Certified Ethical Hacker (CEH v13) — Question 52

Morris, a professional hacker, performed a vulnerability scan on a target organization by sniffing the traffic on the network to identify the active systems, network services, applications, and vulnerabilities. He also obtained the list of the users who are currently accessing the network. What is the type of vulnerability assessment that Morris performed on the target organization?

Answer options

• A. Credentialed assessment
• B. Internal assessment
• C. External assessment
• D. Passive assessment

Correct answer: D

Explanation

The correct answer is D, Passive assessment, as it involves monitoring network traffic without direct interaction with the systems being assessed. Options A, B, and C imply active engagement or direct access to the systems, which does not align with the approach Morris took.