Certified Ethical Hacker (CEH v13) — Question 54

During a red team assessment, a CEH is given a task to perform network scanning on the target network without revealing its IP address. They are also required to find an open port and the services available on the target machine. What scanning technique should they employ, and which command in Zenmap should they use?

Answer options

• A. Use SCTP INIT Scan with the command "-sY"
• B. Use UDP Raw ICMP Port Unreachable Scanning with the command "-sU"
• C. Use the ACK flag probe scanning technique with the command "-sA"
• D. Use the IDLE/IPID header scan technique with the command "-sI"

Correct answer: D

Explanation

The IDLE/IPID header scan technique is effective for conducting network scans without revealing the attacker's IP address, as it utilizes a third-party host to send packets. Other options, such as SCTP INIT Scan, UDP Raw ICMP, and ACK flag probe scanning, do not offer the stealth required for this specific task and may expose the attacker's IP address.