210-255 · Question #138
Which of the following is not an example of reconnaissance?
The correct answer is B. Redirecting users to a source and scanning traffic to learn about the target. Reconnaissance is limited to passively or actively gathering information about a target; redirecting users is an active attack technique that manipulates legitimate traffic flows beyond mere information gathering.
Question
Which of the following is not an example of reconnaissance?
Options
- ASearching the robots.txt file
- BRedirecting users to a source and scanning traffic to learn about the target
- CScanning without completing the three-way handshake
- DCommunicating over social media
How the community answered
(18 responses)- A11% (2)
- B78% (14)
- C6% (1)
- D6% (1)
Why each option
Reconnaissance is limited to passively or actively gathering information about a target; redirecting users is an active attack technique that manipulates legitimate traffic flows beyond mere information gathering.
Searching robots.txt is passive OSINT reconnaissance that reveals restricted paths and site structure without alerting or disrupting the target.
Redirecting users to intercept and scan their traffic constitutes a man-in-the-middle style attack technique that actively manipulates network behavior and disrupts normal user sessions. Reconnaissance is defined as gathering information about a target without altering its traffic or deceiving its users, so active redirection crosses the line from information gathering into offensive action.
Half-open SYN scanning is active reconnaissance that enumerates open ports by sending SYN packets without completing the TCP three-way handshake.
Using social media to gather details about personnel or systems is a recognized OSINT and social engineering reconnaissance technique.
Concept tested: Distinguishing reconnaissance from active attack techniques
Source: https://attack.mitre.org/tactics/TA0043/
Topics
Community Discussion
No community discussion yet for this question.