Certified Ethical Hacker (CEH v12) — Question 182

Jason, a certified ethical hacker, is hired by a major e-commerce company to evaluate their network's security. As part of his reconnaissance, Jason is trying to gain as much information as possible about the company's public-facing servers without arousing suspicion. His goal is to find potential points of entry and map out the network infrastructure for further examination. Which technique should Jason employ to gather this information without alerting the company's intrusion detection systems (IDS)?

Answer options

• A. Jason should directly connect to each server and attempt to exploit known vulnerabilities.
• B. Jason should use passive reconnaissance techniques such as WHOIS lookups, NS lookups, and web research.
• C. Jason should use a DNS zone transfer to gather information about the company's servers.
• D. Jason should perform a ping sweep to identify all the live hosts in the company's IP range.

Correct answer: B

Explanation

The correct answer is B because passive reconnaissance techniques like WHOIS lookups and NS lookups allow Jason to gather information without actively engaging with the network, hence not alerting the IDS. Options A and C involve direct interactions that could trigger alerts, while option D, although less intrusive, still involves active probing that might be detected.