nerdexam
EC-Council

312-50V10 · Question #704

Your team has won a contract to infiltrate an organization. The company wants to have the attack be as realistic as possible; therefore, they did not provide any information besides the company name.

The correct answer is A. Reconnaissance. With only a company name provided and no prior information, the mandatory first phase of any penetration test is Reconnaissance - gathering publicly available data about the target before any active probing begins.

Footprinting and Reconnaissance

Question

Your team has won a contract to infiltrate an organization. The company wants to have the attack be as realistic as possible; therefore, they did not provide any information besides the company name. What should be the first step in security testing the client?

Options

  • AReconnaissance
  • BEscalation
  • CScanning
  • DEnumeration

How the community answered

(25 responses)
  • A
    92% (23)
  • C
    4% (1)
  • D
    4% (1)

Why each option

With only a company name provided and no prior information, the mandatory first phase of any penetration test is Reconnaissance - gathering publicly available data about the target before any active probing begins.

AReconnaissanceCorrect

Reconnaissance is the foundational first phase of the penetration testing lifecycle, where testers collect open-source and passive information about the target such as domain registrations, IP ranges, employee names, and technology stacks. Without this phase, subsequent steps like scanning and enumeration have no defined scope or targets to work with.

BEscalation

Privilege escalation occurs deep into the attack chain, after initial access has already been established, making it impossible as a first step.

CScanning

Scanning actively probes systems for open ports and services using tools like Nmap, but requires target IP addresses or hostnames that are only identified during prior reconnaissance.

DEnumeration

Enumeration extracts detailed resource information from already-discovered services and requires active hosts and open ports to have been identified first through scanning.

Concept tested: Penetration testing lifecycle - reconnaissance as first phase

Source: http://www.pentest-standard.org/index.php/Intelligence_Gathering

Topics

#penetration testing phases#reconnaissance#information gathering#black box testing

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice