Which statement best distinguishes active reconnaissance from passive in penetration testing?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $24.99Unlock all

Get ready for the Cybersecurity and Digital Forensics Test with comprehensive multiple choice questions, flashcards, and detailed explanations. Enhance your skills and prepare for success in the digital security field!

Multiple Choice

Which statement best distinguishes active reconnaissance from passive in penetration testing?

Explanation:
In reconnaissance during penetration testing, the difference centers on whether you engage with the target while gathering data. Active reconnaissance involves direct interaction with the target systems to elicit responses and collect details—things like port scans, banner grabbing, or service discovery. This approach can reveal live hosts, open ports, services, and versions, but it also risks being detected. Passive reconnaissance, on the other hand, collects information without touching the target, using public sources such as websites, DNS records, WHOIS data, and social media to infer the environment. Therefore, the statement that active reconnaissance interacts with the target to gather information (for example, port scans) is the best distinction. The other descriptions mix up the interaction notion or mischaracterize passive methods.

In reconnaissance during penetration testing, the difference centers on whether you engage with the target while gathering data. Active reconnaissance involves direct interaction with the target systems to elicit responses and collect details—things like port scans, banner grabbing, or service discovery. This approach can reveal live hosts, open ports, services, and versions, but it also risks being detected.

Passive reconnaissance, on the other hand, collects information without touching the target, using public sources such as websites, DNS records, WHOIS data, and social media to infer the environment.

Therefore, the statement that active reconnaissance interacts with the target to gather information (for example, port scans) is the best distinction. The other descriptions mix up the interaction notion or mischaracterize passive methods.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy