Certified Ethical Hacker (CEH v13) — Question 58

A penetration tester was assigned to scan a large network range to find live hosts. The network is known for using strict TCP filtering rules on its firewall, which may obstruct common host discovery techniques. The tester needs a method that can bypass these firewall restrictions and accurately identify live systems. What host discovery technique should the tester use?

Answer options

• A. ICMP Timestamp Ping Scan
• B. ICMP ECHO Ping Scan
• C. TCP SYN Ping Scan
• D. UDP Ping Scan

Correct answer: C

Explanation

The correct answer is TCP SYN Ping Scan because it sends SYN packets to a target and can elicit responses from active hosts, even when strict firewall rules are in place. The other options, such as ICMP ECHO Ping Scan and UDP Ping Scan, may be blocked by the TCP filtering, while ICMP Timestamp Ping Scan is less commonly effective for host discovery in filtered environments.