CYBR 4361 (Mod 2 Test)

Which of the following activities of an organization on social networking sites helps an attacker footprint or collect information regarding the type of business handled by the organization?

Background checks to hire employees

Which of the following web services is a repository that contains a collection of user-submitted notes or messages on various subjects and topics?

NNTP Usenet newsgroups

A penetration tester was hired to perform a penetration test for a bank. The tester began searching for IP ranges owned by the bank, performing lookups on the bank's DNS servers, reading news articles online about the bank, watching the bank employees time in and out, searching the bank's job postings (paying special attention to IT-related jobs), and visiting the local dumpster for the bank's corporate office. What phase of the penetration test is the tester currently in?

Passive information gathering

Which of the following should NOT be followed when securing an organization from footprinting attacks?

Enabling the geo-tagging functionality on cameras

Which of the following footprinting techniques allows an attacker to gather information passively about the target without direct interaction?

Extracting information using Internet archives

You are doing research on SQL injection attacks. Which of the following combination of Google operators will you use to find all Wikipedia pages that contain information about SQL, injection attacks, or SQL injection techniques?

SQL injection site:Wikipedia.org

Sean works as a professional ethical hacker and penetration tester. He is assigned a project for information gathering on a client's network. He started penetration testing and was trying to find out the company's internal URLs, looking for any information about the different departments and business units. Sean was unable find any information. What should Sean do to get the information he needs?

Sean should use Sublist3r tool

Which of the following activities of a user on social networking sites helps an attacker footprint or collect the identity of the user's family members, the user's interests, and related information?

Sharing photos and videos

Robert, an attacker, targeted a high-level executive of an organization and wanted to obtain information about the executive on the Internet. He employed a tool through which he discovered the target user on various social networking sites, along with the complete URL. What is the tool used by Robert in the above scenario?

Sherlock

A pen tester was hired to perform penetration testing on an organization. The tester was asked to perform passive footprinting on the target organization. Which of the following techniques comes under passive footprinting?

Finding the top-level domains (TLDs) and sub-domains of a target through web services

Which of the following DNS record type helps in DNS footprinting to determine a domain's mail server?

MX

In which of the following footprinting threats does an attacker collect information directly and indirectly through persuasion without using any intrusion methods?

Social engineering

Which of the following is the direct approach technique that serves as the primary source for attackers to gather competitive intelligence?

Social engineering

In website footprinting, which of the following information is acquired by the attacker when they examine the cookies set by the server?

Software in use and its behavior

James, a professional hacker, targeted the employees of an organization to establish footprints in their network. For this purpose, he employed an online reconnaissance tool to extract information on individuals belonging to the target organization. The tool assisted James in obtaining employee information such as phone numbers, email addresses, address history, age, date of birth, family members, and social profiles. Identify the tool employed by James in the above scenario.

Spokeo

Which of the following search engine tools helps an attacker use an image as a search query and track the original source and details of images, such as photographs, profile pictures, and memes?

TinEye

Which of the following types of DNS records points to a host's IP address?

A

Which of the following countermeasures should be followed to safeguard the privacy, data, and reputation of an organization and to prevent information disclosure?

Avoiding domain-level cross-linking for critical assets

Which of the following techniques is used to create complex search engine queries?

Google hacking

Which of the following tools is used for gathering email account information from different public sources and checking whether an email was leaked using the haveibeenpwned.com API?

Infoga

Which of the following features in FOCA allows an attacker to find more servers in the same segment of a determined address?

PTR scanning

Passive reconnaissance involves collecting information through which of the following?

Publicly accessible sources

Which of the following is a query and response protocol used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block, or an autonomous system?

Whois lookup

Which Google search query can you use to find mail lists dumped on pastebin.com?

site:pastebin.com intext:*@*.com:*

Which of the following utilities is used by Recon-Dog to detect technologies existing in the target system?

wappalyzer.com