In CEH v13 Mobile, IoT, and OT Hacking, firmware-level attacks on Programmable Logic Controllers (PLCs) are categorized as high-impact and stealth-oriented threats, often designed to evade traditional network-based defenses. Malicious firmware compromises the integrity of the device itself, allowing attackers persistent and covert control over industrial processes.
The first and most critical step is to verify the integrity of the firmware and software running on the PLCs.
CEH v13 emphasizes that before containment or mitigation actions are applied, accurate identification and confirmation of compromise must occur. Firmware inspection enables analysts to detect unauthorized code injections, modified logic blocks, altered checksums, or tampered boot loaders-hallmarks of OT malware such as Stuxnet-like attacks.
Immediate isolation (Option A) may be necessary later, but premature isolation can disrupt industrial operations and destroy volatile forensic evidence. IDS enhancements (Option C) focus on traffic patterns and are ineffective against firmware-resident malware. Restricting remote access (Option D) is preventative but does not validate or remove an existing firmware compromise.
CEH v13 stresses that OT environments require forensic verification at the device level, especially when abnormal behavior originates from controllers themselves. Firmware validation using vendor-approved tools and hash verification is the correct first step to confirm compromise and plan remediation without risking operational safety.

CEH v13 emphasizes that after identifying vulnerabilities during scanning, testers must validate findings to determine real impact and eliminate false positives. This requires safe, controlled exploitation using approved tools such as Metasploit, Nikto, or custom proof-of-concept scripts. Misconfigurations labeled as medium-risk may still provide privilege escalation, data exposure, or footholds for further attacks. CEH methodology reinforces that exploitation should always follow the scope and rules of engagement and should avoid disruptive activities like brute-forcing or DoS attacks unless explicitly authorized. Ignoring the vulnerabilities is never acceptable in a professional assessment. Verifying the issue helps the organization prioritize remediation using evidence-based results. Therefore, the correct next step is to verify the vulnerability through controlled exploitation.

The Certified Ethical Hacker (CEH) Social Engineering module defines tailgating as a physical social engineering attack where an unauthorized person follows an authorized individual into a restricted area.
Option C precisely matches CEH's definition.
Option A is pretexting.
Option B is baiting.
Option D is phishing.
CEH stresses physical security awareness as critical as cyber defenses.

Comprehensive Explanation from CEH v13 Courseware:
CEH v13 describes Firewalking as a reconnaissance technique designed to determine which layer-4 protocols and ports a firewall allows. The attacker sends packets with carefully adjusted TTL values so that the packet expires just beyond the firewall. If the next hop generates ICMP Time Exceeded responses, the attacker can infer which ports the firewall permits. This method mimics normal TTL behavior, making it stealthier than full SYN scans or high-noise probing. Firewalking is expressly highlighted in CEH as a low-profile way to map firewall ACLs without triggering alarms. Broadcast pings are noisy and detectable, passive DNS monitoring does not reveal firewall rule sets, and full SYN scans are easily flagged by IDS systems.
Firewalking's reliance on TTL behavior, combined with protocol-specific probes, makes it the correct and CEH-aligned technique for quietly discovering open ports and firewall filtering rules.

The correct choice is C because Nessus Essentials is fundamentally a vulnerability assessment scanner. Its core purpose is to identify security weaknesses by checking systems and services against a large vulnerability knowledge base, which includes detecting outdated or vulnerable versions of operating systems, server software, databases, web servers, and common network services. In practical scanning, Nessus performs remote checks such as banner/version identification, configuration and patch-level assessment (where possible), and vulnerability plugin checks to flag software releases that are known to be insecure or end-of- life. This directly matches the scenario emphasis: supporting "diverse technologies including operating systems, databases, web servers, and virtual environments," and asking for a capability it provides "as part of its scanning process." Why the other options are incorrect:
A (Patch management) is not what Nessus Essentials is designed to do. Nessus identifies missing patches and vulnerabilities, but it does not serve as an operating system and third-party application patch deployment platform.
B (High-speed asset discovery) is more characteristic of dedicated asset discovery/attack surface tools or broader platform features; while Nessus can discover hosts during scans, "high-speed asset discovery" is not the defining, primary capability being tested here.
D (Agent-based detection) refers to endpoint agents running locally for continuous monitoring. Nessus Essentials is primarily used for scanner-driven vulnerability assessment; agent-based functionality is a separate approach/tooling concept and not the main Essentials scanning capability being targeted in this question.
Therefore, the best answer is C: Nessus Essentials is designed to scan and identify vulnerabilities, including detecting outdated/vulnerable versions across many server and service technologies.