Certified Ethical Hacker (CEH v12) — Question 116

Morris, a professional hacker, performed a vulnerability scan on a target organization by sniffing the traffic on the network to identify the active systems, network services, applications, and vulnerabilities. He also obtained the list of the users who are currently accessing the network.
What is the type of vulnerability assessment that Morris performed on the target organization?

Answer options

• A. Credentialed assessment
• B. Internal assessment
• C. External assessment
• D. Passive assessment

Correct answer: D

Explanation

The correct answer is D, Passive assessment, because Morris observed network traffic without actively engaging with the systems, which is characteristic of passive assessments. Options A, B, and C imply a more active involvement in the assessment process, which does not align with the method used by Morris.