The correct answer is ARP scan. An ARP scan is an efficient and less intrusive method of enumerating live hosts on a local subnet by resolving IP addresses to MAC addresses within the same broadcast domain. It is less likely to be noticed by intrusion detection systems compared to more aggressive scanning techniques that generate a larger amount of network traffic. ICMP echo request might be blocked by firewalls or might trigger IDS systems due to its commonly known usage in scanning activities. Service version scan is not directly used to enumerate active hosts, but rather to identify service versions running on known up hosts. Port scan with SYN packets generates SYN packets, which can be easily detected by IDS systems due to their typical association with reconnaissance activities.