A penetration testing team is conducting reconnaissance. Which of the following is the most likely output?
A. A list of services running on a host
B. A list of vulnerabilities identified by CVE
C. A list of network hosts
D. A list of unpatched services
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is C. A list of network hosts.
There are various penetration testing methodologies, among which engagement procedures and terminologies may vary. For example, scanning may refer to network scanning or port scanning; discovery may refer to discover a network or enumerate services. So does the term reconnaissance or recon. Some treat reconnaissance as the first step of pen testing or the same as OSINT, an information gathering technique.
According to EC-Council’s LPT methodology, reconnaissance refers to scan, explore, or discover a network to gather information and generate a list of network hosts.
Reference
- Penetration Testing
- The Beginner’s Guide to External Penetration Testing Reconnaissance
- Penetration Testing Methodology, Part 1/6 — Recon
- A Complete Guide to the Phases of Penetration Testing
- OSINT Framework
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.