Computer Hacking Forensic Investigator (CHFI v10) — Question 127

After passively scanning the network of Department of Defense (DoD), you switch over to active scanning to identify live hosts on their network. DoD is a large organization and should respond to any number of scans. You start an ICMP ping sweep by sending an IP packet to the broadcast address. Only five hosts respond to your ICMP pings; definitely not the number of hosts you were expecting. Why did this ping sweep only produce a few responses?

Answer options

• A. Only IBM AS/400 will reply to this scan
• B. Only Windows systems will reply to this scan
• C. A switched network will not respond to packets sent to the broadcast address
• D. Only Unix and Unix-like systems will reply to this scan

Correct answer: C

Explanation

The correct answer is C because switched networks typically do not forward broadcast packets to all devices. This means that the ping sweep sent to the broadcast address may not reach all hosts on the network, resulting in only a few responses. The other options incorrectly suggest that only certain operating systems respond, which is not the case with a properly functioning network.