Exam PT0-002 topic 1 question 166 discussion

DF are correct

There is no point in doing a Shodan search for web presence. It will offer intel on IoT devices and other stuff but not specifically to web. I say CD is the answer as DNS lookups and search engines both offer information about web presence of a company

Options A, C, and D are generally considered non-intrusive and are less likely to cause disruption during the information-gathering phase of a penetration test. A is mail related, so not useful regarding the company's web presence. C and D remain.

Off of research those the ones that makes the most sense.

In the context of performing information gathering around a company's web presence with minimal disruption, the penetration tester would likely focus on gathering publicly accessible information without directly probing or interacting with the company's systems in potentially disruptive ways. The two options that would be MOST helpful in the initial information-gathering steps are: C. DNS forward and reverse lookups D. Internet search engines Explanation: Option C (DNS forward and reverse lookups): DNS forward lookups can help identify IP addresses associated with domain names, and reverse lookups can provide the domain names associated with IP addresses. This information can be crucial for mapping the company's web presence. Option D (Internet search engines): Utilizing search engines like Google allows the tester to gather publicly available information about the company's web presence, including websites, subdomains, social media profiles, and more, without engaging in potentially disruptive activities.

The question states " web presence " this would mean C and D wouldn't it? Shodan is a web application that provides information on IoT devices, not a companies web presence

The two options that would be MOST helpful in the initial information-gathering steps are D. Internet search engines and F. Shodan results. Internet search engines can be used to find information about the company's web presence, such as websites, social media profiles, and online documents. This can provide valuable insights into the company's infrastructure and help the tester identify potential attack vectors. Shodan is a search engine that can be used to identify internet-facing devices and systems, including open ports and services. This can help the tester identify potential vulnerabilities and attack vectors in the company's external network.

Wouldn't it be D and F as search engines is of course no issue and shodan is passive recon....

D and F for sure

The most helpful in the initial information-gathering steps would be C. DNS forward and reverse lookups, and D. Internet search engines. DNS forward and reverse lookups can be used to gain an understanding of the web infrastructure around a company, while Internet search engines can be used to find any mentions of the company on public websites and forums.

CD is correct.

A and F is correct

deeeeeee

consider: I choose C. DNS forward and reverse lookups over F. Shodan results because, in the initial information-gathering phase, the tester needs to have a broad understanding of the company's web presence, and DNS lookups can provide that. DNS lookups can give the tester a list of domain names associated with the company and the IP addresses of servers hosting those domain names. This information can be used to identify potential targets for further testing and to gain a better understanding of a company's web presence. On the other hand, Shodan is a search engine that allows users to find specific types of devices (webcams, routers, servers, etc.) connected to the Internet using a variety of filters. It could be used by a tester as a reconnaissance tool to find open ports, services and vulnerabilities, but it's limited to specific type of devices.