Comprehensive and Detailed Explanation From CEH v13 Guide Topics:

The correct answer is D. nmap -T4 -F 10.10.0.0/24. The objective is to quickly enumerate hosts within the same subnet as the compromised server (10.10.0.5), which belongs to the 10.10.0.0/24 network.

In Nmap, the -F (Fast Scan) option scans only the most commonly used ports instead of the full port range, significantly reducing scan time. Combined with -T4, which increases scan speed through a more aggressive timing template, it is the fastest option among the choices provided for rapidly identifying active systems and services on the subnet.

Option A (-q) does not perform host enumeration and is not a standard Nmap host-discovery optimization. Option B (-O) performs OS detection, which generates additional probes and takes longer than necessary when the goal is simply to identify systems quickly. Option C (-r) scans ports sequentially and targets the wrong subnet (10.10.1.0/24), making it incorrect.

From a CEH reconnaissance and network scanning perspective, when speed is important, security professionals commonly use optimized Nmap scans such as Fast Scan and aggressive timing templates to identify live hosts efficiently before conducting deeper enumeration activities.