nerdexam
EC-Council

312-50V13 · Question #449

When considering how an attacker may exploit a web server, what is web server footprinting?

The correct answer is C. When an attacker gathers system-level data, including account details and server names. Web server footprinting is the initial information-gathering phase where an attacker collects detailed system-level data about a target web server.

Submitted by eva_at· Mar 6, 2026Footprinting and Reconnaissance

Question

When considering how an attacker may exploit a web server, what is web server footprinting?

Options

  • AWhen an attacker implements a vulnerability scanner to identify weaknesses
  • BWhen an attacker creates a complete profile of the site's external links and file structures
  • CWhen an attacker gathers system-level data, including account details and server names
  • DWhen an attacker uses a brute-force attack to crack a web-server password

How the community answered

(26 responses)
  • A
    4% (1)
  • B
    8% (2)
  • C
    88% (23)

Why each option

Web server footprinting is the initial information-gathering phase where an attacker collects detailed system-level data about a target web server.

AWhen an attacker implements a vulnerability scanner to identify weaknesses

Implementing a vulnerability scanner is a specific method used to identify weaknesses after footprinting, not the definition of footprinting itself.

BWhen an attacker creates a complete profile of the site's external links and file structures

Creating a complete profile of a site's external links and file structures is part of web application mapping, which is related but distinct from the comprehensive system-level focus of 'web server' footprinting.

CWhen an attacker gathers system-level data, including account details and server namesCorrect

Web server footprinting is the reconnaissance phase where an attacker systematically gathers system-level information about the target web server. This includes details such as server names, operating system types and versions, web server software and versions, installed applications, and sometimes even account details, all aimed at identifying potential vulnerabilities and attack vectors.

DWhen an attacker uses a brute-force attack to crack a web-server password

Using a brute-force attack to crack a web-server password is an exploitation technique, not an information-gathering (footprinting) activity.

Concept tested: Web server footprinting

Source: https://www.eccouncil.org/cybersecurity-exchange/ethical-hacking/what-is-footprinting/

Topics

#web server footprinting#reconnaissance#system-level data#server names

Community Discussion

No community discussion yet for this question.

Full 312-50V13 Practice