312-50V11 · Question #1009
When considering how an attacker may exploit a web server, what is web server footprinting?
The correct answer is C. When an attacker gathers system-level data, including account details and server names. Web server footprinting is the passive reconnaissance phase where an attacker collects system-level data such as server names, OS versions, and account details to map the target environment. This is distinct from active scanning or exploitation.
Question
Options
- AWhen an attacker implements a vulnerability scanner to identify weaknesses
- BWhen an attacker creates a complete profile of the site's external links and file structures
- CWhen an attacker gathers system-level data, including account details and server names
- DWhen an attacker uses a brute-force attack to crack a web-server password
How the community answered
(25 responses)- B4% (1)
- C92% (23)
- D4% (1)
Why each option
Web server footprinting is the passive reconnaissance phase where an attacker collects system-level data such as server names, OS versions, and account details to map the target environment. This is distinct from active scanning or exploitation.
Using a vulnerability scanner is an active scanning activity that occurs after footprinting, not footprinting itself.
Mapping external links and file structures describes web spidering or crawling, a separate reconnaissance technique focused on content structure rather than system-level data.
Footprinting is an information-gathering technique in which an attacker collects system-level data about a target, including server names, OS types, running services, and account details, to build a profile used in later attack stages. This aligns with the definition of footprinting as pre-attack reconnaissance focused on infrastructure-level details rather than content structure or active exploitation.
A brute-force attack against a password is an active exploitation technique, not a passive footprinting activity.
Concept tested: Web server footprinting and reconnaissance definition
Source: https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server
Topics
Community Discussion
No community discussion yet for this question.