Ethical Hacking Quiz 6: Footprinting and Reconnaissance
What would you use a job listing for when performing reconnaissance? A. Executive staff B. Technologies used C. Phishing targets D. Financial records
B. Technologies used
If you were looking up information about a company in New Zealand, which RIR would you be looking in for data? A. AfriNIC B. RIPE C. APNIC D. LACNIC
C. APNIC
The DNS server where records for a domain belonging to an organization or enterprise reside is called the __________ server. A. Caching B. Recursive C. Authoritative D. Local
C. Authoritative
An attacker is trying to determine the best methods of attack and what may be available at the target worth gaining access to. The attacker is in which phase of security testing? A. Initial compromise B. Internal reconnaissance C. Initial reconnaissance D. Privilege escalation
C. Initial reconnaissance
What would you be looking for with the following Google query? filetype:txt Administrator:500: A. Text files owned by Administrator B. Administrator login from file C. Text files including the text Administrator:500: D. 500 administrator files with text
C. Text files including the text Administrator:500:
Your end clients report that they cannot reach any website on the external network. As the network administrator, you decide to conduct some fact-finding. Upon your investigation, you determine that you are able to ping outside of the LAN to external websites using their IP addresses. Pinging websites with their domain name resolution does not work. What is most likely causing the issue? A. The HTTP GET request is being dropped at the firewall from going out. B. The firewall is blocking DNS resolution. C. The DNS server is not functioning correctly. D. The external websites are not responding.
C. The DNS server is not functioning correctly.
What technique would you ideally use to get all of the hostnames associated with a domain? A. DNS query B. Zone copy C. Zone transfer D. Recursive request
C. Zone transfer
What financial filing is required for public companies and would provide you with the annual report? A. 10-Q B. 11-K C. 401(k) D. 14-A
D. 14-A
A hacker wants to find information concerning the hardware or software used in a targeted company. Which of the following can be a great source for the hacker? A. Newspaper B. Journal C. Linkedln D. Job posting
D. Job posting
What would you use Wappalyzer for? A. Analyzing web headers B. Analyzing application code C. Identifying web headers D. Identifying web technologies
D. Identifying web technologies
Which of the following port/protocol identifications is incorrect? A. Port 53 is DNS. B. Port 23 is Telnet. C. Port 69 is TFTP. D. Port 110 is SSH.
D. Port 110 is SSH.
As an attacker, you found your target. You spend the next two weeks observing and watching personnel move in and move out of the facility. You also observe how the front desk handles large packages delivered as well as people who do not have access badges. You finally come up with a solid schedule of security patrols that you see being conducted. What is it that you are doing? A. Tunneling B. Scanning C. Covering tracks D. Reconnaissance
D. Reconnaissance
Which one of the following tools can an attacker use to find servers, webcams, printers, routers, and other devices connected to the Internet? A. Maltego B. FOCA C. Inurl D. Shodan
D. Shodan
What command would you use to get the list of mail servers for a domain? A. whois mx zone=domain.com B. netstat zone=domain.com mx C. dig domain.com @mx D. dig mx domain.com
D. dig mx domain.com
You need to identify all Excel spreadsheets available from the company Example, Inc., whose domain is example.com. What search query would you use? A. site:example.com files:pdf B. site:excel files:xls C. domain:example.com filetype:xls D. site:example.com filetype:xls
D. site:example.com filetype:xls
Which process utilizes the knowledge of human nature to get information from people to use for executing an attack on a computer network? A. fingerprinting B. footprinting C. zone transferring D. social engineering
D. social engineering
Which of the following provides free information about a website that includes phone number, administrator's email, and even the domain registration authority? A. dig B. nslookup C. Ping D. whois
D. whois
You are informed that the additional allocation of an IP address is required in North America. Which of the following RIR (Regional Internet registry) would you be looking in for allocation? A. ARIN B. APNIC C. LACNIC D. AfriNlC
A. ARIN
Your organization has asked you to use a tool named theHarvester. What are they trying to make you identify? A. Email addresses B. Hostnames C. Encryption keys D. IP addresses
A. Email addresses
Which utility is used to gather IP and domain information? A. Whois B. Netcat C. Metis D. Dig
A. Whois
Which Google hack allows the user to search for file types located within a website? A. filetype: B. file: C. typefile: D. inurl:
A. filetype:
What is the passive process of finding information on a company's network called? A. footprinting B. searching C. calling D. digging
A. footprinting
Joseph, a penetration tester, wants to examine links between data using graphs and link analysis. Which of the following tools will he use? A. Maltego B. Wireshark C. Metasploit D. John the Ripper
A. Maltego
Which two of the following statements correctly describe why a hacker would be interested in EDGAR filings? (Select two.) A. Details filed about corporate executives can be used for social engineering. B. Understanding the network filing system is essential to attacks. C. A civil litigation filing by the SEC hints that an organization is vulnerable to attack. D. Details about acquisitions and mergers may provide clues to networks being integrated in a hurry, with less focus on security.
