the -PR flag and uses it automatically when scanning local subnets.

DACK flag probe scan

ACK flag probe scan is used to map firewall rulesets and distinguish filtered from unfiltered ports, not to discover which hosts are active in a network range.

Concept tested: ARP ping scan for host discovery bypassing firewalls

Source: https://nmap.org/book/host-discovery-techniques.html

Topics

#host discovery#ARP ping scan#firewall bypass#IPv4 scanning

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice