Certified Ethical Hacker (CEH v13) — Question 273

Jason, a certified ethical hacker, is hired by a major e-commerce company to evaluate their network's security. As part of his reconnaissance, Jason is trying to gain as much information as possible about the company's public-facing servers without arousing suspicion. His goal is to find potential points of entry and map out the network infrastructure for further examination. Which technique should Jason employ to gather this information without alerting the company's intrusion detection systems (IDS)?

Answer options

• A. Jason should directly connect to each server and attempt to exploit known vulnerabilities.
• B. Jason should use passive reconnaissance techniques such as WHOIS lookups, NS lookups, and web research.
• C. Jason should use a DNS zone transfer to gather information about the company's servers.
• D. Jason should perform a ping sweep to identify all the live hosts in the company's IP range.

Correct answer: B

Explanation

The correct answer is B because passive reconnaissance techniques allow Jason to gather information without actively engaging with the company's systems, thus reducing the risk of detection by the IDS. Options A and C involve direct interaction with the servers, which could trigger alerts, while option D, although less risky than A and C, still involves active probing that may raise suspicion.