During an authorized security assessment, the security team at XYZ Corp is tasked with identifying potential vulnerabilities without alerting the target systems. Which of the following options best describes an method that the security team should employ to gather intelligence without raising suspicion?
You selected this option
Engaging in social engineering calls to the employees
You selected this option
Performing passive DNS analysis
You selected this option
Executing a full network scan to map out live hosts
You selected this option
Running an automated crawler on the company's public website
Performing passive DNS analysis is one of the passive reconnaissance methods used by security professionals to gather historical DNS query data for a domain without directly engaging with the target's network or systems. This can aid in understanding domain relationships and infrastructure without arousing any alerts. On the other hand, network scanning and crawling a company's website would fall under active reconnaissance as this involves sending traffic to the target's systems and could potentially be detected. Social engineering is the act of manipulating people into revealing confidential information, which could be active or passive, but it does not specifically involve gathering intelligence without direct interaction or without being detected.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is passive DNS analysis?
Open an interactive chat with Bash
What is the difference between passive and active reconnaissance?
Open an interactive chat with Bash
Why is social engineering considered a potential risk in security assessments?