Certified Ethical Hacker (CEH v11) — Question 219

Morris, a professional hacker, performed a vulnerability scan on a target organization by sniffing the traffic on the network to identify the active systems, network services, applications, and vulnerabilities. He also obtained the list of the users who are currently accessing the network.
What is the type of vulnerability assessment that Morris performed on the target organization?

Answer options

• A. Credentialed assessment
• B. Internal assessment
• C. External assessment
• D. Passive assessment

Correct answer: D

Explanation

The correct answer is D, Passive assessment, as Morris used traffic sniffing to gather information without actively probing the systems. Options A, B, and C involve proactive measures or specific scopes that are not applicable here, since Morris did not interact directly with the systems or conduct a controlled assessment.