GIAC
GCIH · Question #650
GCIH Question #650: Real Exam Question with Answer & Explanation
The correct answer is D: To keep traffic from the attacker's system from hitting the target network. Web-based reconnaissance tools query external databases or search engines, so no packets from the attacker ever reach the target network.
Reconnaissance, Scanning, and Enumeration
Question
When would a web-based reconnaissance tool be preferred over a direct/local reconnaissance tool?
Options
- AWhen more comprehensive TCP port scanning is required than what is offered by local tools
- BIn the event that the target is running third-party web applications
- CWhen the target's employees are using a VPN to connect to the central office
- DTo keep traffic from the attacker's system from hitting the target network
Explanation
Web-based reconnaissance tools query external databases or search engines, so no packets from the attacker ever reach the target network.
Common mistakes.
- A. Local tools like nmap offer far more granular, configurable, and comprehensive TCP port scanning than any web-based reconnaissance service.
- B. Identifying and testing third-party web applications on a target requires direct interaction using local tools like Burp Suite or Nikto, not passive web-based lookups.
- C. A target organization's employees using a VPN affects internal traffic routing but has no bearing on which reconnaissance method an external attacker should choose.
Concept tested. Passive versus active reconnaissance and traffic attribution
Reference. https://csrc.nist.gov/publications/detail/sp/800-115/final
Topics
#web-based reconnaissance#OSINT#operational security#traffic obfuscation
Community Discussion
No community discussion yet for this question.