Question 342 of 530 from exam 400-251: CCIE Security written exam

Question 342 of 530 from exam 400-251: CCIE Security written exam


Which is an example of a network reconnaissance attack?



A. B. C. D. E.


Among the options provided, the network reconnaissance attack is best exemplified by the ICMP sweep (C) and firewalk (D).

Network reconnaissance refers to the process of gathering information about a target network or system, such as identifying devices, services, and vulnerabilities. This information can be used by attackers to plan and launch more advanced attacks, such as intrusion or denial of service attacks. Network reconnaissance can be performed using various methods, including active and passive techniques.

Botnets (A) and backdoors (B) are not examples of network reconnaissance attacks but rather tools that can be used by attackers to perform various malicious activities, such as distributed denial of service (DDoS) attacks or gaining unauthorized access to a system.

Inverse mapping (E) is a technique used to map the IP addresses of a network to their corresponding DNS names. While this technique can be used as part of the reconnaissance process, it is not a standalone network reconnaissance attack.

ICMP sweep (C) is a type of active reconnaissance attack where an attacker sends ICMP echo requests (ping) to a range of IP addresses to determine which hosts are alive and responding. This technique can reveal information about the network topology and the devices connected to it.

Firewalk (D) is another active reconnaissance attack that aims to identify open ports and firewalls' rules. The attacker sends packets with gradually increasing TTL (time to live) values to a target host. By analyzing the ICMP error messages received, the attacker can determine the firewall rules and potentially identify open ports.

In summary, while all the options listed can be used in various types of attacks, the most accurate examples of network reconnaissance attacks are ICMP sweep (C) and firewalk (D).