nerdexam
EC-Council

312-50V10 · Question #484

A company recently hired your team of Ethical Hackers to test the security of their network systems. The company wants to have the attack be as realistic as possible. They did not provide any informat

The correct answer is B. Reconnaissance. When given only a company name and no other information, ethical hackers begin with reconnaissance to passively and actively gather information before any active testing can occur.

Footprinting and Reconnaissance

Question

A company recently hired your team of Ethical Hackers to test the security of their network systems. The company wants to have the attack be as realistic as possible. They did not provide any information besides the name of their company. What phase of security testing would your team jump in right away?

Options

  • AScanning
  • BReconnaissance
  • CEscalation
  • DEnumeration

How the community answered

(65 responses)
  • A
    6% (4)
  • B
    89% (58)
  • C
    3% (2)
  • D
    2% (1)

Why each option

When given only a company name and no other information, ethical hackers begin with reconnaissance to passively and actively gather information before any active testing can occur.

AScanning

Scanning occurs after reconnaissance, once the tester has identified IP ranges, domains, and live hosts to actively probe for open ports and services.

BReconnaissanceCorrect

Reconnaissance is the first phase of the ethical hacking methodology, used to collect as much information as possible about the target using the minimal input provided (such as a company name). Both passive techniques (OSINT, DNS lookups, WHOIS) and active techniques are applied here to build a target profile before proceeding to scanning or enumeration.

CEscalation

Escalation (privilege escalation) is a late-phase activity that occurs after initial access has already been gained - it cannot be the starting point.

DEnumeration

Enumeration follows scanning and is used to extract detailed information like user accounts and shares from systems already identified as active targets.

Concept tested: Ethical hacking phases - reconnaissance as entry point

Source: https://www.eccouncil.org/cybersecurity-exchange/ethical-hacking/hacking-phases/

Topics

#black box testing#reconnaissance#pen testing phases

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice