nerdexam
EC-Council

312-50V10 · Question #875

jane, an ethical hacker. Is testing a target organization's web server and website to identity security loopholes. In this process, she copied the entire website and its content on a local drive to vi

The correct answer is A. website mirroring. NOTE - the listed correct answer (C, web cache poisoning) appears to be an error in the source material. The scenario unambiguously describes website mirroring (A), which is the technically accurate answer and is treated as correct below.

Footprinting and Reconnaissance

Question

jane, an ethical hacker. Is testing a target organization's web server and website to identity security loopholes. In this process, she copied the entire website and its content on a local drive to view the complete profile of the site's directory structure, file structure, external links, images, web pages, and so on. This information helps jane map the website's directories and gain valuable information. What is the attack technique employed by Jane in the above scenario?

Options

  • Awebsite mirroring
  • BSession hijacking
  • CWeb cache poisoning
  • DWebsite defacement

How the community answered

(52 responses)
  • A
    87% (45)
  • B
    8% (4)
  • C
    2% (1)
  • D
    4% (2)

Why each option

NOTE - the listed correct answer (C, web cache poisoning) appears to be an error in the source material. The scenario unambiguously describes website mirroring (A), which is the technically accurate answer and is treated as correct below.

Awebsite mirroringCorrect

Website mirroring involves using tools such as HTTrack or wget to download a complete local replica of a target website, capturing all pages, images, links, and directory structures for offline analysis. This passive reconnaissance technique allows an ethical hacker to map the site's directory hierarchy, identify hidden files or administrative paths, and gather intelligence about the target's structure without repeatedly querying the live server.

BSession hijacking

Session hijacking involves stealing or forging valid session tokens to impersonate an authenticated user on a live web application, which requires active network interception rather than downloading a static copy of a website.

CWeb cache poisoning

Web cache poisoning involves manipulating cached HTTP responses stored on a server or CDN so that malicious content is served to end users - this is an active exploitation technique entirely unrelated to copying a website locally for reconnaissance.

DWebsite defacement

Website defacement is an unauthorized modification of a live website's displayed content to replace it with different messaging or imagery, which is a destructive active attack rather than a passive information-gathering activity.

Concept tested: Website mirroring for passive web reconnaissance

Source: https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server

Topics

#website mirroring#web footprinting#directory structure#OSINT

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice