During a project, a company wants to check if an unencrypted database platform might be accessible from the internet. You decide to conduct searches with a specialized tool to locate endpoints that communicate on the port linked to that database. Which method is appropriate for verifying the presence of that publicly facing instance?
Conduct multi-stage searches centered on the environment's names, skipping cryptographic data
Schedule a script to repeatedly send probes from various locations to detect accessible ports
Use filters by port number and gather further details about known weaknesses
Rely on the platform's domain-based searches with a wildcard aimed at additional names
Filtering by port and gathering vulnerability data through specialized queries lets a tester discover potential exposures and see associated details—such as cryptographic support—without relying on domain searches alone. Searching just for subdomains usually focuses on names rather than open services. Omitting cryptographic insights can overlook vital clues about the environment. Repeated pings from multiple vantage points is not an optimized reconnaissance technique with the tool and lacks relevant service metadata.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What specialized tools are commonly used to filter by port and gather vulnerability data?
Open an interactive chat with Bash
Why is filtering by port important during reconnaissance?
Open an interactive chat with Bash
What are some risks of having unencrypted database platforms exposed to the internet?