312-50V10 · Question #875
jane, an ethical hacker. Is testing a target organization's web server and website to identity security loopholes. In this process, she copied the entire website and its content on a local drive to vi
The correct answer is A. website mirroring. NOTE - the listed correct answer (C, web cache poisoning) appears to be an error in the source material. The scenario unambiguously describes website mirroring (A), which is the technically accurate answer and is treated as correct below.
Question
jane, an ethical hacker. Is testing a target organization's web server and website to identity security loopholes. In this process, she copied the entire website and its content on a local drive to view the complete profile of the site's directory structure, file structure, external links, images, web pages, and so on. This information helps jane map the website's directories and gain valuable information. What is the attack technique employed by Jane in the above scenario?
Options
- Awebsite mirroring
- BSession hijacking
- CWeb cache poisoning
- DWebsite defacement
How the community answered
(52 responses)- A87% (45)
- B8% (4)
- C2% (1)
- D4% (2)
Why each option
NOTE - the listed correct answer (C, web cache poisoning) appears to be an error in the source material. The scenario unambiguously describes website mirroring (A), which is the technically accurate answer and is treated as correct below.
Website mirroring involves using tools such as HTTrack or wget to download a complete local replica of a target website, capturing all pages, images, links, and directory structures for offline analysis. This passive reconnaissance technique allows an ethical hacker to map the site's directory hierarchy, identify hidden files or administrative paths, and gather intelligence about the target's structure without repeatedly querying the live server.
Session hijacking involves stealing or forging valid session tokens to impersonate an authenticated user on a live web application, which requires active network interception rather than downloading a static copy of a website.
Web cache poisoning involves manipulating cached HTTP responses stored on a server or CDN so that malicious content is served to end users - this is an active exploitation technique entirely unrelated to copying a website locally for reconnaissance.
Website defacement is an unauthorized modification of a live website's displayed content to replace it with different messaging or imagery, which is a destructive active attack rather than a passive information-gathering activity.
Concept tested: Website mirroring for passive web reconnaissance
Source: https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server
Topics
Community Discussion
No community discussion yet for this question.