Bash, the Crucial Exams Chat Bot
AI Bot
Footprinting and Reconnaissance (CEH) Flashcards
Certified Ethical Hacker (CEH) Flashcards
| Front | Back |
| Define social engineering in the context of reconnaissance | Manipulating individuals to disclose information about a system or organization. |
| Distinguish between passive and active reconnaissance | Passive does not interact directly with the target; active involves engagement with the target for information gathering. |
| Explain the difference between public and private IP addresses in footprinting | Public IPs are accessible on the internet while private IPs are restricted to internal network use. |
| Explain the purpose of banner grabbing | Identifying the software and versions running on a target system. |
| Explain the purpose of zone walking in reconnaissance | Identifying DNSSEC misconfigurations to gather detailed DNS record data. |
| How can a penetration tester leverage LinkedIn for reconnaissance | To find details about employees, job roles, and technology stacks used in an organization. |
| How can SSL certificates aid in reconnaissance | Providing information about domains, subdomains, and certificate issuing authorities. |
| How can you use Google Dorks to locate login pages | Using advanced search queries such as "inurl:login" or "intitle:login page." |
| How does a penetration tester use Shodan | To find vulnerabilities and exposed devices on the internet. |
| How does Wayback Machine assist in reconnaissance | Accessing archived versions of websites to uncover outdated and potentially sensitive information. |
| List examples of passive footprinting techniques | Analyzing website metadata, social media profiles, job postings, or public financial records. |
| Name key tools for searching metadata in footprinting | EXIFTool or FOCA for extracting data embedded in images, documents, or PDFs. |
| What are dark web resources used for in footprinting | Finding leaked credentials or sensitive company information. |
| What are DNS zone transfers used for in reconnaissance | Extracting nameserver data to identify network structure and configuration. |
| What does the term 'OSINT' refer to | Open Source Intelligence, information collected from publicly available sources. |
| What is footprinting in ethical hacking | The process of gathering information about a target system to identify vulnerabilities. |
| What is Google Hacking | Leveraging advanced search operators to locate sensitive information in public web pages. |
| What is Maltego used for in penetration testing | Visualizing relationships between entities such as people, domains, and networks for OSINT purposes. |
| What is metadata analysis used for in OSINT | Extracting hidden information such as author names, software versions, or geo-coordinates from shared files. |
| What is the function of Robtex in a reconnaissance task | Analyzing DNS information, IP addresses, and relationships between domains. |
| What is the importance of network topology mapping during reconnaissance | Understanding the structure and layout of a target's network. |
| What is the objective of footprinting in the reconnaissance phase | To gather as much information as possible about a target's systems and infrastructure for planning potential attacks. |
| What is the purpose of email harvesting | Gathering email addresses for targeted phishing or further investigation into the organization. |
| What is the purpose of email spoofing detection during reconnaissance | Identifying vulnerabilities in an organization's email systems that could be exploited for phishing attacks. |
| What is the purpose of spidering a website | Automated crawling of a website to map out its structure and identify sensitive directories or files. |
| What is the relevance of job postings in reconnaissance | Identifying technology, software, or tools in use within the target organization. |
| What is the significance of WHOIS reverse lookup | Determines other domains or IPs owned by the same registrant to expand the scope of investigation. |
| What is WHOIS used for during footprinting | Gathering domain registration details like owner, registrar, and contact information. |
| What role does the Traceroute command play in reconnaissance | Identifying the path packets take to reach a target host. |
| What tools are commonly used for DNS footprinting | Nslookup, Dig, and Whois. |
| Which reconnaissance stage often involves employee profiling | Social engineering to obtain sensitive information from staff by analyzing platforms like LinkedIn or other social media. |
| Which tool can be used for scanning network ports during active reconnaissance | Nmap. |
| Which tools are used for identifying vulnerabilities on web servers during reconnaissance | Nikto and Burp Suite. |
Front
How does Wayback Machine assist in reconnaissance
Click the card to flip
Back
Accessing archived versions of websites to uncover outdated and potentially sensitive information.
