During a routine assessment, a security analyst is tasked with using OSINT to identify potential vulnerabilities that could affect their organization’s network infrastructure. Which of the following methods would BEST support this activity?
Attending industry conferences to gather insights on common network infrastructure issues
Reviewing the organization’s website source code on the production server for misconfigurations
Analyzing social media profiles of the organization’s IT staff for potential leads on system flaws
Using search engines to discover discussions and reports on new vulnerabilities affecting similar network infrastructure
Utilizing search engines to find information on disclosed vulnerabilities pertaining to the organization's network infrastructure directly aligns with the practice of OSINT. It involves using publicly available resources to uncover potential risks that need to be addressed. Social media profiles tend not to reveal technical vulnerabilities of network infrastructure components. Reviewing the organization’s own website source code can be part of a security review, but it does not encompass the collection of OSINT. Attending industry conferences is a good practice for professional development and networking, but it may not specifically yield the actionable vulnerability data that can be found through targeted online searches.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is OSINT in cybersecurity?
Open an interactive chat with Bash
Why are search engines effective for discovering vulnerabilities?
Open an interactive chat with Bash
What are some limitations of OSINT for vulnerability assessment?