A penetration tester has been assigned to perform an external penetration assessment of a company.
Which of the following steps would BEST help with the passive-information-gathering process? (Choose two.)
A . Wait outside of the company’s building and attempt to tailgate behind an employee.
B . Perform a vulnerability scan against the company’s external netblock, identify exploitable vulnerabilities, and attempt to gain access.
C . Use domain and IP registry websites to identify the company’s external netblocks and external facing applications.
D . Search social media for information technology employees who post information about the technologies they work with.
E . Identify the company’s external facing webmail application, enumerate user accounts and attempt password guessing to gain access.
Answer: D,E
Leave a Reply