Exam PT0-002 topic 1 question 145 discussion

B and C is correct. B allows you to get the technical contacts using WHOIS. C allows you to get to billing/sales contacts

A C is correct

A/B. These are the only answers that would not trigger an alert

A and B are MOST correct. C is usefull, too, but more sus. Could get detected doing that.

Both scraping and crawling can trigger cyber tools because they are essentially bots, but I believe that they are looking for the answers B and C because the information can be received easily and quickly (though I think "crawling" in answer C should be replaced with "browsing").

Its trying to trick into "A" scraping social media. While this will be passive reconnaissance and could be correct, the question asks for getting the email addresses. Usually you can't get the email addresses from the users on social media platforms. Getting email addresses is easiest as described by Neolot: With a whois you can most likely get a technical contact email address. Additionally on the company website you usually can find contact addresses of sales as well as on a lot of company sites also technical contact. It would also not necessarily trigger an alarm, if you don't crawl all pages. Don't even need a automatic crawler for this, just navigate to to pages such as "contact"...

Look on the older dump by exam topic it is AC

these are the only 2 options that will not be considered active reconnaissance

A and B, C will trigger CAPTCHAs and Log Analysis

Crawling can trigger an alert. Scraping data from social media can result in email format/useful emails Whois shouldn't trigger an alert (as you're querying a db that stores registered IP addy info and not the IP addy of the company itself) and can be used with 3rd party apps/websites, like http://viewdns.info

In pentesting, this would be active information gathering. You are ac-tively engaging the target in order to do things like detect open ports, webpages, services, and identify exploitable weaknesses you can use duringthe pentest. These actions may show up in logs, monitoring systems, or af-fect bandwidth utilization of the target. Which means that C is considered Active reconnaissance. According to study text, C may in some scenarios trigger monitoring tools. ANY of the client's cybersecurity tools

keywords " without triggering any alarms" A & B are both passive reconnaissance which means no interaction with any systems

AB only ones that can't be detected. Cmon guys

These methods are passive, meaning they don't involve direct interaction with the target that might raise suspicions or trigger alerts, making them suitable choices for the given scenario. The other options, such as scraping social media sites (A), phishing company employees (D), utilizing DNS lookup tools (E), or conducting wardriving near the client facility (F), may not specifically target the retrieval of technical and billing contacts' email addresses or may involve more intrusive or active methods that could potentially be detected.

B. Using the WHOIS lookup tool: The WHOIS lookup tool provides information about domain names, including the contact details associated with the domain. By performing a WHOIS lookup on the client's domain, the consultant can retrieve email addresses for technical and billing contacts without directly interacting with the client's infrastructure. C. Crawling the client's website: By crawling the client's website, the consultant can extract email addresses from publicly available web pages. This can include contact pages, team member profiles, or other sections of the website that may display email addresses for technical and billing contacts.

Going with A and B. Web Crawlers can be detected.

Duplicate of https://www.examtopics.com/exams/comptia/pt1-002/view/28/ Some examples of security measures on a website that could potentially trigger cybersecurity tools during crawling or scanning activities include: Web Application Firewall (WAF): A WAF is designed to detect and block malicious web traffic, including activities that may be considered suspicious, such as repeated or aggressive crawling or scanning of the website. Intrusion Detection System/Intrusion Prevention System (IDS/IPS): An IDS/IPS is designed to detect and prevent unauthorized access or malicious activities on a network or website. It may be configured to detect patterns of crawling or scanning activities and trigger alerts or block access. Rate limiting or throttling: The website may have rate limiting or throttling mechanisms in place to limit the number of requests or connections from a single IP address or user agent within a certain time frame. Exceeding these limits may trigger alerts or blocks. Captchas or challenge-response mechanisms: Custom security scripts or tools: