Which host discovery technique probes multiple ports to determine if they are online and to detect firewall behavior?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which host discovery technique probes multiple ports to determine if they are online and to detect firewall behavior?

Explanation:
Probing multiple ports with a TCP SYN ping is designed to discover a host and infer firewall behavior by how it responds to a range of TCP ports. In a SYN scan, you send a SYN to each port in the target set and watch the replies. If you receive a SYN-ACK, the port is open, and you typically send a RST to avoid completing the handshake. If you receive a RST, the port is closed. If there is no reply, the port is filtered by a firewall. By scanning many ports, you can determine that the host is online (any port responding) even if other probes are blocked, and you can deduce firewall rules based on which ports are filtered or allowed. This combination—checking several ports and interpreting open/closed/filtered responses—is why this method best fits host discovery with firewall behavior detection. Other methods either rely on ICMP echo requests, which only test reachability and not port state, or use different TCP flag combinations (like sending TCP ACKs) that don’t provide the same multi-port online status and firewall behavior clues.

Probing multiple ports with a TCP SYN ping is designed to discover a host and infer firewall behavior by how it responds to a range of TCP ports. In a SYN scan, you send a SYN to each port in the target set and watch the replies. If you receive a SYN-ACK, the port is open, and you typically send a RST to avoid completing the handshake. If you receive a RST, the port is closed. If there is no reply, the port is filtered by a firewall. By scanning many ports, you can determine that the host is online (any port responding) even if other probes are blocked, and you can deduce firewall rules based on which ports are filtered or allowed. This combination—checking several ports and interpreting open/closed/filtered responses—is why this method best fits host discovery with firewall behavior detection.

Other methods either rely on ICMP echo requests, which only test reachability and not port state, or use different TCP flag combinations (like sending TCP ACKs) that don’t provide the same multi-port online status and firewall behavior clues.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy