Exam 312-50v12 topic 1 question 224 discussion

Address Resolution Protocol (ARP) is fundamental to network communication within a LAN. It maps IP addresses to MAC addresses, enabling devices to locate each other on the same subnet. Since ARP operates at the Data Link Layer (Layer 2) of the OSI model, its requests and responses are not typically filtered by firewalls, which usually operate at higher layers. Therefore, ARP scans can effectively identify active devices on a local network, even if those devices have firewalls that block ICMP or TCP probes. Tools like Nmap utilize ARP requests for host discovery on local networks. When scanning a local subnet, Nmap automatically employs ARP requests to detect live hosts, as this method is both reliable and efficient in a LAN environment. For example, executing nmap -sn -PR 192.168.1.0/24 will perform an ARP ping scan across the specified subnet, quickly identifying active devices.

ARP is not blocked by firewalls

D. ARP Ping Scan ARP (Address Resolution Protocol) Ping is used to resolve IP addresses to MAC addresses within the same broadcast domain (local network). Since ARP does not traverse routers and is not blocked by firewalls within the local network, it provides a reliable method for discovering hosts on the local subnet, even if they are configured to block ICMP and TCP/IP traffic.

Is D, arp scan. Keyword "private address range of the LAN".

TCP SYN Ping (C): This method sends TCP SYN packets to specific ports. It is more stealthy than ICMP-based methods and can bypass firewalls. If a device responds with a SYN-ACK, it indicates the device is active.

D. ARP Ping Scan