Q. In case a zone transfer is not possible, how can DNS information still be gathered?

View solution

Q. What can be determined by looking up the IP range of a system?

View solution

Q. How can traceroute be useful for a penetration tester?

View solution

Q. What is the process of scanning for wireless networks while mobile, often in a car?

View solution

Q. Which of the following databases is an open wireless network database?

View solution

Q. What is the purpose of public BGP route information servers known as BGP looking glasses?

View solution

Q. What is wardriving?

View solution

Q. What is the purpose of security search engines like Shodan and Censys?

View solution

Q. How can penetration testers use the Google Hacking Database (GHDB) for information gathering?

View solution

Q. What is the purpose of sites like haveibeenpwned.com and tools like pwnedOrNot?

View solution

Q. Why are source code repositories like GitHub important for penetration testers?

View solution

Q. What challenge do penetration testers face in passive enumeration tasks for cloud and hosted services?

View solution

Q. What infrastructure as code tools are generating useful code for penetration testers?

View solution

Q. What is the primary goal of active reconnaissance in the penetration testing process?

View solution

Q. What is a common method for enumerating hosts on a network in active reconnaissance?

View solution

Q. What information can DHCP server logs provide in the context of active reconnaissance?

View solution

Q. What is the purpose of service identification in active reconnaissance?

View solution

Q. What is a common feature of port scanning tools used in active reconnaissance?

View solution

Q. What are ports 0–1023 commonly known as in the context of port scanning?

View solution

Q. How is service identification typically done in active reconnaissance?

View solution