Footprinting and Reconnaissance
Which one of the following is a Google search query used for VPN footprinting to find Cisco VPN client passwords ? filetype:pcf "cisco" "GroupPwd" "[main]" "enc_GroupPwd=" ext:txt "Config" intitle:"Index of" intext:vpn inurl:/remote/login?lang=en
"[main]" "enc_GroupPwd=" ext:txt
Which of the following regional internet registries (RIRs) provides services related to the technical coordination and management of Internet number resources in Canada, the United States, and many Caribbean and North Atlantic islands? AFRINIC ARIN APNIC LACNIC
ARIN
Which of the following countermeasure helps organizations to prevent information disclosure through banner grabbing? Configure IIS Configure web servers TCP/IP and IPSec Implement VPN
Configure IIS
Which of the following tools allows an attacker to extract information such as sender identity, mail server, sender's IP address, location, and so on? Web Updates Monitoring Tools Metadata Extraction Tools Website Mirroring Tools Email Tracking Tools
Email Tracking Tools
A pen tester was hired to perform penetration testing on an organization. The tester was asked to perform passive footprinting on the target organization. Which of the following techniques comes under passive footprinting? Finding the top-level domains (TLDs) and sub-domains of a target through web services Performing traceroute analysis Performing social engineering Querying published name servers of the target
Finding the top-level domains (TLDs) and sub-domains of a target through web services
Which of the following techniques is used to create complex search engine queries? Yahoo Search Bing Search Google hacking DuckDuckGo
Google hacking
Which of the following DNS record type helps in DNS footprinting to determine domain's mail server? A NS CNAME MX
MX
What is the outcome of the command "nc -l -p 2222 | nc 10.1.0.43 1234"? Netcat will listen on the 10.1.0.43 interface for 1234 seconds on port 2222. Netcat will listen on port 2222 and output anything received to a remote connection on 10.1.0.43 port 1234. Netcat will listen for a connection from 10.1.0.43 on port 1234 and output anything received to port 2222. Netcat will listen on port 2222 and then output anything received to local interface 10.1.0.43.
Netcat will listen on port 2222 and output anything received to a remote connection on 10.1.0.43 port 1234.
Which of the following technique is used to gather information about the target without direct interaction with the target? Active Footprinting Scanning Passive Footprinting Enumeration
Passive Footprinting
A penetration tester was hired to perform a penetration test for a bank. The tester began searching for IP ranges owned by the bank, performing lookups on the bank's DNS servers, reading news articles online about the bank, watching the bank employees time in and out, searching the bank's job postings (paying special attention to IT-related jobs), and visiting the local dumpster for the bank's corporate office. What phase of the penetration test is the tester currently in? Information reporting Vulnerability assessment Active information gathering Passive information gathering
Passive information gathering
Passive reconnaissance involves collecting information through which of the following? Social engineering Traceroute analysis Email tracking Publicly accessible sources
Publicly accessible sources
What information is gathered about the victim using email tracking tools? Username of the clients, operating systems, email addresses, and list of software. Information on an organization's web pages since their creation. Recipient's IP address, Geolocation, Proxy detection, Operating system and Browser information. Targeted contact data, extracts the URL and meta tag for website promotion.
Recipient's IP address, Geolocation, Proxy detection, Operating system and Browser information.
Which results will be returned with the following Google search query? site:target.com -site:Marketing.target.com accounting Results matching all words in the query Results matching "accounting" in domain target.com but not on the site Marketing.target.com Results from matches on the site marketing.target.com that are in the domain target.com but do not include the word accounting Results for matches on target.com and Marketing.target.com that include the word "accounting"
Results matching "accounting" in domain target.com but not on the site Marketing.target.com
You are doing a research on SQL injection attacks. Which of the following combination of Google operators will you use to find all Wikipedia pages that contain information about SQL, injection attacks or SQL injection techniques? SQL injection site:Wikipedia.org site:Wikipedia.org intitle:"SQL Injection" allinurl: Wikipedia.org intitle:"SQL Injection" site:Wikipedia.org related:"SQL Injection"
SQL injection site:Wikipedia.org
Sean works as a professional ethical hacker and penetration tester. He is assigned a project for information gathering on a client's network. He started penetration testing and was trying to find out the company's internal URLs, looking for any information about the different departments and business units. Sean was unable find any information. What should Sean do to get the information he needs? Sean should use Sublist3r tool Sean should use WayBackMachine in Archive.org Sean should use website mirroring tools Sean should use email tracking tools
Sean should use Sublist3r tool
