Bash, the Crucial Exams Chat Bot
AI Bot
Footprinting and Reconnaissance (CEH) Flashcards
Certified Ethical Hacker (CEH) Flashcards
Study our Footprinting and Reconnaissance (CEH) flashcards for the Certified Ethical Hacker (CEH) exam with 33+ flashcards. View as flashcards, a searchable table, or as a fun matching game.
| Front | Back |
| Define social engineering in the context of reconnaissance | Manipulating individuals to disclose information about a system or organization. |
| Distinguish between passive and active reconnaissance | Passive does not interact directly with the target; active involves engagement with the target for information gathering. |
| Explain the difference between public and private IP addresses in footprinting | Public IPs are accessible on the internet while private IPs are restricted to internal network use. |
| Explain the purpose of banner grabbing | Identifying the software and versions running on a target system. |
| Explain the purpose of zone walking in reconnaissance | Identifying DNSSEC misconfigurations to gather detailed DNS record data. |
| How can a penetration tester leverage LinkedIn for reconnaissance | To find details about employees, job roles, and technology stacks used in an organization. |
| How can SSL certificates aid in reconnaissance | Providing information about domains, subdomains, and certificate issuing authorities. |
| How can you use Google Dorks to locate login pages | Using advanced search queries such as "inurl:login" or "intitle:login page." |
| How does a penetration tester use Shodan | To find vulnerabilities and exposed devices on the internet. |
| How does Wayback Machine assist in reconnaissance | Accessing archived versions of websites to uncover outdated and potentially sensitive information. |
| List examples of passive footprinting techniques | Analyzing website metadata, social media profiles, job postings, or public financial records. |
| Name key tools for searching metadata in footprinting | EXIFTool or FOCA for extracting data embedded in images, documents, or PDFs. |
| What are dark web resources used for in footprinting | Finding leaked credentials or sensitive company information. |
| What are DNS zone transfers used for in reconnaissance | Extracting nameserver data to identify network structure and configuration. |
| What does the term 'OSINT' refer to | Open Source Intelligence, information collected from publicly available sources. |
| What is footprinting in ethical hacking | The process of gathering information about a target system to identify vulnerabilities. |
| What is Google Hacking | Leveraging advanced search operators to locate sensitive information in public web pages. |
| What is Maltego used for in penetration testing | Visualizing relationships between entities such as people, domains, and networks for OSINT purposes. |
| What is metadata analysis used for in OSINT | Extracting hidden information such as author names, software versions, or geo-coordinates from shared files. |
| What is the function of Robtex in a reconnaissance task | Analyzing DNS information, IP addresses, and relationships between domains. |
| What is the importance of network topology mapping during reconnaissance | Understanding the structure and layout of a target's network. |
| What is the objective of footprinting in the reconnaissance phase | To gather as much information as possible about a target's systems and infrastructure for planning potential attacks. |
| What is the purpose of email harvesting | Gathering email addresses for targeted phishing or further investigation into the organization. |
| What is the purpose of email spoofing detection during reconnaissance | Identifying vulnerabilities in an organization's email systems that could be exploited for phishing attacks. |
| What is the purpose of spidering a website | Automated crawling of a website to map out its structure and identify sensitive directories or files. |
| What is the relevance of job postings in reconnaissance | Identifying technology, software, or tools in use within the target organization. |
| What is the significance of WHOIS reverse lookup | Determines other domains or IPs owned by the same registrant to expand the scope of investigation. |
| What is WHOIS used for during footprinting | Gathering domain registration details like owner, registrar, and contact information. |
| What role does the Traceroute command play in reconnaissance | Identifying the path packets take to reach a target host. |
| What tools are commonly used for DNS footprinting | Nslookup, Dig, and Whois. |
| Which reconnaissance stage often involves employee profiling | Social engineering to obtain sensitive information from staff by analyzing platforms like LinkedIn or other social media. |
| Which tool can be used for scanning network ports during active reconnaissance | Nmap. |
| Which tools are used for identifying vulnerabilities on web servers during reconnaissance | Nikto and Burp Suite. |
About the Flashcards
Flashcards for the Certified Ethical Hacker (CEH) exam help students review essential reconnaissance and footprinting terminology, concepts, and objectives. The deck emphasizes passive versus active reconnaissance, OSINT sources (WHOIS, Wayback Machine, dark web), banner grabbing, and the aims of footprinting for mapping networks, identifying potential vulnerabilities, and planning potential attacks.
It also summarizes practical tools and methods used in reconnaissance - Nmap, Shodan, Maltego, Nikto, Burp Suite, EXIFTool and FOCA - plus DNS commands (nslookup, dig), zone transfers and zone walking, traceroute, SSL certificate analysis, Google dorks and spidering, social engineering, and email harvesting. Use these cards to strengthen recall and exam readiness.
Topics covered in this flashcard deck:
- Footprinting and reconnaissance
- Passive vs active recon
- DNS, WHOIS, zone transfers
- OSINT and metadata analysis
- Reconnaissance tools and scanners
- Social engineering and harvesting