Bash, the Crucial Exams Chat Bot
AI Bot
Reconnaissance and Footprinting Methods Flashcards
CompTIA PenTest+ PT0-002 Flashcards
Study our Reconnaissance and Footprinting Methods flashcards for the CompTIA PenTest+ PT0-002 exam with 30+ flashcards. View as flashcards, a searchable table, or as a fun matching game.
| Front | Back |
| Define OSINT | Open Source Intelligence - information collected from publicly available sources such as websites, social media, public records, and publications |
| How can archived websites be useful in reconnaissance? | They may contain sensitive information that has been removed from current versions but remains accessible through archives like the Wayback Machine |
| How can metadata in documents reveal sensitive information? | May contain author names, organization details, software versions, creation dates, and other hidden information |
| How can social media be used in reconnaissance? | To build profiles of individuals, understand organizational structure, track activities, and identify potential vulnerabilities |
| How does DNS interrogation help in reconnaissance? | Reveals domain name information, mail servers, IP addresses, and potential internal network structure |
| How does Shodan differ from regular search engines? | Shodan indexes internet-connected devices rather than websites, allowing discovery of exposed systems and services |
| Name three common OSINT frameworks | Maltego, OSINT Framework, SpiderFoot |
| What are the main categories of DNS records useful in reconnaissance? | A (address), MX (mail exchange), NS (name server), SOA (start of authority), TXT (text), CNAME (canonical name) |
| What information can be obtained from WHOIS lookups? | Domain registrant information, contact details, registration dates, name servers, and registrar information |
| What information can LinkedIn provide during reconnaissance? | Company structure, employee names, job titles, professional backgrounds, and potential internal technologies |
| What is a network topology map? | Visual representation of how devices are connected on a network, showing the arrangement of nodes and their connections |
| What is active reconnaissance? | Direct interaction with a target system to gather information; includes port scanning, DNS queries, and network mapping |
| What is DNS zone transfer? | Process of copying DNS zone files from a primary DNS server to secondary servers; can reveal internal network structure if misconfigured |
| What is fingerprinting in the context of reconnaissance? | Identifying the specific operating systems, services, or applications running on target systems |
| What is footprinting? | Systematic method of gathering target information to create a profile of an organization's security posture |
| What is geolocation in reconnaissance? | Identifying the physical location of target systems or infrastructure |
| What is Google dorking? | Using advanced search operators in Google to find specific information or vulnerabilities in websites |
| What is harvesting email addresses? | Collecting email addresses associated with a target organization to identify potential points of contact or targets for social engineering |
| What is horizontal scanning? | Scanning multiple hosts for a specific port or service |
| What is Maltego used for? | Visual link analysis for gathering and connecting information for reconnaissance investigations |
| What is meant by "the attack surface"? | The sum of all points where an unauthorized user can attempt to enter or extract data from an environment |
| What is passive reconnaissance? | Gathering information about a target without direct interaction; includes techniques like analyzing public records, social media, and search engine results |
| What is Recon-ng? | A full-featured reconnaissance framework designed for web-based information gathering |
| What is social engineering in the context of reconnaissance? | Manipulating people to divulge confidential information through pretexting, phishing, or impersonation |
| What is subdomain enumeration? | Process of finding valid subdomains for a domain to expand the potential attack surface |
| What is the purpose of Banner Grabbing? | Technique to obtain information about systems on a network by retrieving banners from services that display version information |
| What is the purpose of the traceroute command? | Maps the route packets take from your computer to a destination, revealing network topology information |
| What is vertical scanning? | Scanning a single host for multiple ports or services |
| What tool can create visual network maps from traceroute data? | Zenmap (Nmap's GUI) or Visual Trace Route tools |
| What tool is commonly used for DNS enumeration? | nslookup, dig, or host commands |