Module 2 - Footprinting and Reconnaissance

Question 1

Which of these is an open-source framework for doing automated recon and info-gathering activities to learn about a target organization?

A) OSINT Framework
B) SpeedPhish Framework
C) WebSploit Framework
D) Browser Exploitation Framework

Answer 1

A

Question 2

Which of these Google Dork (Google hacking) operators would you use to show certain file extensions on a website?

A) ext
B) filetype
C) inurl
D) allinurl
E) site
F) location

Answer 2

B

Question 3

Passive reconnaissance involves collecting information through which of the following?

A) Social engineering
B) Network traffic sniffing
C) Man in the middle attacks
D) Publicly accessible sources

Answer 3

D

Question 4

Which type of footprinting involves gathering domain information, such as domain name, contact details of the owner, and creation & expiration dates?

A) VoIP footprinting
B) Whois footprinting
C) VPN footprinting
D) Email footprining

Answer 4

B

Question 5

In order to make convincing phishing e-mails, it helps to know about the company you are going to impersonate. The time you spend on researching this information is called what?

A) Exploration
B) Reconnaissance
C) Investigation
D) Enumeration

Answer 5

B

Question 6

You need to monitor your corporate website to analyze the traffic and learn things such as the geographical location of people visiting the site. Which tool would be best suited for this?

A) Webroot
B) Web-Stat
C) WAFW00F
D) WebSite-Watcher

Answer 6

B

Question 7

What is the collection of overt and publicly available information known as?

A) Real intelligence
B) Human intelligence
C) Open-source intelligence
D) Social intelligence

Answer 7

C

Question 8

Which of these would be the best choice to surf the internet anonymously?

A) Use shared WiFi
B) Use public VPN
C) Use SSL sites when entering personal information
D) Use Tor network with multi-node

Answer 8

D

Question 9

Which of these tools can perform DNS lookups and find info such as DNS domain names, computer names, IP addresses, DNS records, and network Whois records?

Note: zANTI is an Android tool for spoofing MAC addresses, creating malicious Wi-Fi hotspots, and hijacking sessions. Knative is for managing containers. Towelroot is for rooting a mobile device. Bluto is the only tool in this list that queries DNS info.

A) Bluto
B) zANTI
C) Knative
D) Towelroot

Answer 9

A

Question 10

You have been sent a suspicious e-mail message and want to see who sent it. After looking at the header you see that it was received from an unknown sender at the IP address 145.146.50.60. What web site will allow you to find out more information about an IP address, including who owns that IP?

Note: ARIN is the American Registry for Internet Numbers and can tell you who owns a particular IP address. The other three are domain registrars and can tell you who owns a domain name.

A) http://www.tucowsdomains.com/whois
B) https://whois.arin.net
C) https://www.networksolutions.com/whois
D) https://www.godaddy.com/whois

Answer 10

B

Question 11

Where can you go to see past versions and pages of a website?

A) Samspade.org
B) Search.com
C) Archive.org
D) AddressPast.com

Answer 11

C

Question 12

During which hacking process do you surf the internet looking for information about your target company?

A) Scanning
B) Enumerating
C) Footprinting
D) System Hacking

Answer 12

C

Question 13

Which Google search operator would limit searches to one domain?

A) [location:]
B) [site:]
C) [allinurl:]
D) [link:]

Answer 13

B

Question 14

Which regional internet registry should you use to get detailed info about an IP address in France?

Note: The major RIRs include:
ARIN (American Registry for Internet Numbers) (https://www.arin.net)
AFRINIC (African Network Information Center) (https://www.afrinic.net)
APNIC (Asia Pacific Network Information Center) (https://www.apnic.net)
RIPE (Réseaux IP Européens Network Coordination Centre) (https://www.ripe.net)
LACNIC (Latin American and Caribbean Network Information Center) (https://www.lacnic.net)

A) ARIN
B) APNIC
C) LACNIC
D) RIPE

Answer 14

D

Question 15

Your network has been breached. You review your logs and discover that an unknown IP address has accessed the network through a high-level port that was not closed. You trace the IP to a proxy server in Argentina. After calling the company that owns the server, they trace it to another proxy in Germany. You call them and they trace it to another proxy in China. What proxy tool has the attacker used to cover his tracks?

