CompTIA CySA+ (CS0-001) — Question 256

A network technician is concerned that an attacker is attempting to penetrate the network, and wants to set a rule on the firewall to prevent the attacker from learning which IP addresses are valid on the network. Which of the following protocols needs to be denied?

Answer options

• A. TCP
• B. SMTP
• C. ICMP
• D. ARP

Correct answer: C

Explanation

The correct answer is ICMP, as this protocol allows for pinging and can be used to discover live hosts on a network. By blocking ICMP, the technician can prevent an attacker from using tools that rely on this protocol to identify valid IP addresses. The other options (TCP, SMTP, and ARP) do not serve the same purpose for probing the network's valid IPs.