What is the output returned by search engines when extracting critical details about a target from the Internet? Search Engine Results Pages ('SERPs') Advanced search operators Open ports and Services Operating systems, location of web servers, users and passwords
Search Engine Results Pages ('SERPs')
Which of the following is a network threat? Privilege escalation Arbitrary code execution Session hijacking SQL injection
Session hijacking
A hacker is attempting to use nslookup to query Domain Name Service (DNS). The hacker uses the nslookup interactive mode for the search. Which command should the hacker type into the command shell to request the appropriate records? Locate type=ns Request type=ns Set type=ns Transfer type=ns
Set type=ns
Sean works as a penetration tester in ABC firm. He was asked to gather information about the target company. Sean begins with social engineering by following the steps: ● Secretly observes the target to gain critical information ● Looks at employee's password or PIN code with the help of binoculars or a low-power telescope Based on the above description, identify the social engineering technique. Shoulder surfing Dumpster diving Phishing Tailgating
Shoulder surfing
Smith works as a professional Ethical Hacker with a large MNC. He is a CEH certified professional and was following the CEH methodology to perform the penetration testing. He is assigned a project for information gathering on a client's network. He started penetration testing and was trying to find out the company's internal URLs, (mostly by trial and error), looking for any information about the different departments and business units. Smith was unable to find any information. What should Smith do to get the information he needs? Smith should use online services such as netcraft.com to find the company's internal URLs. Smith should use WayBackMachine in Archive.org to find the company's internal URLs. Smith should use website mirroring tools such as HTTrack Website Copier to find the company's internal URLs. Smith should use email tracking tools such as eMailTrackerPro to find the company's internal URLs.
Smith should use online services such as netcraft.com to find the company's internal URLs.
Information gathered from social networking websites such as Facebook, Twitter, and LinkedIn can be used to launch which of the following types of attacks? Smurf attack Social engineering attack SQL injection attack Distributed denial of service attack
Social engineering attack
Which of the following utility uses the ICMP protocol concept and Time to Live ('TTL') field of IP header to find the path of the target host in the network? WhoIs Traceroute DNS Lookup TCP/IP
Traceroute
Which of the following tools are useful in extracting information about the geographical location of routers, servers and IP devices in a network? Traceroute tools DNS Lookup tools WhoIs Lookup tools Email Tracking Tools
Traceroute tools
InfoTech Security hired a penetration tester Sean to do physical penetration testing. On the first day of his assessment, Sean goes to the company posing as a repairman and starts checking trash bins to collect the sensitive information. What is Sean trying to do? Trying to attempt social engineering using phishing Trying to attempt social engineering by eavesdropping Trying to attempt social engineering by shoulder surfing Trying to attempt social engineering by dumpster diving
Trying to attempt social engineering by dumpster diving
Which of the following tools consists of a publicly available set of databases that contain personal information of domain owners? WHOIS lookup tools Traceroute tools Web spidering tools Metadata extraction tools
WHOIS lookup tools
Which of the following is a query and response protocol used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system? WhoIs Lookup TCP/IP DNS Lookup Traceroute
WhoIs Lookup
Which of the following database is used to delete the history of the target website? TCP/IP and IPSec filters archive.org WhoIs Lookup database Implement VPN
archive.org
Which one of the following is a Google search query used for VoIP footprinting to extract Cisco phone details? inurl:"ccmuser/logon.asp" intitle:"D-Link VoIP Router" "Welcome" inurl:/voice/advanced/ intitle:Linksys SPA configuration inurl:"NetworkConfiguration" cisco
inurl:"NetworkConfiguration" cisco
Which Google search query will search for any configuration files a target certifiedhacker.com may have? allinurl: certifiedhacker.com ext:xml | ext:conf | ext:cnf | ext:reg | ext:inf | ext:rdp | ext:cfg | ext:txt | ext:ora | ext:ini site: certifiedhacker.com filetype:xml | filetype:conf | filetype:cnf | filetype:reg | filetype:inf | filetype:rdp | filetype:cfg | filetype:txt | filetype:ora | filetype:ini site: certifiedhacker.com ext:xml || ext:conf || ext:cnf || ext:reg || ext:inf || ext:rdp || ext:cfg || ext:txt || ext:ora || ext:ini site: certifiedhacker.com intext:xml | intext:conf | intext:cnf | intext:reg | intext:inf | intext:rdp | intext:cfg | intext:txt | intext:ora | intext:ini
site: certifiedhacker.com filetype:xml | filetype:conf | filetype:cnf | filetype:reg | filetype:inf | filetype:rdp | filetype:cfg | filetype:txt | filetype:ora | filetype:ini
Which Google search query can you use to find mail lists dumped on pastebin.com? allinurl: pastebin.com intitle:"mail lists" site:pastebin.com intext:*@*.com:* cache: pastebin.com intitle:*@*.com:* allinurl: pastebin.com intitle:*@*.com:*
site:pastebin.com intext:*@*.com:*
