Why would a penetration tester perform a passive reconnaissance scan instead of an active one?
- to collect information about a network without being detected
- because the time to perform the scan is limited
- because the root-level SSH credentials to a target have been compromised
- to test whether specific services or protocols are available on the network
Explanation & Hint: Typically a passive reconnaissance scan of a target instead of an active reconnaissance scan would be performed when information is required to be collected in a way that does not alert any security measures that may be deployed on the network. Any scan that injects traffic onto the network or elicits service responses is an active scan that existing security measures could detect.
|