SY0-501 · Question #233
SY0-501 Question #233: Real Exam Question with Answer & Explanation
The correct answer is C: The vulnerability scanner is performing in network sniffer mode.. To remain covert during network enumeration and vulnerability scanning, a black hat hacker should employ methods that minimize active interaction with target systems.
Question
A black hat hacker is enumerating a network and wants to remain convert during the process. The hacker initiates a vulnerability scan. Given the task at hand the requirement of being convert, which of the following statements BEST indicates that the vulnerability scan meets these requirements?
Options
- AThe vulnerability scanner is performing an authenticated scan.
- BThe vulnerability scanner is performing local file integrity checks.
- CThe vulnerability scanner is performing in network sniffer mode.
- DThe vulnerability scanner is performing banner grabbing.
Explanation
To remain covert during network enumeration and vulnerability scanning, a black hat hacker should employ methods that minimize active interaction with target systems.
Common mistakes.
- A. An authenticated scan requires logging into target systems with credentials, which is an active and highly detectable process that leaves logs and is not covert.
- B. Performing local file integrity checks involves direct access and interaction with a target system's file system, which is an active and easily detectable operation.
- D. Banner grabbing is an active technique where the scanner sends requests to services to elicit banner information, which generates network traffic and can be logged by the target system, compromising covertness.
Concept tested. Covert network reconnaissance and passive scanning techniques
Reference. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf
Community Discussion
No community discussion yet for this question.