312-50v12 Exam QuestionsBrowse all questions from this exam
Go to Exam

312-50v12 Exam - Question 206

An ethical hacker is performing a network scan to evaluate the security of a company's IT infrastructure. During the scan, he discovers an active host with multiple open ports running various services. The hacker uses TCP communication flags to establish a connection with the host and starts communicating with it. He sends a SYN packet to a port on the host and receives a SYN/ACK packet back. He then sends an ACK packet for the received SYN/ACK packet, which triggers an open connection. Which of the following actions should the ethical hacker perform next?

Show Answer
Correct Answer: B,D

After establishing a connection with the host by completing the TCP three-way handshake, the next logical step for an ethical hacker is to conduct a vulnerability scan on the open port to identify any potential weaknesses. This action is essential for evaluating the security of the system and identifying areas that could be exploited by malicious actors. Closing the connection prematurely would not provide the information needed to assess the vulnerabilities of the open ports.

Discussion

7 comments
Sign in to comment
qwerty100Option: B
Feb 26, 2024

B. Conduct a vulnerability scan on the open port to identify any potential weaknesses.

qwerty100Option: B
Feb 26, 2024

B. Conduct a vulnerability scan on the open port to identify any potential weaknesses.

qtygbapjpesdayazko
Mar 17, 2024

This is the way. He start the con on the port, way do a reset? so scan the port for vulns.

insaniuntOption: D
Feb 18, 2024

D, I think The ethical hacker must send a FIN or RST packet to terminate the connection

MustafaDDDOption: B
Feb 28, 2024

I am just thinking, the question says, "An ethical hacker is performing a network scan to evaluate the security of a company's IT infrastructure", why would the hacker close the session?

xbsumz
Feb 12, 2024

Could someone help me confirm the validity of this ethical hacking technique

Truth_SeekerOption: D
Jul 14, 2024

I think the correct answer is D it is a common practice across various network scanning tools to ensure that connections are properly managed and closed. Therefore, the conclusion about closing connections with a FIN or RST packet after a scan is applicable to most network scanners, not just Nmap

GK2205Option: D
Jul 21, 2024

Another one that is tricky because of nuance: The Ethical Hacker is performing a network scan and not necessarily a vulnerability scan. Network scans do not travers into vulnerability scans although if required we would do so. The context of the question is key here IMHO. One thing is very clear throughout the program, as a CEH your job is to do no harm and not to compromise. i.e. When you gain access to a sensitive database you are to report on it, not enter and potentially exploit it. Similarly here, your scope is a network scan, not a vulnerability scan. So RST and move on.