312-50V12 · Question #206
312-50V12 Question #206: Real Exam Question with Answer & Explanation
The correct answer is D: UDP Ping Scan. To identify live hosts on a network with strict TCP filtering, a penetration tester should use a UDP Ping Scan to bypass these specific firewall restrictions.
Question
A penetration tester was assigned to scan a large network range to find live hosts. The network is known for using strict TCP filtering rules on its firewall, which may obstruct common host discovery techniques. The tester needs a method that can bypass these firewall restrictions and accurately identify live systems. What host discovery technique should the tester use?
Options
- AICMP Timestamp Ping Scan
- BICMP ECHO Ping Scan
- CTCP SYN Ping Scan
- DUDP Ping Scan
Explanation
To identify live hosts on a network with strict TCP filtering, a penetration tester should use a UDP Ping Scan to bypass these specific firewall restrictions.
Common mistakes.
- A. ICMP Timestamp Ping Scans, while using ICMP, can still be blocked by firewalls that filter general ICMP traffic, making them unreliable for bypassing strict firewall rules.
- B. ICMP ECHO Ping Scans are the most common form of ping and are frequently blocked by firewalls as a basic security measure, failing to bypass strict filtering.
- C. TCP SYN Ping Scans rely on sending TCP SYN packets, which would be directly blocked by firewalls with 'strict TCP filtering rules' as explicitly stated in the question.
Concept tested. Host discovery with firewall evasion
Topics
Community Discussion
No community discussion yet for this question.