Question

During the reconnaissance stage of a penetration test, Cynthia needs to gather information about the target organization's network infrastructure without causing an IPS to alert the target to her information gathering. Which of the following is her best option?

A.Add a note hereAdd a note herePerform a DNS brute-force attack.
B.Add a note hereAdd a note hereUse an nmap ping sweep.
C.Add a note hereAdd a note herePerform a DNS zone transfer.
D.Add a note hereAdd a note hereUse an nmap stealth scan.

Answer 1

Cynthia should use an nmap stealth scan as it is less likely to raise an alert because it doesn't complete the TCP three-way handshake, making it harder for an IPS to detect.

Step-by-step explanation:

When Cynthia is in the reconnaissance stage of a penetration test and needs to gather information about the target organization's network infrastructure without alerting the IPS (Intrusion Prevention System), she should choose an option that is less aggressive and avoids triggering security mechanisms. Among the provided options:

• A DNS brute-force attack is likely to be detected by an IPS due to the volume of queries generated.
• An nmap ping sweep could also be detected as it involves sending ICMP packets to a range of IP addresses to determine which ones are active.
• Performing a DNS zone transfer may succeed if misconfigured but is a very noisy activity that is typically logged and can trigger an alert.
• Using an nmap stealth scan, specifically the SYN scan (also known as half-open scanning), is her best option since it is less likely to raise an alert. It minimizes the chance of detection by not completing the TCP three-way handshake.

Therefore, the correct choice for Cynthia is to use an nmap stealth scan.