Which method is used by Discovery to determine if a Host IP is active or alive?

Go to solution
BoHyun Jung
Mega Sage

‎12-05-2023 09:34 PM

Which method is used by Discovery to determine if a Host IP is active or alive?

 

  • A. Port Scan
  • B. Traceroute
  • C. Ping
  • D. Classification

What is the correct answer between A and C? Please explain this in detail.

0 Helpfuls
  • 2,547 Views
1 ACCEPTED SOLUTION

Go to solution
Anand Kumar P
Giga Patron
Giga Patron

‎12-05-2023 10:11 PM

Hi @BoHyun Jung ,
Not option A Port scanning is the first step in the Discovery process. The Shazzam probe performs port scanning, regardless of whether you use patterns for horizontal discovery. 

Correct answer is C.Ping .
Please mark it as helpful and solution propsoed.

Thanks,

Anand

View solution in original post

4 REPLIES 4

Go to solution
nowGurukul
Tera Guru
Tera Guru

‎12-05-2023 10:04 PM - edited ‎12-06-2023 07:21 AM

Hi BoHyun Jung,


The right answer is C , Please read more at below link:- https://docs.servicenow.com/bundle/tokyo-it-operations-management/page/product/discovery/reference/r...

 

https://www.examtopics.com/discussions/servicenow/view/100322-exam-cis-discovery-topic-1-question-32...

 

Please mark helpful if it helped you.

0 Helpfuls

Go to solution
Anand Kumar P
Giga Patron
Giga Patron

‎12-05-2023 10:11 PM

Hi @BoHyun Jung ,
Not option A Port scanning is the first step in the Discovery process. The Shazzam probe performs port scanning, regardless of whether you use patterns for horizontal discovery. 

Correct answer is C.Ping .
Please mark it as helpful and solution propsoed.

Thanks,

Anand

Go to solution
Community Alums
Not applicable

‎12-05-2023 11:05 PM

Hi @BoHyun Jung ,

 

Correct Answer: C. Ping

 

The correct method used by ServiceNow Discovery to determine if a host IP is active or alive is similar to a ping scan. This method goes beyond a simple ICMP echo request and includes probes such as TCP SYN to port 443, TCP ACK to port 80, and an ICMP timestamp request. The goal is to identify live targets, not just open ports or services. Therefore, the correct answer is Ping. This method sends an ICMP Echo Request packet to the target host and waits for an ICMP Echo Reply. If a reply is received within a specified timeframe, the host is considered alive. This is the simplest and most direct way to check if a host is actively responding to network traffic, making it the primary method used by ServiceNow Discovery for determining host activity.

 

Reference: https://www.certlibrary.com/exam/CIS-Discovery

 

If you found this helpful, a 'like' is the secret handshake of appreciation!

-Prasad 

Go to solution
Louise VA
Tera Contributor

‎09-16-2024 02:37 PM

I don't believe the accepted answer is correct - looking at the documentation, Discovery uses Nmap for this, which would be part of the Port Scan.

 

See documentation:

https://docs.servicenow.com/csh?topicname=c_ShazzamResultAPI.html&version=latest

https://docs.servicenow.com/csh?topicname=credential-less-host-discovery.html&version=latest

 

From the Shazzam Result API documentation, which defines "Active" and "Alive" as pertaining to whether any port is open or responding. There is no mention of ICMP/Ping in these definitions.

LouiseVA_1-1726522431345.png

 

 

From the Credential-less Host Discovery Page:

LouiseVA_0-1726522328333.png