CompTIA
CAS-003 · Question #347
CAS-003 Question #347: Real Exam Question with Answer & Explanation
The correct answer is A: dnsrecon -d company.org -t SOA. During black-box SMTP reconnaissance, querying the SOA record via dnsrecon establishes the authoritative nameserver context needed to enumerate DNS records including mail infrastructure.
Question
Company.org has requested a black-box security assessment be performed on key cyber terrain. On area of concern is the company's SMTP services. The security assessor wants to run reconnaissance before taking any additional action and wishes to determine which SMTP server is Internet-facing. Which of the following commands should the assessor use to determine this information?
Options
- Adnsrecon -d company.org -t SOA
- Bdig company.org mx
- Cnc -v company.org
- Dwhois company.org
Explanation
During black-box SMTP reconnaissance, querying the SOA record via dnsrecon establishes the authoritative nameserver context needed to enumerate DNS records including mail infrastructure.
Common mistakes.
- B. While 'dig company.org mx' directly returns MX records, it relies on recursive resolvers and does not establish the authoritative source needed for thorough black-box DNS reconnaissance.
- C. nc -v company.org attempts a TCP connection to the host but performs no DNS enumeration and does not identify which SMTP server is Internet-facing.
- D. whois company.org returns registrar and administrative contact information, not DNS mail exchange or SMTP server details.
Concept tested. DNS reconnaissance for SMTP server identification
Reference. https://github.com/darkoperator/dnsrecon
Community Discussion
No community discussion yet for this question.