nerdexam
EC-Council

312-50V11 · Question #211

In which phase of the ethical hacking process can Google hacking be employed? This is a technique that involves manipulating a search string with specific operators to search for vulnerabilities. Exam

The correct answer is C. Reconnaissance. Google hacking uses search engine operators to passively gather publicly available information about targets, making it a reconnaissance technique used before any active attack begins.

Footprinting and Reconnaissance

Question

In which phase of the ethical hacking process can Google hacking be employed? This is a technique that involves manipulating a search string with specific operators to search for vulnerabilities. Example:

allintitle: root passwd

Options

  • AMaintaining Access
  • BGaining Access
  • CReconnaissance
  • DScanning and Enumeration

How the community answered

(24 responses)
  • B
    4% (1)
  • C
    92% (22)
  • D
    4% (1)

Why each option

Google hacking uses search engine operators to passively gather publicly available information about targets, making it a reconnaissance technique used before any active attack begins.

AMaintaining Access

Maintaining Access involves installing backdoors and persistence mechanisms after a system is already compromised, not passively searching for vulnerabilities.

BGaining Access

Gaining Access involves actively exploiting already-discovered vulnerabilities to break into systems, not gathering information via search engine queries.

CReconnaissanceCorrect

Reconnaissance is the information-gathering phase where attackers collect data about targets without directly interacting with their systems. Google hacking (also called Google dorking) uses advanced search operators such as 'allintitle:' or 'filetype:' to discover sensitive files, misconfigurations, and indexed vulnerabilities - all passive techniques that place it firmly in the reconnaissance phase of the ethical hacking lifecycle.

DScanning and Enumeration

Scanning and Enumeration involves actively probing target systems with tools like Nmap to discover open ports and services, whereas Google hacking is entirely passive and requires no direct contact with the target.

Concept tested: Google hacking as passive reconnaissance information gathering

Topics

#Google hacking#OSINT#search operators#passive reconnaissance

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice