PT0-002 · Question #375
PT0-002 Question #375: Real Exam Question with Answer & Explanation
The correct answer is A: Open-source research. Open-source research (OSINT) involves gathering publicly available information and generates no traffic against the target, making it virtually undetectable. Passive traffic sniffing on a compromised network segment also allows data collection without actively interacting with or
Question
A penetration tester wants to perform reconnaissance without being detected. Which of the following activities have a minimal chance of detection? (Choose two.)
Options
- AOpen-source research
- BA ping sweep
- CTraffic sniffing
- DPort knocking
- EA vulnerability scan
- FAn Nmap scan
Explanation
Open-source research (OSINT) involves gathering publicly available information and generates no traffic against the target, making it virtually undetectable. Passive traffic sniffing on a compromised network segment also allows data collection without actively interacting with or scanning target systems, thereby minimizing detection risk.
Common mistakes.
- B. A ping sweep involves sending ICMP echo requests to a range of IP addresses, which is an active network scan and can be detected by firewalls and intrusion detection systems (IDS).
- D. Port knocking involves sending a sequence of connection attempts to closed ports to open another port, which is an active and distinct pattern of network traffic that can be easily detected.
- E. A vulnerability scan actively probes target systems for known weaknesses, generating significant network traffic and often triggering security alerts.
- F. An Nmap scan (without passive flags) actively sends probes to target systems to discover open ports, services, and operating systems, which is highly detectable by network monitoring tools.
Concept tested. Passive vs. active reconnaissance, detection avoidance
Topics
Community Discussion
No community discussion yet for this question.