Exam 312-50v13 topic 1 question 31 discussion

CEH Textbook says: network-based scanners scan a network from a remote location, while agent-based scanners require a dedicated software agent to be installed on EACH TARGET MACHINE for scanning. That means every host will need to have the agent installed, whereas network-based scanner (i.e. Nessus) doesn't require an agent.

In agent base scan, each device to be scanned must have an agent installed on it. The question said a scanner (not an agent) was installed on a machine and used to scan other devices. The question did not state that the scanned devices had agent installed, hence, B is correct.

Network scanner scans other machines on the network to identify vulnerabilities.

Based on EC - COuncil Material

Agent-based scanners reside on a single machine but can scan several devices on the same network.

Attacker is clearly using network scanning

No cenário descrito, o hacker instalou o scanner em uma máquina comprometida e a usou para escanear outras máquinas na rede. Isso corresponde exatamente ao funcionamento de um agent-based scanner, que coleta informações sobre múltiplos dispositivos a partir de um único ponto. Não pode ser o um network-based scanner interage apenas com a máquina onde está instalado e gera o relatório nela mesma. Pagina 337 material oficila da EC COUNCIL

B. Network-based scanner. A network-based scanner is a tool that scans multiple machines within a network to identify vulnerabilities. It operates by probing network devices, servers, and workstations to detect weaknesses such as open ports, misconfigurations, and outdated software that can be exploited. In this scenario: 1. A scanner is installed on a machine within the organization’s network. 2. It scans several machines on the same network to find vulnerabilities. 3. The attacker uses this information for further exploitation. Why not the others: A. Agent-based scanner – Requires agents installed on each device for vulnerability scanning. The scenario does not mention this. C. Cluster scanner – Typically used for scanning clusters of servers or cloud environments, which is not specified here. D. Proxy scanner – Used for anonymizing scans and routing traffic through proxies, not for internal network scanning.

he attacker installed a scanner on one machine and used it to scan other machines on the network. This aligns more closely with the behavior of a network-based scanner, which is designed to scan multiple devices on a network from a central point

Module 5 - page 561 Agent-Based Scanner: Agent-based scanners reside on a single machine but can scan several machines on the same network.