Certified Network Defender (CND) — Question 73

Cindy is the network security administrator for her company. She just got back from a security conference in Las Vegas where they talked about all kinds of old and new security threats; many of which she did not know of. She is worried about the current security state of her company's network so she decides to start scanning the network from an external IP address. To see how some of the hosts on her network react, she sends out SYN packets to an IP range. A number of
IPs respond with a SYN/ACK response. Before the connection is established, she sends RST packets to those hosts to stop the session. She has done this to see how her intrusion detection system will log the traffic. What type of scan is Cindy attempting here?

Answer options

• A. The type of scan she is using is called a NULL scan.
• B. Cindy is attempting to find live hosts on her company's network by using a XMAS scan.
• C. Cindy is using a half-open scan to find live hosts on her network.
• D. She is utilizing a RST scan to find live hosts that are listening on her network.

Correct answer: C

Explanation

Cindy is conducting a half-open scan, which involves sending SYN packets to initiate a connection and then terminating it with RST before the connection is fully established. This method helps in detecting live hosts without completing the TCP handshake, making it less detectable. The other options, such as NULL scan and XMAS scan, utilize different methods and are not applicable to her described approach.