GCIH · Question #650
When would a web-based reconnaissance tool be preferred over a direct/local reconnaissance tool?
The correct answer is D. To keep traffic from the attacker's system from hitting the target network. Web-based reconnaissance tools query external databases or search engines, so no packets from the attacker ever reach the target network.
Question
When would a web-based reconnaissance tool be preferred over a direct/local reconnaissance tool?
Options
- AWhen more comprehensive TCP port scanning is required than what is offered by local tools
- BIn the event that the target is running third-party web applications
- CWhen the target's employees are using a VPN to connect to the central office
- DTo keep traffic from the attacker's system from hitting the target network
How the community answered
(19 responses)- A5% (1)
- B5% (1)
- C11% (2)
- D79% (15)
Why each option
Web-based reconnaissance tools query external databases or search engines, so no packets from the attacker ever reach the target network.
Local tools like nmap offer far more granular, configurable, and comprehensive TCP port scanning than any web-based reconnaissance service.
Identifying and testing third-party web applications on a target requires direct interaction using local tools like Burp Suite or Nikto, not passive web-based lookups.
A target organization's employees using a VPN affects internal traffic routing but has no bearing on which reconnaissance method an external attacker should choose.
Tools like Shodan or Censys retrieve pre-indexed information about a target from third-party databases, meaning the attacker's IP address never appears in the target's firewall logs, IDS alerts, or web server access logs. This passive approach is preferred when the attacker needs to avoid detection or attribution.
Concept tested: Passive versus active reconnaissance and traffic attribution
Source: https://csrc.nist.gov/publications/detail/sp/800-115/final
Topics
Community Discussion
No community discussion yet for this question.