CompTIA CySA+ (CS0-001) — Question 78
A security administrator recently deployed a virtual honeynet. The honeynet is not protected by the company's firewall, while all production networks are protected by a stateful firewall. Which of the following would BEST allow an external penetration tester to determine which one is the honeynet's network?
Answer options
- A. Banner grab
- B. Packet analyzer
- C. Fuzzer
- D. TCP ACK scan
Correct answer: D
Explanation
A TCP ACK scan is effective in differentiating between a firewall-protected network and one that is not, as it can reveal the presence of a honeynet by responding differently compared to the production networks. The other options, while useful in various contexts, do not specifically target the identification of a network setup as effectively as a TCP ACK scan.