ExamTopics Logo
Mail Us[email protected]
Menu
Eccouncil Discussions
exam questions

Exam 312-50v13 All Questions

View all questions & answers for the 312-50v13 exam
Go to Exam

Exam 312-50v13 topic 1 question 119 discussion

Actual exam question from ECCouncil's 312-50v13
Question #: 119
Topic #: 1
[All 312-50v13 Questions]

Morris, a professional hacker, performed a vulnerability scan on a target organization by sniffing the traffic on the network to identify the active systems, network services, applications, and vulnerabilities. He also obtained the list of the users who are currently accessing the network. What is the type of vulnerability assessment that Morris performed on the target organization?

  • A. Credentialed assessment
  • B. Internal assessment
  • C. External assessment
  • D. Passive assessment
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by pindinga1 at Jan. 30, 2025, 8:40 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
killwitch
1 month, 1 week ago
Selected Answer: D
D. Passive assessment. Passive assessments are performed by monitoring and analyzing the network traffic without actively interacting with the target systems. In this case, Morris is sniffing the network traffic to gather information, which means he is not directly interacting with the systems (e.g., he is not logging into systems, scanning for vulnerabilities, or sending probes that could trigger responses). Instead, he is just observing the network. A passive vulnerability assessment typically involves capturing and analyzing data to infer the security posture of the organization without triggering any alarms or affecting the network.
upvoted 2 times
...
pindinga1
2 months, 2 weeks ago
Selected Answer: B
From my point of view this answer is B Internal Assessment, it cannot be passive, it is inside the network and is doing sniffing, it must configure its interface in promiscuous mode and connect to a network point or a wireless network inside the organization, that is not passive at all.
upvoted 2 times
NikoTomas
1 month ago
This is incorrect, you can't think of configuration of attacker's own device as active intervention to the destination network. Sniffing is always passive technique, which do NOT require any interaction with target systems / networks. It's just listening - completely passive.
upvoted 1 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago