Part 2: Reconnaissance & Footprinting (15 Questions)

1. What is the main goal of the reconnaissance phase in ethical hacking?

• A) Exploiting vulnerabilities

• B) Identifying security controls

• C) Gathering target information

• D) Delivering payloads

Answer: C) Gathering target information

Explanation: Reconnaissance involves collecting details like domains, IPs, employee info, and network architecture.

2. Which is an example of passive reconnaissance?

• A) Nmap port scan

• B) Social media monitoring

• C) Phishing attack

• D) SQL injection

Answer: B) Social media monitoring

Explanation: Passive reconnaissance gathers public info without engaging the target, like WHOIS lookups or Google Dorking.

3. Which tool performs WHOIS lookups?

• A) Maltego

• B) nslookup

• C) WHOIS

• D) Nikto

Answer: C) WHOIS

Explanation: WHOIS reveals domain registration, owner details, and DNS info.

4. Which technique extracts sensitive data via search engines?

• A) Google Dorking

• B) DNS Spoofing

• C) Phishing

• D) ARP Poisoning

Answer: A) Google Dorking

Explanation: Google Dorking uses search operators to locate exposed files and misconfigured servers.

5. Which command performs DNS zone transfers?

• A) nslookup

• B) whois

• C) dig

• D) ping

Answer: C) dig

Explanation: The dig command queries DNS records like A, MX, and TXT for zone information.

6. What reconnaissance technique intercepts wireless communications?

• A) Phishing

• B) Wardriving

• C) Social engineering

• D) Footprinting

Answer: B) Wardriving

Explanation: Wardriving involves driving around to locate unsecured Wi-Fi networks.

7. Which tool gathers email addresses linked to a domain?

• A) TheHarvester

• B) Nikto

• C) Nessus

• D) Hydra

Answer: A) TheHarvester

Explanation: TheHarvester collects emails, domains, and employee info via search engines and public sources.

8. What technique identifies a target’s network range and IP structure?

• A) Banner grabbing

• B) Port scanning

• C) Footprinting

• D) Fingerprinting

Answer: C) Footprinting

Explanation: Footprinting maps IP addresses, DNS info, and system configurations.

9. Which tool maps relationships between organizations, social media, and domains?

• A) Maltego

• B) Metasploit

• C) Nikto

• D) sqlmap

Answer: A) Maltego

Explanation: Maltego visualizes connections across networks and social platforms.

10. Which command identifies a domain’s mail server?

• A) ping

• B) traceroute

• C) nslookup

• D) netcat

Answer: C) nslookup

Explanation: nslookup -type=MX [domain] reveals mail server info.

11. Which method uses impersonation or pretexting to gather information?

• A) Passive reconnaissance

• B) Active reconnaissance

• C) Human reconnaissance

• D) Hybrid reconnaissance

Answer: C) Human reconnaissance

Explanation: Human reconnaissance exploits social engineering tactics to extract data.

12. Which tool maps web application attack surfaces?

• A) Burp Suite

• B) Aircrack-ng

• C) Hashcat

• D) Ettercap

Answer: A) Burp Suite

Explanation: Burp Suite identifies web application vulnerabilities.

13. Which technique targets employees with customized attacks?

• A) Whaling

• B) Footprinting

• C) Spear phishing

• D) Dumpster diving

Answer: C) Spear phishing

Explanation: Spear phishing personalizes attacks using gathered employee details.

14. Which reconnaissance type directly interacts with target systems?

• A) Passive reconnaissance

• B) Active reconnaissance

• C) Hybrid reconnaissance

• D) Dynamic reconnaissance

Answer: B) Active reconnaissance

Explanation: Active reconnaissance involves direct engagement like port scanning.

15. Which technique retrieves sensitive data from discarded items?

• A) Baiting

• B) Dumpster diving

• C) Tailgating

• D) Pharming

Answer: B) Dumpster diving

Explanation: Dumpster diving involves searching trash for useful data.