An attacker conducts a normal port scan on a host and detects protocols used by Windows and Linux operating systems. Which of the following might this indicate?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the EC-Council Certified Ethical Hacker (CEH) Exam. Use flashcards and multiple-choice questions with hints and explanations. Enhance your cyber security knowledge and get ready for the exam!

Multiple Choice

An attacker conducts a normal port scan on a host and detects protocols used by Windows and Linux operating systems. Which of the following might this indicate?

Explanation:
Honeypots are decoys designed to attract and study attackers by presenting tempting services that resemble real targets. When a normal port scan reveals a mix of Windows- and Linux-like protocols on the same host, it suggests the system is not a legitimate, production server but a decoy configured to lure intruders. Attackers expect a single OS with its usual services; seeing both types of services advertised on one host indicates deception and monitoring intent, which is the hallmark of a honeypot. A firewall would typically restrict or filter responses, not display a curated mix of OS-specific protocols. An IDS is a monitoring sensor that alerts on activity but doesn’t inherently present mixed OS fingerprints on a host. A VPN focuses on secure tunneling and wouldn’t expose mixed OS services in this way.

Honeypots are decoys designed to attract and study attackers by presenting tempting services that resemble real targets. When a normal port scan reveals a mix of Windows- and Linux-like protocols on the same host, it suggests the system is not a legitimate, production server but a decoy configured to lure intruders. Attackers expect a single OS with its usual services; seeing both types of services advertised on one host indicates deception and monitoring intent, which is the hallmark of a honeypot.

A firewall would typically restrict or filter responses, not display a curated mix of OS-specific protocols. An IDS is a monitoring sensor that alerts on activity but doesn’t inherently present mixed OS fingerprints on a host. A VPN focuses on secure tunneling and wouldn’t expose mixed OS services in this way.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy