During the footprinting phase, you must enumerate as many subdomains of the target organization as possible without generating any traffic toward its infrastructure. After harvesting WHOIS data, which of the following techniques best meets this requirement?
Attempt a full DNS zone transfer from the target's authoritative name servers using dig axfr.
Perform an unauthenticated SNMP sweep of the target's gateway to list known hosts.
Run an Nmap TCP SYN and version scan against the target's IP address range.
Query public Certificate Transparency logs (for example, search crt.sh for issued certificates).
Querying public Certificate Transparency (CT) logs through services such as crt.sh is a passive reconnaissance method because the requests are sent only to third-party log servers, never to assets controlled by the target. This can reveal dozens of hostnames that have appeared on publicly logged TLS certificates. An Nmap version scan, an AXFR zone-transfer attempt with dig, and an SNMP sweep all transmit packets directly to the target's systems or name servers, making them active techniques that violate the "no direct contact" constraint.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are Certificate Transparency logs?
Open an interactive chat with Bash
Why is querying Certificate Transparency logs considered passive reconnaissance?
Open an interactive chat with Bash
How does crt.sh help in finding subdomains?
Open an interactive chat with Bash
Why are Certificate Transparency logs useful for subdomain enumeration?
Open an interactive chat with Bash
What are the limitations of Nmap in passive reconnaissance?
Open an interactive chat with Bash
How does a DNS zone transfer differ from querying CT logs?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Reconnaissance Techniques
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .