nerdexam
GIAC

GCIH · Question #779

Which activity is considered a direct and riskier form of reconnaissance?

The correct answer is B. Performing an nmap scan. Active reconnaissance involves sending traffic directly to the target, making it detectable and riskier than passive techniques that rely on publicly available data sources.

Reconnaissance, Scanning, and Enumeration

Question

Which activity is considered a direct and riskier form of reconnaissance?

Options

  • AUsing the SpiderFoot API to gather data
  • BPerforming an nmap scan
  • CCollecting system information through certificate transparency
  • DQuerying WHOIS records

How the community answered

(13 responses)
  • B
    92% (12)
  • C
    8% (1)

Why each option

Active reconnaissance involves sending traffic directly to the target, making it detectable and riskier than passive techniques that rely on publicly available data sources.

AUsing the SpiderFoot API to gather data

SpiderFoot aggregates publicly available OSINT data (search engines, DNS, social media) without sending probes to the target's own systems, classifying it as passive reconnaissance.

BPerforming an nmap scanCorrect

An nmap scan actively transmits network probes (TCP SYN packets, ICMP, UDP, etc.) directly to the target's infrastructure, which can trigger IDS/IPS alerts, appear in firewall logs, and alert the target to reconnaissance activity - making it a direct, higher-risk technique compared to passive OSINT methods.

CCollecting system information through certificate transparency

Certificate transparency logs are publicly maintained by certificate authorities and queried via public APIs without any direct interaction with the target's systems.

DQuerying WHOIS records

WHOIS queries are submitted to public registrar databases maintained by ICANN-accredited registrars, not to the target organization's own infrastructure.

Concept tested: Active vs passive reconnaissance techniques and risk

Source: https://nmap.org/book/man.html

Topics

#active reconnaissance#nmap scan#passive vs active recon#risk comparison

Community Discussion

No community discussion yet for this question.

Full GCIH Practice