GCIH · Question #779
Which activity is considered a direct and riskier form of reconnaissance?
The correct answer is B. Performing an nmap scan. Active reconnaissance involves sending traffic directly to the target, making it detectable and riskier than passive techniques that rely on publicly available data sources.
Question
Which activity is considered a direct and riskier form of reconnaissance?
Options
- AUsing the SpiderFoot API to gather data
- BPerforming an nmap scan
- CCollecting system information through certificate transparency
- DQuerying WHOIS records
How the community answered
(13 responses)- B92% (12)
- C8% (1)
Why each option
Active reconnaissance involves sending traffic directly to the target, making it detectable and riskier than passive techniques that rely on publicly available data sources.
SpiderFoot aggregates publicly available OSINT data (search engines, DNS, social media) without sending probes to the target's own systems, classifying it as passive reconnaissance.
An nmap scan actively transmits network probes (TCP SYN packets, ICMP, UDP, etc.) directly to the target's infrastructure, which can trigger IDS/IPS alerts, appear in firewall logs, and alert the target to reconnaissance activity - making it a direct, higher-risk technique compared to passive OSINT methods.
Certificate transparency logs are publicly maintained by certificate authorities and queried via public APIs without any direct interaction with the target's systems.
WHOIS queries are submitted to public registrar databases maintained by ICANN-accredited registrars, not to the target organization's own infrastructure.
Concept tested: Active vs passive reconnaissance techniques and risk
Source: https://nmap.org/book/man.html
Topics
Community Discussion
No community discussion yet for this question.