nerdexam
EC-Council

312-50V11 · Question #1028

Lewis, a professional hacker, targeted the loT cameras and devices used by a target venture- capital firm. He used an information-gathering tool to collect information about the loT devices connected

The correct answer is A. Censys. Censys is an Internet-wide scanning and reconnaissance platform used to discover IoT devices, open ports, services, and generate statistical usage reports across the public Internet.

IoT and OT Hacking

Question

Lewis, a professional hacker, targeted the loT cameras and devices used by a target venture- capital firm. He used an information-gathering tool to collect information about the loT devices connected to a network, open ports and services, and the attack surface area. Using this tool, he also generated statistical reports on broad usage patterns and trends. This tool helped Lewis continually monitor every reachable server and device on the Internet, further allowing him to exploit these devices in the network. Which of the following tools was employed by Lewis in the above scenario?

Options

  • ACensys
  • BWapiti
  • CNeuVector
  • DLacework

How the community answered

(40 responses)
  • A
    93% (37)
  • B
    5% (2)
  • D
    3% (1)

Why each option

Censys is an Internet-wide scanning and reconnaissance platform used to discover IoT devices, open ports, services, and generate statistical usage reports across the public Internet.

ACensysCorrect

Censys continuously scans the entire IPv4 address space to index devices, open ports, running services, and TLS certificates, providing statistical trend reports and an attack surface view - exactly matching the scenario. It allows attackers to discover and profile IoT devices and servers reachable on the Internet for exploitation purposes.

BWapiti

Wapiti is a web application vulnerability scanner that audits web app security by injecting payloads, not a broad Internet-wide device discovery and statistical reporting tool.

CNeuVector

NeuVector is a container and Kubernetes security platform focused on runtime protection and network segmentation, not Internet-wide IoT reconnaissance.

DLacework

Lacework is a cloud workload and configuration security platform providing compliance and anomaly detection, not a tool for scanning the public Internet for IoT devices and open ports.

Concept tested: IoT reconnaissance using Internet-wide scanning tools

Source: https://censys.io/product/

Topics

#Censys#IoT reconnaissance#attack surface#network scanning

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice