Certified Ethical Hacker (CEH v13) — Question 151

An ethical hacker is hired to conduct a comprehensive network scan of a large organization that strongly suspects potential intrusions into their internal systems. The hacker decides to employ a combination of scanning tools to obtain a detailed understanding of the network. Which sequence of actions would provide the most comprehensive information about the network's status?

Answer options

• A. Use Hping3 for an ICMP ping scan on the entire subnet, then use Nmap for a SYN scan on identified active hosts, and finally use Metasploit to exploit identified vulnerabilities.
• B. Start with Hping3 for a UDP scan on random ports, then use Nmap for a version detection scan, and finally use Metasploit to exploit detected vulnerabilities.
• C. Begin with NetScanTools Pro for a general network scan, then use Nmap for OS detection and version detection, and finally perform an SYN flooding with Hping3.
• D. Initiate with Nmap for a ping sweep, then use Metasploit to scan for open ports and services, and finally use Hping3 to perform remote OS fingerprinting.

Correct answer: A

Explanation

The correct sequence (A) begins with Hping3 for a broad ICMP ping scan to identify live hosts, followed by Nmap's SYN scan to enumerate services on those hosts, providing a detailed view of the network's status. Other options either employ ineffective scanning methods or lack the comprehensive approach needed for identifying vulnerabilities and assessing network security.