Certified Ethical Hacker (CEH v13) — Question 162

An ethical hacker is preparing to scan a network to identify live systems. To increase the efficiency and accuracy of his scans, he is considering several different host discovery techniques. He expects several unused IP addresses at any given time, specifically within the private address range of the LAN, but he also anticipates the presence of restrictive firewalls that may conceal active devices. Which scanning method would be most effective in this situation?

Answer options

• A. ICMP ECHO Ping Sweep
• B. ICMP Timestamp Ping
• C. TCP SYN Ping
• D. ARP Ping Scan

Correct answer: D

Explanation

The ARP Ping Scan is most effective in this context because it operates at the data link layer and can identify active devices on the same local network regardless of firewall configurations. Other methods like ICMP and TCP scans may be blocked by firewalls, leading to incomplete results, while ARP requests can traverse the local network without such limitations.