CH 4 - Footprinting & Reconnaissance

Question 1

If you were checking on the IP addresses for a company in France, what RIR would you be checking with for details?

A. ARIN
B. RIPE
C. AfriNIC
D. LACNIC

Answer 1

B.
RIPE

Question 2

You need to identify all Excel spreadsheets available from the company Example, Inc., whose domain is example.com. What search query would you use?

A. site: example.com files:pdf
B. site:excel files:xls
C. domain: example.com filetype:xls
D. site: example.com filetype:xls

Answer 2

D.
site: example.com filetype:xls

Question 3

If you found a colleague searching at pgp.mit.edu, what would they likely be looking for?

A. Email addresses
B. Company keys
C. Executive names
D. Privacy policies

Answer 3

A.
Email addresses

Question 4

What information could you get from running p0f?

A. Local time
B. Remote time
C. Absolute time
D. Uptime

Answer 4

D.
Uptime

Question 5

The DNS server where records for a domain belonging to an organization or enterprise reside is called the ________________ server

A. Caching
B. Recursive
C. Authoritative
D. Local

Answer 5

C.
Authoritative

Question 6

What strategy does a local, caching DNS server use to look up records when asked?

A. Recursive
B. Serial
C. Combinatorics
D. Bistromathics

Answer 6

A.
Recursive

Question 7

What would you use a job listing for when performing reconnaissance?

A. Executive staff
B. Technologies used
C. Phishing targets
D. Financial records

Answer 7

B.
Technologies used

Question 8

What tool could be used to gather email addresses from Bing, Google and other sources?

A. whois
B. dig
C. netstat
D. theHarvester

Answer 8

D.
theHarvester

Question 9

What social networking site would be most likely to be useful in gathering information about a company, including job titles?

A. Twitter
B. LinkedIn
C. Foursquare
D. Facebook

Answer 9

B.
LinkedIn

Question 10

You see the following text written down– port:502. What does that likely reference?

A. Shodan search
B. I/O search
C. p0f results
D. RIR query

Answer 10

A.
Shodan search

Question 11

What would you use Wappalyzer for?

A. Analyzing web headers
B. Analyzing application code
C. Identifying web headers
D. Identifying web technologies

Answer 11

D.
Identifying web technologies

Question 12

What technique would you ideally use to get all the hostnames associated with a domain?

A. DNS query
B. Zone copy
C. Zone Transfer
D. Recursive request

Answer 12

C.
Zone Transfer

Question 13

What information would you not expect to find in the response to a whois query about an IP address?

A. IP address block
B. Domain association
C. Address block owner
D. Technical contact

Answer 13

B.
Domain association

Question 14

What would you be looking for with the filetype:txt Administrator:500: Google query?

A. Text files owned by the administrator
B. Administrator login from file
C. Text files including the text Administrator:500:
D. 500 administrator files with text

Answer 14

C.
Text files including the text Administrator:500:

Question 15

What command would you use to get the list of mail servers for a domain?

A. whois mx zone= domain.com
B. netstat zone= domain.com mx
C. dig domain.com @mx
D. dig mx domain.com

Answer 15

D.
dig mx domain.com

Question 16

What would you get from running the command dig ns domain.com?

A. Mail exchanger records for domain.com
B. Name server records for domain.com
C. Caching name server for domain.com
D. IP address for the hostname ns

Answer 16

B.
Name server records for domain.com

Question 17

If you wanted to locate detailed information about a person using either their name or username you have, which website would you use?

A. peekyou.com
B. twitter.com
C. intelius.com
D. facebook.com

Answer 17

A.
peekyou.com

Question 18

If you were looking for detailed financial information on a target company, with what resource would you have the most success?

A. LinkedIn
B. Facebook
C. EDGAR
D. MORTIMER

Answer 18

C.
EDGAR

Question 19

What financial filing is required for public companies and would provide you with the annual report?

A. 10-Q
B. 11-K
C. 401(k)
D. 14A

Answer 19

D.
14A

Question 20

If you were looking up information about a company in New Zealand, which RIR would you be looking in for data?

A. AfriNIC
B. RIPE
C. APNIC
D. LACNIC

Answer 20

C.
APNIC

Question 21

What record would you use to identify a name server associated with a specific domain?

A. TXT
B. MX
C. NS
D. PTR

Answer 21

C.
NS

Question 22

What would you use the website PeekYou for?

A. DNS lookup
B. Person search
C. Identifying domain registrars
D. Identifying IoT devices

Answer 22

B.
Person search

Question 23

The following performs 2 DNS queries. What 2 records are referenced in this query response?

host www.wiley.com
www.wiley.com is an alias for
www.wiley.com.cdn.cloudflare.net.
www.wiley.com.cdn.cloudflare.net
has address 104.18.17.99

A. CNAME, A
B. CNAME, PTR
C. A, PTR
D. PTR, MX

Answer 23

A.
CNAME, A

Question 24

What are you looking for with the following Google dork, or Google query?

site:pastebin.com intext:password.txt

A. Pasted passwords
B. Binary data for a password program
C. A file of passwords on a common storage website
D. Plaintext usernames and passwords

Answer 24

A.
Pasted passwords

Question 25

What would you use the tool Sherlock for?

A. Searching for fingerprints
B. Looking up job information
C. Looking for potential usernames
D. Searching domain registrars

Answer 25

C.
Looking for potential usernames