Certified Ethical Hacker (CEH v12) — Question 199

An ethical hacker is hired to conduct a comprehensive network scan of a large organization that strongly suspects potential intrusions into their internal systems. The hacker decides to employ a combination of scanning tools to obtain a detailed understanding of the network. Which sequence of actions would provide the most comprehensive information about the network's status?

Answer options

• A. Use Hping3 for an ICMP ping scan on the entire subnet, then use Nmap for a SYN scan on identified active hosts, and finally use Metasploit to exploit identified vulnerabilities.
• B. Start with Hping3 for a UDP scan on random ports, then use Nmap for a version detection scan, and finally use Metasploit to exploit detected vulnerabilities.
• C. Begin with NetScanTools Pro for a general network scan, then use Nmap for OS detection and version detection, and finally perform an SYN flooding with Hping3.
• D. Initiate with Nmap for a ping sweep, then use Metasploit to scan for open ports and services, and finally use Hping3 to perform remote OS fingerprinting.

Correct answer: A

Explanation

Option A is correct because it employs a systematic approach, starting with an ICMP ping scan to identify active hosts, followed by a SYN scan with Nmap to discover open ports, and culminates in exploiting vulnerabilities with Metasploit. The other options either use less effective scanning methods or do not follow a logical progression to gather comprehensive network status information.