Cyber Defense 5.1.18
A network security engineer provided a report to the operations manager with a large amount of public information that is accessible solely from the company's website. For example, the report shows email addresses and other company phone numbers on a graph that would otherwise be known internally. What tool did the network security engineer most likely use to gather this information with little effort?
Maltego
You would like to extend the functionality of the Nmap tool to let you perform tasks such as basic vulnerability detection performance and Windows user account discovery. Which of the following would allow you to extend that functionality?
NSE Scripts
As a security analyst for a large financial institution, you want to discover information available through the open ports in your network that could provide hackers with details that could result in guessing software and software versions available in the network. Which of the following would you MOST likely use to discover that information?
Nmap fingerprinting
A company has hired a security analyst to perform a comprehensive information gathering and reconnaissance phase of a penetration testing engagement. The analyst needs to use a tool that can automate gathering information about a target and performing reconnaissance on the target network. Which of the following tools is best suited for this task?
Recon-ng
A network administrator is using Nmap to scan a target host for open ports. Which Nmap scan type is known for being a fast and stealthy technique?
TCP SYN
An attacker needs the following information about his target: domain ownership, domain names, IP addresses, and server types. Which tool is BEST matched for this operation?
Whois
Iggy, a penetration tester, is conducting an unknown penetration test. She wants to do reconnaissance by gathering information about ownership, IP addresses, domain name, locations, and server types. Which of the following tools would be MOST helpful?
Whois
When performing an authorized security audit of a website, you are given only the website address and asked to find other hosts on that network that might be vulnerable to attack. Which of the following tools might be used to lead you to the following Nmap output? (Select two.)
whois.org nslookup
Xavier is doing reconnaissance using a tool that pulls information from social media postings that were made using location services. He is gathering information about a company and its employees by going through their social media content. What tool is MOST likely being used?
Echosec
What information will be returned from the following Google search?
Excel documents with the word "password" in the title, but not from .gov and .gov.uk websites.
