Certified Ethical Hacker (CEH v12) — Question 146

During a red team assessment, a CEH is given a task to perform network scanning on the target network without revealing its IP address. They are also required to find an open port and the services available on the target machine. What scanning technique should they employ, and which command in Zenmap should they use?

Answer options

• A. Use SCTP INIT Scan with the command "-sY"
• B. Use UDP Raw ICMP Port Unreachable Scanning with the command "-sU"
• C. Use the ACK flag probe scanning technique with the command "-sA"
• D. Use the IDLE/IPID header scan technique with the command "-sI"

Correct answer: D

Explanation

The IDLE/IPID header scan technique (option D) allows the CEH to perform scanning without revealing their own IP address, as it uses a third-party host to send packets. The other options, while valid scanning techniques, do not provide the same level of stealth as the IDLE scan, making them unsuitable for this specific requirement.