I am studying for a CEH certificate. I have a question about a simple quiz and a book that I am reading.
In the CEH book, it states that:
But I did a test in gocertify that states that scanning is pre-attack and not reconnaissance.
The question is: Which one is correct? I tried googling, but I'm still confused.
In an attempt to clear up your confusion, if you think of reconnaissance (or footprinting as you have here) as non-invasive - that is using tools that will contribute to your stock of information about your target without directly communicating with it (and potentially tipping your hand of your interest in the target). Tools that may fall into this category are Google, Bing, Shodan, dig, nslookup, theHarvester, etc.
Scanning is generally an activity that will interact directly with your target - and whilst maybe not informing the target immediately of your interest (if they're not looking), will potentially log your activity on their perimeter or web logs etc., depending on how the logging is configured. Tools that may fall into this category - with varying degrees of noisiness - are nmap, Nessus, Burp Suite, etc.
Scanning is a process that could be argued to bridge the pre-attack reconnaissance phase (i.e. non-interactive) and the more active attack phase (interactive), as it could fall into both. Example - you simply scan a target to find out what ports are listening (which would contribute to your information about the target but interacts, yet still may not trigger any logging alerts) but later on in the test you may scan/probe some of the ports more aggressively which may tell you what version of SQL is listening which may trigger an alert on the target.
To summarise, personally I prefer to define non-interactive and interactive information gathering as logically separate in an engagement, which will hopefully make things clearer for you.
As @eckes mentioned below, the more generally accepted terms for non-interactive and interactive are passive and active respectively.