nerdexam
GIAC

GPEN · Question #58

GPEN Question #58: Real Exam Question with Answer & Explanation

The correct answer is A. It may show smurf DoS attack in the network IDS of the victim. B. It leads to scanning of all the IP addresses on that subnet at the same time.. Scanning a broadcast IP address simultaneously probes every host on the subnet and can trigger IDS alerts that resemble a smurf DoS attack signature. The scan does not produce a tool error and is technically possible to perform.

Question

What happens when you scan a broadcast IP address of a network? Each correct answer represents a complete solution. Choose all that apply.

Options

  • AIt may show smurf DoS attack in the network IDS of the victim.
  • BIt leads to scanning of all the IP addresses on that subnet at the same time.
  • CIt will show an error in the scanning process.
  • DScanning of the broadcast IP address cannot be performed.

Explanation

Scanning a broadcast IP address simultaneously probes every host on the subnet and can trigger IDS alerts that resemble a smurf DoS attack signature. The scan does not produce a tool error and is technically possible to perform.

Common mistakes.

  • C. Scanning a broadcast IP address does not inherently cause a scanning tool error - most network scanners can send packets to broadcast addresses without failing or reporting an error condition.
  • D. Scanning broadcast IP addresses is technically possible with common tools such as Nmap; there is no protocol-level restriction that prevents this operation from being performed.

Concept tested. Broadcast address scanning and smurf DoS detection

Reference. https://www.rfc-editor.org/rfc/rfc2644

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GPEN Practice