Q. What information can be obtained through a WHOIS query?

View solution

Q. What information can be obtained from WHOIS information about a domain?

View solution

Q. How can the host command in Linux be useful for information gathering?

View solution

Q. What tool is commonly used for DNS lookups on Windows, Linux, and macOS systems?

View solution

Q. What type of information can be obtained from TLS certificates?

View solution

Q. What does an out-of-date TLS certificate indicate?

View solution

Q. How can a penetration tester conduct a DNS zone transfer using the 'dig' command?

View solution

Q. What information can be obtained from a DNS zone transfer?

View solution

Q. In case a zone transfer is not possible, how can DNS information still be gathered?

View solution

Q. What can be determined by looking up the IP range of a system?

View solution

Q. How can traceroute be useful for a penetration tester?

View solution

Q. What is the process of scanning for wireless networks while mobile, often in a car?

View solution

Q. Which of the following databases is an open wireless network database?

View solution

Q. What is the purpose of public BGP route information servers known as BGP looking glasses?

View solution

Q. What is wardriving?

View solution

Q. What is the purpose of security search engines like Shodan and Censys?

View solution

Q. How can penetration testers use the Google Hacking Database (GHDB) for information gathering?

View solution

Q. What is the purpose of sites like haveibeenpwned.com and tools like pwnedOrNot?

View solution

Q. Why are source code repositories like GitHub important for penetration testers?

View solution

Q. What challenge do penetration testers face in passive enumeration tasks for cloud and hosted services?

View solution