CompTIA Study Materials
AWS Study Materials
AWS Certified Developer Associate AWS Certified Developer Associate
AWS Certified Developer Associate DVA-C02
AWS Certified Solutions Architect Associate AWS Certified Solutions Architect Associate
AWS Certified Solutions Architect Associate SAA-C03
AWS Cloud Practitioner AWS Cloud Practitioner
AWS Cloud Practitioner CLF-C02
Microsoft Study Materials
Microsoft Azure Fundamentals Microsoft Azure Fundamentals
Microsoft Azure Fundamentals AZ-900

Free CompTIA PenTest+ PT0-002 Practice Question

During a passive reconnaissance phase, you are tasked with identifying subdomains related to the target company's main domain to map out its external attack surface. Which method would most effectively yield a comprehensive list of subdomains without actively interacting with the target's systems?

  • Perform a whois lookup to directly reveal all associated subdomains

  • Scan the target's IP address range for DNS services using a network scanner

  • Use advanced search operators on search engines to find indexed subdomains

  • Initiate a DNS zone transfer to get a list of all DNS records

This question is for objective:
Information Gathering and Vulnerability Scanning
Your Score:
Information Gathering and Vulnerability Scanning
Attacks and Exploits