Q. What is the purpose of security search engines like Shodan and Censys?

View solution

Q. How can penetration testers use the Google Hacking Database (GHDB) for information gathering?

View solution

Q. What is the purpose of sites like haveibeenpwned.com and tools like pwnedOrNot?

View solution

Q. Why are source code repositories like GitHub important for penetration testers?

View solution

Q. What challenge do penetration testers face in passive enumeration tasks for cloud and hosted services?

View solution

Q. What infrastructure as code tools are generating useful code for penetration testers?

View solution

Q. What is the primary goal of active reconnaissance in the penetration testing process?

View solution

Q. What is a common method for enumerating hosts on a network in active reconnaissance?

View solution

Q. What information can DHCP server logs provide in the context of active reconnaissance?

View solution

Q. What is the purpose of service identification in active reconnaissance?

View solution

Q. What is a common feature of port scanning tools used in active reconnaissance?

View solution

Q. What are ports 0–1023 commonly known as in the context of port scanning?

View solution

Q. How is service identification typically done in active reconnaissance?

View solution

Q. What is the purpose of operating system fingerprinting in reconnaissance?

View solution

Q. How is operating system fingerprinting typically done?

View solution

Q. What is Nmap commonly used for in information-gathering scenarios?

View solution

Q. What capability does Nmap provide in addition to port scanning?

View solution

Q. Which Nmap flag is commonly used to conduct a fast scan through most firewalls and sends only a SYN?

View solution

Q. What is the purpose of the -sU flag in Nmap?

View solution

Q. How does the -sA flag in Nmap differ from other scan techniques?

View solution