Certified Network Defender (CND) — Question 103

Which filter to locate unusual ICMP request an Analyst can use in order to detect a ICMP probes from the attacker to a target OS looking for the response to perform ICMP based fingerprinting?

Answer options

• A. (icmp.type==9 && ((!(icmp.code==9))
• B. (icmp.type==8 && ((!(icmp.code==8))
• C. (icmp.type==12) | | (icmp.type==15| |(icmp.type==17)
• D. (icmp.type==14) | | (icmp.type==15| |(icmp.type==17)

Correct answer: B

Explanation

The correct answer is B because it matches the ICMP Echo Request type (type 8) that is commonly sent by attackers to probe the target. The other options either refer to different ICMP types or codes that do not represent the typical probing behavior associated with fingerprinting.