A. Details filed about corporate executives can be used for social engineering. D. Details about acquisitions and mergers may provide clues to networks being integrated in a hurry, with less focus on security.
What is the HTTP method that retrieves data by URI? A. GET B. PUT C. CONNECT D. HEAD
A. GET
What strategy does a local, caching DNS server use to look up records when asked? A. Recursive B. Serial C. Combinatorics D. Bistromathics
A. Recursive
You see the following text written down-port:502. What does that likely reference? A. Shodan search B. IO search C. p0f results D. RIR query
A. Shodan search
If you wanted to locate detailed information about a person using either their name or a username you have, which website would you use? A. peekyou.com B. twitter.com C. intelius.com D. facebook.com
A. peekyou.com
John works as a database administrator at XYZ. He was asked to query the RIR for information about an IP address block. Which of the following utilities will he use to obtain information? A. whois B. dig C. rirdump D. Netstat
A. whois
What information would you not expect to find in the response to a whois query about an IP address? A. IP address block B. Domain association C. Address block owner D. Technical contact
B. Domain association
Joseph, a black hat hacker, wants to gather more useful information on a publicly traded organization. Which of the following tools will help him? A. Metasploit B. EDGAR C. John the Ripper D. Rainbow table
B. EDGAR
Taylor, a database administrator, wants to determine a publicly available set of databases that contain domain name registration contact information. Which of the following will she use? A. nmap B. whois C. dig D. netstat
B. whois
What social networking site would be most likely to be useful in gathering information about a company, including job titles? A. Twitter B. LinkedIn C. Instagram D. Facebook
B. LinkedIn
What would you get from running the command dig ns domain.com? A. Mail exchanger records for domain.com B. Name server records for domain.com C. Caching name server for domain.com D. IP address for the hostname ns
B. Name server records for domain.com
Hanna, a black hat hacker, is performing lookups on the bank's DNS servers, reading news articles online about the bank, watching what times the bank employees come into work and leave from work, and searching the bank's job postings. What phase is the hacker currently in? A. Tunneling B. Passive reconnaissance C. Vulnerability assessment D. Covering tracks
B. Passive reconnaissance
Which one of the following types of information is NOT available via Whois? A. Domain ownership B. Passwords C. Network provider D. Technical support contact information
B. Passwords
If you were checking on the IP addresses for a company in France, what RIR would you be checking with for details? A. ARIN B. RIPE C. AfriNIC D. LACNIC
B. RIPE
Juan, a white hat hacker, is attempting to gain access to sensitive information and gather details about the company through social engineering. Which of the following is he performing? A. Tunneling B. Reconnaissance C. Covering tracks D. Scanning
B. Reconnaissance
Julia, a penetration tester, wants to use a browser plug-in to identify technologies used on a website. Which of the following will she use? A. GreaseMonkey B. Wappalyzer C. TamperData D. Nova
B. Wappalyzer
If you were looking for detailed financial information on a target company, with what resource would you have the most success A. LinkedIn B. Facebook C. EDGAR D. MORTIMER
C. EDGAR
Who or what is a "Google dork"? A. Someone who exclusively uses Google and its apps for Internet activity. B. The process of hacking the Chromebook security system. C. Using a search string with advanced operators to find sensitive system information. D. The author of the Google Hacking Database (GHDB).
C. Using a search string with advanced operators to find sensitive system information.
Your organization is using the EDGAR website for which of the following purposes? A. To recon against medical labs B. To recon against government entities C. To recon against foreign governments D. To recon against public companies
D. To recon against public companies
