Bash, the Crucial Exams Chat Bot
AI Bot
Footprinting and Reconnaissance (CEH) Flashcards
Certified Ethical Hacker (CEH) Flashcards
| Front | Back |
| Define social engineering in the context of reconnaissance | Manipulating individuals to disclose information about a system or organization. |
| Distinguish between passive and active reconnaissance | Passive does not interact directly with the target; active involves engagement with the target for information gathering. |
| Explain the difference between public and private IP addresses in footprinting | Public IPs are accessible on the internet while private IPs are restricted to internal network use. |
| Explain the purpose of banner grabbing | Identifying the software and versions running on a target system. |
| Explain the purpose of zone walking in reconnaissance | Identifying DNSSEC misconfigurations to gather detailed DNS record data. |
| How can a penetration tester leverage LinkedIn for reconnaissance | To find details about employees, job roles, and technology stacks used in an organization. |
| How can SSL certificates aid in reconnaissance | Providing information about domains, subdomains, and certificate issuing authorities. |
| How can you use Google Dorks to locate login pages | Using advanced search queries such as "inurl:login" or "intitle:login page." |
| How does a penetration tester use Shodan | To find vulnerabilities and exposed devices on the internet. |
| How does Wayback Machine assist in reconnaissance | Accessing archived versions of websites to uncover outdated and potentially sensitive information. |
| List examples of passive footprinting techniques | Analyzing website metadata, social media profiles, job postings, or public financial records. |
| Name key tools for searching metadata in footprinting | EXIFTool or FOCA for extracting data embedded in images, documents, or PDFs. |
| What are dark web resources used for in footprinting | Finding leaked credentials or sensitive company information. |
| What are DNS zone transfers used for in reconnaissance | Extracting nameserver data to identify network structure and configuration. |
| What does the term 'OSINT' refer to | Open Source Intelligence, information collected from publicly available sources. |
| What is footprinting in ethical hacking | The process of gathering information about a target system to identify vulnerabilities. |
| What is Google Hacking | Leveraging advanced search operators to locate sensitive information in public web pages. |
| What is Maltego used for in penetration testing | Visualizing relationships between entities such as people, domains, and networks for OSINT purposes. |
| What is metadata analysis used for in OSINT | Extracting hidden information such as author names, software versions, or geo-coordinates from shared files. |
| What is the function of Robtex in a reconnaissance task | Analyzing DNS information, IP addresses, and relationships between domains. |
| What is the importance of network topology mapping during reconnaissance | Understanding the structure and layout of a target's network. |
| What is the objective of footprinting in the reconnaissance phase | To gather as much information as possible about a target's systems and infrastructure for planning potential attacks. |
| What is the purpose of email harvesting | Gathering email addresses for targeted phishing or further investigation into the organization. |
| What is the purpose of email spoofing detection during reconnaissance | Identifying vulnerabilities in an organization's email systems that could be exploited for phishing attacks. |
| What is the purpose of spidering a website | Automated crawling of a website to map out its structure and identify sensitive directories or files. |
| What is the relevance of job postings in reconnaissance | Identifying technology, software, or tools in use within the target organization. |
| What is the significance of WHOIS reverse lookup | Determines other domains or IPs owned by the same registrant to expand the scope of investigation. |
| What is WHOIS used for during footprinting | Gathering domain registration details like owner, registrar, and contact information. |
| What role does the Traceroute command play in reconnaissance | Identifying the path packets take to reach a target host. |
| What tools are commonly used for DNS footprinting | Nslookup, Dig, and Whois. |
| Which reconnaissance stage often involves employee profiling | Social engineering to obtain sensitive information from staff by analyzing platforms like LinkedIn or other social media. |
| Which tool can be used for scanning network ports during active reconnaissance | Nmap. |
| Which tools are used for identifying vulnerabilities on web servers during reconnaissance | Nikto and Burp Suite. |
This deck focuses on techniques and tools used for information gathering, including passive and active reconnaissance methods and common reconnaissance tools.