A company posted an announcement about moving to a new microservice infrastructure for its internal applications. Which approach uncovers extra information about the systems hosting these services?
Run multiple login attempts with collected passes
Search domain records for subdomains
Read restricted logs that detail service usage
Use compromised credentials from a public repository
Inspecting domain name records provides a clearer view of possible hidden subdomains linked to specialized services. Reviewing these records reveals unique endpoints associated with the new microservice infrastructure, which can expose further details for reconnaissance. Looking for credentials in a public repository involves risk of reliance on compromised data that may not exist for the target. Conducting multiple login attempts with known password dumps focuses on brute force rather than discovering host details. Reading logs that are restricted is not feasible without authorization.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are subdomains and why are they useful in reconnaissance?
Open an interactive chat with Bash
How can you search for domain records to find subdomains?
Open an interactive chat with Bash
What are the risks of relying on compromised credentials for reconnaissance?