312-50V12 Question #204: Real Exam Question with Answer & Explanation

Question

Jason, a certified ethical hacker, is hired by a major e-commerce company to evaluate their network's security. As part of his reconnaissance, Jason is trying to gain as much information as possible about the company's public-facing servers without arousing suspicion. His goal is to find potential points of entry and map out the network infrastructure for further examination. Which technique should Jason employ to gather this information without alerting the company's intrusion detection systems (IDS)?

Options

• AJason should directly connect to each server and attempt to exploit known vulnerabilities.
• BJason should use passive reconnaissance techniques such as WHOIS lookups, NS lookups, and
• CJason should use a DNS zone transfer to gather information about the company's servers.
• DJason should perform a ping sweep to identify all the live hosts in the company's IP range.

Explanation

Jason needs to gather information about public-facing servers without alerting intrusion detection systems, which necessitates using passive reconnaissance methods.

Common mistakes.

• A. Directly connecting and attempting to exploit vulnerabilities is an active and intrusive attack technique that would immediately alert intrusion detection systems.
• C. A DNS zone transfer is an active query directly to the target's DNS server and, if successful by an unauthorized party, is likely to be logged or flagged as suspicious by security systems.
• D. Performing a ping sweep involves sending active network probes to target hosts, generating traffic that intrusion detection systems are designed to identify as scanning activity.

Concept tested. Passive reconnaissance techniques for security assessments

Reference. https://learn.microsoft.com/en-us/training/modules/threat-intelligence-identify-vulnerabilities/2-reconnaissance

No community discussion yet for this question.