A cybersecurity analyst at XYZ corporation has been tasked with identifying exposed services and entry points on their corporate network that could be targeted by external adversaries. The organization has a web presence with multiple domains and deploys various internet-facing applications. Which technique should the analyst employ to effectively gather information about the organization's external attack surface?
Reviewing internal network configurations for potential leaks
Using a domain name enumeration tool
Using a search engine to gather information about the company's web presence
Conducting an employee survey to understand the use of cloud services
Using a search engine to gather information about the company's web presence is an essential step in edge discovery but does not provide a comprehensive view of the exposed services and network entry points. The correct answer, Using a domain name enumeration tool, is the correct choice because such tools gather DNS records, subdomains, and host information that reveal the structure of the organization's internet-facing assets, which is crucial for properly assessing the attack surface. Reviewing internal network configurations would not provide visibility into external-facing assets. Conducting an employee survey would not directly identify technical assets and exposed services and is, therefore, not the correct method for edge discovery in this context.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is domain name enumeration and how does it work?
Open an interactive chat with Bash
What are some commonly used domain name enumeration tools?
Open an interactive chat with Bash
Why is it important to assess an organization's external attack surface?