312-50V13 · Question #622
312-50V13 Question #622: Real Exam Question with Answer & Explanation
The correct answer is D: ARP Ping Scan. To effectively identify live systems on a LAN with restrictive firewalls and many unused IP addresses, an ARP ping scan is the most effective host discovery technique.
Question
An ethical hacker is preparing to scan a network to identify live systems. To increase the efficiency and accuracy of his scans, he is considering several different host discovery techniques. He expects several unused IP addresses at any given time, specifically within the private address range of the LAN, but he also anticipates the presence of restrictive firewalls that may conceal active devices. Which scanning method would be most effective in this situation?
Options
- AICMP ECHO Ping Sweep
- BICMP Timestamp Ping
- CTCP SYN Ping
- DARP Ping Scan
Explanation
To effectively identify live systems on a LAN with restrictive firewalls and many unused IP addresses, an ARP ping scan is the most effective host discovery technique.
Common mistakes.
- A. ICMP ECHO ping sweeps are often blocked by restrictive firewalls, making them ineffective for discovering live hosts behind such firewalls.
- B. ICMP Timestamp pings are also a type of ICMP request and are susceptible to being blocked by restrictive firewalls, similar to ICMP ECHO.
- C. TCP SYN pings work at Layer 3/4 and can be blocked by stateful firewalls, especially if they are configured to drop unsolicited SYN packets or deny access to common ports.
Concept tested. Host discovery on LAN with restrictive firewalls
Reference. https://nmap.org/book/host-discovery-arp-scan.html
Topics
Community Discussion
No community discussion yet for this question.