A consultant is hired to perform a passive vulnerability assessment of a company to determine what information might be collected about the company and its employees. The assessment will be considered successful if the consultant can discover the name of one of the IT administrators.
Which of the following is MOST likely to produce the needed information?
A. Whois
B. DNS enumeration
C. Vulnerability scanner
D. Fingerprinting
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
A… “…perform a PASSIVE vulnerability assessment.” DNS enumeration is intrusive and possibly require penetrating into the network and DNS server before you can run DNS enumeration. C. Vulnerability scanner and D. Fingerprinting are irrelevant.
Whois on the web will get you a lot of information about a company. There could be phone numbers for you to call to find out more. Sometimes, the first person to answer the phone is the administrator. Just ask for her name and you are done.
DNS enumeration is the process of locating all the DNS servers and their corresponding records for an organization. DNS enumeration will yield usernames, computer names, and IP addresses of potential target systems
B.
We will use DNS enumeration. It’s locate all the DNS servers and their corresponding records for a company or organization . DNS enumeration returns usernames of the computer, computer names, and IP addresses of potential target computer.
I think this could be done with A. Whois
yep