Q. What tool is commonly used for DNS lookups on Windows, Linux, and macOS systems?

View solution

Q. What type of information can be obtained from TLS certificates?

View solution

Q. What does an out-of-date TLS certificate indicate?

View solution

Q. How can a penetration tester conduct a DNS zone transfer using the 'dig' command?

View solution

Q. What information can be obtained from a DNS zone transfer?

View solution

Q. In case a zone transfer is not possible, how can DNS information still be gathered?

View solution

Q. What can be determined by looking up the IP range of a system?

View solution

Q. How can traceroute be useful for a penetration tester?

View solution

Q. What is the process of scanning for wireless networks while mobile, often in a car?

View solution

Q. Which of the following databases is an open wireless network database?

View solution

Q. What is the purpose of public BGP route information servers known as BGP looking glasses?

View solution

Q. What is wardriving?

View solution

Q. What is the purpose of security search engines like Shodan and Censys?

View solution

Q. How can penetration testers use the Google Hacking Database (GHDB) for information gathering?

View solution

Q. What is the purpose of sites like haveibeenpwned.com and tools like pwnedOrNot?

View solution

Q. Why are source code repositories like GitHub important for penetration testers?

View solution

Q. What challenge do penetration testers face in passive enumeration tasks for cloud and hosted services?

View solution

Q. What infrastructure as code tools are generating useful code for penetration testers?

View solution

Q. What is the primary goal of active reconnaissance in the penetration testing process?

View solution

Q. What is a common method for enumerating hosts on a network in active reconnaissance?

View solution