4.0 Reconnaissance (Ethical Hacking)
Which of the following services is most targeted during the reconnaissance phase of a hacking attack? DHCP DNS TLS DoS
DNS
Which of the following information sharing policies addresses the sharing of critical information in press releases, annual reports, product catalogs, and marketing materials? An employee social media policy An internet policy A printed materials policy A company social media policy
A printed materials policy
John, a security specialist, conducted a review of the company's website. He discovered that sensitive company information was publicly available. Which of the following information sharing policies did he discover were being violated? A printed materials policy An employee social media policy An internet policy A company social media policy
An internet policy
A penetration tester is trying to extract employee information during the reconnaissance phase. What kinds of data is the tester collecting about the employees? Contact names, phone numbers, email addresses, fax numbers, and addresses Geographical information, entry control systems, employee routines, and vendor traffic Intellectual property, critical business functions, and management hierarchy Operating systems, applications, security policies, and network mapping
Contact names, phone numbers, email addresses, fax numbers, and addresses
What's the name of the open-source forensics tool that can be used to pull information from social media postings and find relationships between companies, people, email addresses, and other information? Google Earth Echosec Maltego Wayback Machine
Maltego
You have found the IP address of a host to be 172.125.68.30. You want to see what other hosts are available on the network. Which of the following nmap commands would you enter to do a ping sweep? nmap -sM 172.125.68. 1-255 nmap -sS 172.125.68. 1-255 nmap -sn 172.125.68. 1-255 nmap -sU 172.125.68. 1-255
nmap -sn 172.125.68. 1-255
Which of the following is the difference between an ethical hacker and a criminal hacker? An ethical hacker is nice, clean, and polite, but a criminal hacker isn't. An ethical hacker has permission to hack a system, and a criminal hacker doesn't have permission. A criminal hacker is easily detected, but an ethical hacker isn't. A criminal hacker is all-knowing, but an ethical hacker isn't.
An ethical hacker has permission to hack a system, and a criminal hacker doesn't have permission.
What does the Google Search operator allinurl:keywords do? Displays web sites similar to the one listed. Displays websites where directory browsing has been enabled. Shows results in pages that contain all of the listed keywords. Shows results in pages that contain the keyword in the title.
Shows results in pages that contain all of the listed keywords.
MinJu, a penetration tester, is testing a client's security. She notices that every Wednesday, a few employees go to a nearby bar for happy hour. She goes to the bar and starts befriending one of the employees with the intention of learning the employee's personal information. Which information gathering technique is MinJu using? Web surfing Dumpster diving Social networking Social engineering
Social engineering
Julie configures two DNS servers, one internal and one external, with authoritative zones for the corpnet.xyz domain. One DNS server directs external clients to an external server. The other DNS server directs internal clients to an internal server. Which of the following DNS countermeasures is she implementing? Information sharing policy DNS propagation Proxy server Split DNS
Split DNS
Iggy, a penetration tester, is conducting a black box penetration test. He wants to do reconnaissance by gathering information about ownership, IP addresses, domain name, locations, and server types. Which of the following tools would be most helpful? Nslookup Whois ARIN beSTORM
Whois
Whois, Nslookup, and ARIN are all examples of: Network footprinting tools IoT hacking tools Google hacking tools Internet research tools
Network footprinting tools
When a penetration tester starts gathering details about employees, vendors, business processes, and physical security, which phase of testing are they in? Reconnaissance Scanning Gaining access Covering tracks
Reconnaissance
You are in the reconnaissance phase at the XYZ company. You want to use nmap to scan for open ports and use a parameter to scan the 1,000 most common ports. Which nmap command would you use? nmap -sV xyzcompany.com nmap -sA xyzcompany.com nmap -sS xyzcompany.com nmap -sT xyzcompany.com
nmap -sS xyzcompany.com
Xavier is doing reconnaissance. He is gathering information about a company and its employees by going through their social media content. Xavier is using a tool that pulls information from social media postings that were made using location services. What is the name of this tool? Maltego Google Maps Wayback Machine Echosec
Echosec
Which of the following elements of penetration testing includes the use of web surfing, social engineering, dumpster diving, and social networking? Maintaining access Permission and documentation Information gathering techniques Information types
Information gathering techniques
Dan wants to implement reconnaissance countermeasures to help protect his DNS service. Which of the following actions should he take? Implement policies that restrict the sharing of sensitive company information on employees' personal social media pages. Limit the sharing of critical information in press releases, annual reports, product catalogs, or marketing materials. Review company websites to see what type of sensitive information is being shared. Install patches against known vulnerabilities and clean up out-of-date zones, files, users, and groups.
Install patches against known vulnerabilities and clean up out-of-date zones, files, users, and groups
