Module 2 - Footprinting and Reconnaissance Flashcards

1
Q

The first step of any attack on information systems in which an attacker collects information about a target network for identifying various ways to intrude into the system.

a. Banner Grabbing
b. Scanning/Enumeration
c. Reconnaissance/Footprinting
d. Gaining Access
e. Maintaining Access

A

c. Reconnaissance/Footprinting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Refers to the use of advanced Google search operators for creating complex search queries in order to extract sensitive or hidden information that helps attackers to find vulnerable targets.

A

Google Hacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Footprinting through Search Engines:

Displays the web pages stored in the Google cache.

a. cache
b. link
c. related
d. info
e. site
f. allintitle
g. intitle
h. allinurl
i. inurl
j. location

A

a. cache

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Footprinting through Search Engines:

Lists web pages that have links to the specified web page.

a. cache
b. link
c. related
d. info
e. site
f. allintitle
g. intitle
h. allinurl
i. inurl
j. location

A

b. link

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Footprinting through Search Engines:

Restricts the results to those websites in the given domain.

a. cache
b. link
c. related
d. info
e. site
f. allintitle
g. intitle
h. allinurl
i. inurl
j. location

A

e. site

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Footprinting through Search Engines:

Restricts the results to those with all of the search keywords in the URL.

a. cache
b. link
c. related
d. info
e. site
f. allintitle
g. intitle
h. allinurl
i. inurl
j. location

A

h. allinurl

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Footprinting through Search Engines:

  • An authoritative source for querying the ever-widening reach of the Google search engine.
  • Common Vulnerabilities and Exposures (CVE) compliant archive of public exploits and corresponding vulnerable software.
A

Google Hacking Database (GHDB)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Website Footprinting:

Extracts metadata of public documents (pdf, doc, xls, ppt, docx, pptx, xlsx, etc.) belonging to a target company.

a. Burp Suite
b. Netcraft.com
c. Archive.org
d. Metagoofil

A

d. Metagoofil

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Whois Footprinting:

Whois databases are maintained by ______ ______ _______ and contain personal information of domain owners.

A

Regional Internet Registries

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Whois Footprinting:

Regional Internet Registries (RIRs): ARIN

a. North America & Canada
b. Africa
c. Europe
d. Latin America and Caribbean Islands
e. Asian/Pacific

A

a. North America & Canada

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Whois Footprinting:

Regional Internet Registries (RIRs): AFRINIC

a. North America & Canada
b. Africa
c. Europe
d. Latin America and Caribbean Islands
e. Asian/Pacific

A

b. Africa

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Whois Footprinting:

Regional Internet Registries (RIRs): RIPE NCC

a. North America & Canada
b. Africa
c. Europe
d. Latin America and Caribbean Islands
e. Asian/Pacific

A

c. Europe

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Whois Footprinting:

Regional Internet Registries (RIRs): lacnic

a. North America & Canada
b. Africa
c. Europe
d. Latin America and Caribbean Islands
e. Asian/Pacific

A

d. Latin America & Caribbean

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Whois Footprinting:

Regional Internet Registries (RIRs): APNIC

a. North America & Canada
b. Africa
c. Europe
d. Latin America and Caribbean Islands
e. Asian/Pacific

A

e. Asian/Pacific

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

DNS Footprinting:

Points to a host’s IP address:

a. A / AAAA (IPv6)
b. MX
c. CNAME
d. SOA
e. PTR

A

a. A / AAAA (IPv6)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

DNS Footprinting:

Points to domain’s mail server.

a. A / AAAA (IPv6)
b. MX
c. CNAME
d. SOA
e. PTR

A

b. MX

17
Q

DNS Footprinting:

Canonical naming allows aliases to a host.

a. A / AAAA (IPv6)
b. MX
c. CNAME
d. SOA
e. PTR

A

c. CNAME

18
Q

DNS Footprinting:

Indicate authority for domain. (Start of Authority)

a. A / AAAA (IPv6)
b. MX
c. CNAME
d. SOA
e. PTR

A

d. SOA

19
Q

DNS Footprinting:

Maps IP address to a hostname.

a. A / AAAA (IPv6)
b. MX
c. CNAME
d. SOA
e. PTR

A

e. PTR

20
Q

Footprinting through Web Services:

_______ is a tool used determine the Operating Systems in use by the target organization.

a. Censys
b. SHODAN
c. Netcraft
d. Firebug

A

c. Netcraft

21
Q

Website Footprinting:

This website allows you to visit archived versions of websites.

A

archive.org

22
Q

Network Footprinting:

This command is used to see the path a packet travels from source to destination.

A

Traceroute

23
Q

Footprinting through Social Engineering:

  • Is unauthorized listening of conversations or reading of messages.
  • It is interception of any form of communication such as audio, video, or written.
    a. Shoulder Surfing
    b. Dumpster Diving
    c. Eavesdropping
A

c. Eavesdropping

24
Q

Footprinting through Social Engineering:

  • Is atechnique, where attackers secretly observe the target to gain critical information.
  • Attackers gather information such as passwords, personal identification number, account numbers, credit card information, etc.
    a. Shoulder Surfing
    b. Dumpster Diving
    c. Eavesdropping
A

a. Shoulder Surfing

25
Q

Footprinting through Social Engineering:

  • Is looking for treasure in someone else’s trash.
  • It involves the collection of phone bills, contact information, financial information, operations-related information, etc. from the target company’s trash bins, printer trash bins, user desk for sticky notes, etc.
    a. Shoulder Surfing
    b. Dumpster Diving
    c. Eavesdropping
A

b. Dumpster Diving

26
Q

Footprinting Tools:

A program that can be used to determine the relationships and real world links between people, groups of people (social networks), companies, organizations, websites, internet infrastructure, phrases, documents, and files.

a. Metasploit
b. Maltego
c. Recon-ng
d. Foca

A

b. Maltego

27
Q

Footprinting Pen Testing:

Perform footprinting through web services such as ______ to gather information about target organization’s website, employees, competitor, infrastructure, operating systems, etc.

a. Google
b. DNSstuff
c. Netcraft
d. LexisNexis

A

c. Netcraft