Free CompTIA PenTest+ PT0-002 Practice Question
During a passive reconnaissance phase, you are tasked with identifying subdomains related to the target company's main domain to map out its external attack surface. Which method would most effectively yield a comprehensive list of subdomains without actively interacting with the target's systems?
Perform a whois lookup to directly reveal all associated subdomains
Use advanced search operators on search engines to find indexed subdomains
Initiate a DNS zone transfer to get a list of all DNS records
Scan the target's IP address range for DNS services using a network scanner
This question's topic:
CompTIA PenTest+ PT0-002 /
Information Gathering and Vulnerability Scanning
SAVE $49