nerdexam
Cisco

210-255 · Question #138

Which of the following is not an example of reconnaissance?

The correct answer is B. Redirecting users to a source and scanning traffic to learn about the target. Reconnaissance is limited to passively or actively gathering information about a target; redirecting users is an active attack technique that manipulates legitimate traffic flows beyond mere information gathering.

Attack Methods

Question

Which of the following is not an example of reconnaissance?

Options

  • ASearching the robots.txt file
  • BRedirecting users to a source and scanning traffic to learn about the target
  • CScanning without completing the three-way handshake
  • DCommunicating over social media

How the community answered

(18 responses)
  • A
    11% (2)
  • B
    78% (14)
  • C
    6% (1)
  • D
    6% (1)

Why each option

Reconnaissance is limited to passively or actively gathering information about a target; redirecting users is an active attack technique that manipulates legitimate traffic flows beyond mere information gathering.

ASearching the robots.txt file

Searching robots.txt is passive OSINT reconnaissance that reveals restricted paths and site structure without alerting or disrupting the target.

BRedirecting users to a source and scanning traffic to learn about the targetCorrect

Redirecting users to intercept and scan their traffic constitutes a man-in-the-middle style attack technique that actively manipulates network behavior and disrupts normal user sessions. Reconnaissance is defined as gathering information about a target without altering its traffic or deceiving its users, so active redirection crosses the line from information gathering into offensive action.

CScanning without completing the three-way handshake

Half-open SYN scanning is active reconnaissance that enumerates open ports by sending SYN packets without completing the TCP three-way handshake.

DCommunicating over social media

Using social media to gather details about personnel or systems is a recognized OSINT and social engineering reconnaissance technique.

Concept tested: Distinguishing reconnaissance from active attack techniques

Source: https://attack.mitre.org/tactics/TA0043/

Topics

#reconnaissance#attack methods#network scanning#information gathering

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice