nerdexam
EC-Council

312-50V11 · Question #1009

When considering how an attacker may exploit a web server, what is web server footprinting?

The correct answer is C. When an attacker gathers system-level data, including account details and server names. Web server footprinting is the passive reconnaissance phase where an attacker collects system-level data such as server names, OS versions, and account details to map the target environment. This is distinct from active scanning or exploitation.

Hacking Web Servers

Question

When considering how an attacker may exploit a web server, what is web server footprinting?

Options

  • AWhen an attacker implements a vulnerability scanner to identify weaknesses
  • BWhen an attacker creates a complete profile of the site's external links and file structures
  • CWhen an attacker gathers system-level data, including account details and server names
  • DWhen an attacker uses a brute-force attack to crack a web-server password

How the community answered

(25 responses)
  • B
    4% (1)
  • C
    92% (23)
  • D
    4% (1)

Why each option

Web server footprinting is the passive reconnaissance phase where an attacker collects system-level data such as server names, OS versions, and account details to map the target environment. This is distinct from active scanning or exploitation.

AWhen an attacker implements a vulnerability scanner to identify weaknesses

Using a vulnerability scanner is an active scanning activity that occurs after footprinting, not footprinting itself.

BWhen an attacker creates a complete profile of the site's external links and file structures

Mapping external links and file structures describes web spidering or crawling, a separate reconnaissance technique focused on content structure rather than system-level data.

CWhen an attacker gathers system-level data, including account details and server namesCorrect

Footprinting is an information-gathering technique in which an attacker collects system-level data about a target, including server names, OS types, running services, and account details, to build a profile used in later attack stages. This aligns with the definition of footprinting as pre-attack reconnaissance focused on infrastructure-level details rather than content structure or active exploitation.

DWhen an attacker uses a brute-force attack to crack a web-server password

A brute-force attack against a password is an active exploitation technique, not a passive footprinting activity.

Concept tested: Web server footprinting and reconnaissance definition

Source: https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server

Topics

#web server footprinting#information gathering#server reconnaissance#account enumeration

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice