nerdexam
EC-Council

312-50V11 · Question #782

Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatting, and names of th

The correct answer is C. Reconnaissance. Reconnaissance is the pre-attack information gathering phase where attackers research a target to collect details used in crafting convincing attacks like phishing.

Footprinting and Reconnaissance

Question

Hackers often raise the trust level of a phishing message by modeling the email to look similar to the internal email used by the target company. This includes using logos, formatting, and names of the target company. The phishing message will often use the name of the company CEO, President, or Managers. The time a hacker spends performing research to locate this information about a company is known as?

Options

  • AExploration
  • BInvestigation
  • CReconnaissance
  • DEnumeration

How the community answered

(25 responses)
  • B
    8% (2)
  • C
    88% (22)
  • D
    4% (1)

Why each option

Reconnaissance is the pre-attack information gathering phase where attackers research a target to collect details used in crafting convincing attacks like phishing.

AExploration

Exploration is not a recognized phase in standard cybersecurity attack frameworks such as the Cyber Kill Chain or MITRE ATT&CK.

BInvestigation

Investigation is a term used in incident response and digital forensics contexts, not in the attacker pre-attack information gathering phase.

CReconnaissanceCorrect

Reconnaissance is the formal cybersecurity term for the initial phase of an attack where adversaries collect information about a target, including company structure, personnel names, logos, and internal communication styles. This intelligence is then used to craft convincing spear-phishing or social engineering attacks that appear legitimate to recipients.

DEnumeration

Enumeration is a specific technical process of systematically listing network resources, users, or services - not the broader research phase of gathering organizational and personnel intelligence.

Concept tested: Attacker reconnaissance phase in social engineering

Source: https://attack.mitre.org/tactics/TA0043/

Topics

#phishing#reconnaissance#social engineering#OSINT

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice