During an authorized security assessment, the security team at XYZ Corp is tasked with identifying potential vulnerabilities without alerting the target systems. Which of the following options best describes a method that the security team should employ to gather intelligence without raising suspicion?
Performing passive DNS analysis
Engaging in social engineering calls to the employees
Running an automated crawler on the company's public website
Executing a full network scan to map out live hosts
Performing passive DNS analysis is a passive reconnaissance method used to gather historical DNS data for a domain without directly interacting with the target's systems. This technique helps in mapping the target's infrastructure without triggering alerts. In contrast, a full network scan and running an automated website crawler are forms of active reconnaissance, as they involve sending packets and requests directly to the target's network and can be detected. Similarly, making social engineering calls is an active method that involves direct interaction with the company's employees.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is passive DNS analysis?
Open an interactive chat with Bash
What is the difference between passive and active reconnaissance?
Open an interactive chat with Bash
Why is social engineering considered a potential risk in security assessments?