CH 4 - Footprinting & Reconnaissance Flashcards

1
Q

If you were checking on the IP addresses for a company in France, what RIR would you be checking with for details?

A. ARIN
B. RIPE
C. AfriNIC
D. LACNIC

A

B.
RIPE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

You need to identify all Excel spreadsheets available from the company Example, Inc., whose domain is example.com. What search query would you use?

A. site: example.com files:pdf
B. site:excel files:xls
C. domain: example.com filetype:xls
D. site: example.com filetype:xls

A

D.
site: example.com filetype:xls

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

If you found a colleague searching at pgp.mit.edu, what would they likely be looking for?

A. Email addresses
B. Company keys
C. Executive names
D. Privacy policies

A

A.
Email addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What information could you get from running p0f?

A. Local time
B. Remote time
C. Absolute time
D. Uptime

A

D.
Uptime

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The DNS server where records for a domain belonging to an organization or enterprise reside is called the ________________ server

A. Caching
B. Recursive
C. Authoritative
D. Local

A

C.
Authoritative

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What strategy does a local, caching DNS server use to look up records when asked?

A. Recursive
B. Serial
C. Combinatorics
D. Bistromathics

A

A.
Recursive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What would you use a job listing for when performing reconnaissance?

A. Executive staff
B. Technologies used
C. Phishing targets
D. Financial records

A

B.
Technologies used

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What tool could be used to gather email addresses from Bing, Google and other sources?

A. whois
B. dig
C. netstat
D. theHarvester

A

D.
theHarvester

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What social networking site would be most likely to be useful in gathering information about a company, including job titles?

A. Twitter
B. LinkedIn
C. Foursquare
D. Facebook

A

B.
LinkedIn

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

You see the following text written down– port:502. What does that likely reference?

A. Shodan search
B. I/O search
C. p0f results
D. RIR query

A

A.
Shodan search

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What would you use Wappalyzer for?

A. Analyzing web headers
B. Analyzing application code
C. Identifying web headers
D. Identifying web technologies

A

D.
Identifying web technologies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What technique would you ideally use to get all the hostnames associated with a domain?

A. DNS query
B. Zone copy
C. Zone Transfer
D. Recursive request

A

C.
Zone Transfer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What information would you not expect to find in the response to a whois query about an IP address?

A. IP address block
B. Domain association
C. Address block owner
D. Technical contact

A

B.
Domain association

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What would you be looking for with the filetype:txt Administrator:500: Google query?

A. Text files owned by the administrator
B. Administrator login from file
C. Text files including the text Administrator:500:
D. 500 administrator files with text

A

C.
Text files including the text Administrator:500:

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What command would you use to get the list of mail servers for a domain?

A. whois mx zone= domain.com
B. netstat zone= domain.com mx
C. dig domain.com @mx
D. dig mx domain.com

A

D.
dig mx domain.com

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What would you get from running the command dig ns domain.com?

A. Mail exchanger records for domain.com
B. Name server records for domain.com
C. Caching name server for domain.com
D. IP address for the hostname ns

A

B.
Name server records for domain.com

17
Q

If you wanted to locate detailed information about a person using either their name or username you have, which website would you use?

A. peekyou.com
B. twitter.com
C. intelius.com
D. facebook.com

A

A.
peekyou.com

18
Q

If you were looking for detailed financial information on a target company, with what resource would you have the most success?

A. LinkedIn
B. Facebook
C. EDGAR
D. MORTIMER

A

C.
EDGAR

19
Q

What financial filing is required for public companies and would provide you with the annual report?

A. 10-Q
B. 11-K
C. 401(k)
D. 14A

A

D.
14A

20
Q

If you were looking up information about a company in New Zealand, which RIR would you be looking in for data?

A. AfriNIC
B. RIPE
C. APNIC
D. LACNIC

A

C.
APNIC

21
Q

What record would you use to identify a name server associated with a specific domain?

A. TXT
B. MX
C. NS
D. PTR

A

C.
NS

22
Q

What would you use the website PeekYou for?

A. DNS lookup
B. Person search
C. Identifying domain registrars
D. Identifying IoT devices

A

B.
Person search

23
Q

The following performs 2 DNS queries. What 2 records are referenced in this query response?

host www.wiley.com
www.wiley.com is an alias for
www.wiley.com.cdn.cloudflare.net.

www.wiley.com.cdn.cloudflare.net
has address 104.18.17.99

A. CNAME, A
B. CNAME, PTR
C. A, PTR
D. PTR, MX

A

A.
CNAME, A

24
Q

What are you looking for with the following Google dork, or Google query?

site:pastebin.com intext:password.txt

A. Pasted passwords
B. Binary data for a password program
C. A file of passwords on a common storage website
D. Plaintext usernames and passwords

A

A.
Pasted passwords

25
Q

What would you use the tool Sherlock for?

A. Searching for fingerprints
B. Looking up job information
C. Looking for potential usernames
D. Searching domain registrars

A

C.
Looking for potential usernames