A) ISA proxy
B) IAS proxy
C) TOR proxy
D) Cheops proxy

Answer 15

C

Question 16

Hacker Joe is using specialized tools and search engines that encrypt his web traffic and allows him to anonymously gather information on the internet. After gathering information, he performs attacks on target organizations without being traced. Which technique was used here?

A) VoIP footprinting
B) VPN footprinting
C) Website footprinting
D) Dark web footprinting

Answer 16

D

Question 17

You find job listings for network administrators at your competitor’s company. How can reviewing this listing help you footprint their company?

A) To learn about the IP range used by the target network.
B) To identify the number of employees working for the company.
C) To test the limits of the corporate security policy enforced in the company.
D) To learn about the operating systems, services and applications used on the network.

Answer 17

D

Question 18

Which of these tools can track e-mails and provide info such as sender identities, mail servers, sender IP address, and sender location?

A) Infoga
B) Netcraft
C) Zoominfo
D) Factiva

Answer 18

A

Question 19

Which of these online tools would allow you gather a competitor’s server’s IP address using Whois footprinting, then using that IP, can tell you info such as the network range and topology?

Note: Doing a Whois search on ARIN will tell you a company’s IP range (the IP addresses that have been assigned to them). Using that info, you can scan their IP’s go gain more info. For example, if you find that one of those IP’s is a DNS server, that’s an opportunity to get even more info. If that DNS server is improperly configured, you might be able to get the IP’s of even their internal devices.

A) AOL
B) Baidu
C) DuckDuckGo
D) ARIN

Answer 19

D

Question 20

Using an image as a search query, which footprinting technique would you use to find information about the image, such as the original source and details, photographs, profile pictures, and memes?

A) Advanced image search
B) Reverse image search
C) Google advanced search
D) Meta search engines

Answer 20

B

Question 21

Which of these is a tool to gather a list of words from a target website?

Note: Orbot and Psiphon are anonymizer tools. Shadowsocks is a proxy tool for mobile. CeWL is an automated tool to “crawl” through a target website to make a list of words or terms. This is very handy if you want to crawl a site to find all the listed e-mail addresses for example. The syntax is easy. For example: #cewl www.moviescope.com

A) Psiphon
B) Shadowsocks
C) Orbot
D) CeWL

Answer 21

D

Question 22

Which of these Google Advanced Search Operators would help you gather info about websites that are similar to a specific URL that you type in?

A) info:
B) related:
C) site:
D) inurl:
E) filetype:

Answer 22

B

Question 23

Which tool can scan social media sites for information about a target, including finding their geolocation by using location tags in their photographs?

A) Hootsuite
B) VisualRoute
C) HULK
D) ophcrack

Answer 23

A

Question 24

What would you get from this Google query?
site:amazon.com -site:books.amazon.com iphone

A) Results matching all words in the query.
B) Results matching “iphone” in domain amazon.com but not on the site books.amazon.com.
C) Results from matches on the site books.amazon.com that are in the domain amazon.com but do not include the word iphone.
D) Results for matches on amazon.com and books.amazon.com that include the word “iphone”.

Answer 24

B

Question 25

Which of these is an anonymizer site that would mask and protect your identity as you surf the web?

Note: Baidu and Wolfram Alpha are search engines. Karmadecay is an image search engine for Reddit. On this list, only Guardster is a proxy surfing site to hide your IP address and identity as you surf the web.

A) www.baidu.com
B) www.karmadecay.com
C) www.guardster.com
D) www.wolframalpha.com

Answer 25

C