Front
How can a penetration tester leverage LinkedIn for reconnaissance
Back
To find details about employees, job roles, and technology stacks used in an organization.
Front
What is the purpose of spidering a website
Back
Automated crawling of a website to map out its structure and identify sensitive directories or files.
Front
What is Maltego used for in penetration testing
Back
Visualizing relationships between entities such as people, domains, and networks for OSINT purposes.
Front
What is the function of Robtex in a reconnaissance task
Back
Analyzing DNS information, IP addresses, and relationships between domains.
Front
Which tools are used for identifying vulnerabilities on web servers during reconnaissance
Back
Nikto and Burp Suite.
Front
What is Google Hacking
Back
Leveraging advanced search operators to locate sensitive information in public web pages.
Front
Explain the purpose of zone walking in reconnaissance
Back
Identifying DNSSEC misconfigurations to gather detailed DNS record data.
Front
What does the term 'OSINT' refer to
Back
Open Source Intelligence, information collected from publicly available sources.
Front
Distinguish between passive and active reconnaissance
Back
Passive does not interact directly with the target; active involves engagement with the target for information gathering.
Front
What is the purpose of email spoofing detection during reconnaissance
Back
Identifying vulnerabilities in an organization's email systems that could be exploited for phishing attacks.
Front
How can you use Google Dorks to locate login pages
Back
Using advanced search queries such as "inurl:login" or "intitle:login page."
Front
What is the purpose of email harvesting
Back
Gathering email addresses for targeted phishing or further investigation into the organization.
Front
How does a penetration tester use Shodan
Back
To find vulnerabilities and exposed devices on the internet.
Front
What is metadata analysis used for in OSINT
Back
Extracting hidden information such as author names, software versions, or geo-coordinates from shared files.
Front
Which reconnaissance stage often involves employee profiling
Back
Social engineering to obtain sensitive information from staff by analyzing platforms like LinkedIn or other social media.
Front
What are DNS zone transfers used for in reconnaissance
Back
Extracting nameserver data to identify network structure and configuration.
Front
What is the importance of network topology mapping during reconnaissance
Back
Understanding the structure and layout of a target's network.
Front
How can SSL certificates aid in reconnaissance
Back
Providing information about domains, subdomains, and certificate issuing authorities.
Front
What is the relevance of job postings in reconnaissance
Back
Identifying technology, software, or tools in use within the target organization.
Front
What role does the Traceroute command play in reconnaissance
Back
Identifying the path packets take to reach a target host.
Front
Define social engineering in the context of reconnaissance
Back
Manipulating individuals to disclose information about a system or organization.
Front
What is the significance of WHOIS reverse lookup
Back
Determines other domains or IPs owned by the same registrant to expand the scope of investigation.
Front
What is WHOIS used for during footprinting
Back
Gathering domain registration details like owner, registrar, and contact information.
Front
What is footprinting in ethical hacking
Back
The process of gathering information about a target system to identify vulnerabilities.
Front
Explain the difference between public and private IP addresses in footprinting
Back
Public IPs are accessible on the internet while private IPs are restricted to internal network use.
Front
What are dark web resources used for in footprinting
Back
Finding leaked credentials or sensitive company information.
Front
List examples of passive footprinting techniques
Back
Analyzing website metadata, social media profiles, job postings, or public financial records.
Front
Name key tools for searching metadata in footprinting
Back
EXIFTool or FOCA for extracting data embedded in images, documents, or PDFs.
Front
Explain the purpose of banner grabbing
Back
Identifying the software and versions running on a target system.
Front
What tools are commonly used for DNS footprinting
Back
Nslookup, Dig, and Whois.
Front
What is the objective of footprinting in the reconnaissance phase
Back
To gather as much information as possible about a target's systems and infrastructure for planning potential attacks.
Front
Which tool can be used for scanning network ports during active reconnaissance
Back
Nmap.
1/33
This deck focuses on techniques and tools used for information gathering, including passive and active reconnaissance methods and common reconnaissance tools.