CH 4 - Footprinting & Reconnaissance Flashcards
If you were checking on the IP addresses for a company in France, what RIR would you be checking with for details?
A. ARIN
B. RIPE
C. AfriNIC
D. LACNIC
B.
RIPE
You need to identify all Excel spreadsheets available from the company Example, Inc., whose domain is example.com. What search query would you use?
A. site: example.com files:pdf
B. site:excel files:xls
C. domain: example.com filetype:xls
D. site: example.com filetype:xls
D.
site: example.com filetype:xls
If you found a colleague searching at pgp.mit.edu, what would they likely be looking for?
A. Email addresses
B. Company keys
C. Executive names
D. Privacy policies
A.
Email addresses
What information could you get from running p0f?
A. Local time
B. Remote time
C. Absolute time
D. Uptime
D.
Uptime
The DNS server where records for a domain belonging to an organization or enterprise reside is called the ________________ server
A. Caching
B. Recursive
C. Authoritative
D. Local
C.
Authoritative
What strategy does a local, caching DNS server use to look up records when asked?
A. Recursive
B. Serial
C. Combinatorics
D. Bistromathics
A.
Recursive
What would you use a job listing for when performing reconnaissance?
A. Executive staff
B. Technologies used
C. Phishing targets
D. Financial records
B.
Technologies used
What tool could be used to gather email addresses from Bing, Google and other sources?
A. whois
B. dig
C. netstat
D. theHarvester
D.
theHarvester
What social networking site would be most likely to be useful in gathering information about a company, including job titles?
A. Twitter
B. LinkedIn
C. Foursquare
D. Facebook
B.
LinkedIn
You see the following text written down– port:502. What does that likely reference?
A. Shodan search
B. I/O search
C. p0f results
D. RIR query
A.
Shodan search
What would you use Wappalyzer for?
A. Analyzing web headers
B. Analyzing application code
C. Identifying web headers
D. Identifying web technologies
D.
Identifying web technologies
What technique would you ideally use to get all the hostnames associated with a domain?
A. DNS query
B. Zone copy
C. Zone Transfer
D. Recursive request
C.
Zone Transfer
What information would you not expect to find in the response to a whois query about an IP address?
A. IP address block
B. Domain association
C. Address block owner
D. Technical contact
B.
Domain association
What would you be looking for with the filetype:txt Administrator:500: Google query?
A. Text files owned by the administrator
B. Administrator login from file
C. Text files including the text Administrator:500:
D. 500 administrator files with text
C.
Text files including the text Administrator:500:
What command would you use to get the list of mail servers for a domain?
A. whois mx zone= domain.com
B. netstat zone= domain.com mx
C. dig domain.com @mx
D. dig mx domain.com
D.
dig mx domain.com