Which tool or method best allows testers to retrieve old versions of websites to gather potentially sensitive information that may have been removed from a current site?
WAYBACK MACHINE
Which tool or method best allows testers to retrieve old versions of websites to gather potentially sensitive information that may have been removed from a current site?
Wireshark
Which technique involves sending requests to open ports to retrieve information about the software and version running on the system?
Banner grabbing
Which Nmap scan type is commonly referred to as a “half-open” scan because it does not complete the TCP handshake?
SYN scan
-sS
called half-open scan
Which tool or method allows testers to collect data from a website’s markup code and potentially uncover sensitive details such as server types or internal names?
HTML scraping
What is Passive Reconnaissance?
A technique in penetration testing used to gather information about a
target without direct interaction with its system
tools like: GitHub, Bitbucket, SourceForge
What are the risks using a Passive Reconnaissance?
Expose sensitive information (hostnames, IP addresses,
database servers, service configurations, credentials)
What tools would you use for Searching for Images and Archived Websites?
Wayback Machine, web cache viewers, TinEye, Google Image Search
What dose the command dig do?
Query DNS records to retrieve information about domain
names, IP mappings, and other DNS-related data
Does not send traffic directly to the target’s systems
What is Network Sniffing?
The process of capturing packets of data as they travel across a network
Gathering information about network topology and architecture
Identifying active hosts, services, and key communication
endpoints
Exposing weaknesses in network configurations and outdated
protocols
What are IoT and OT Domain?
Deploying network sniffing technologies in the IoT and OT domain to monitor specialized protocols
IoT and OT Domain Specialized in Protocols:
MQTT (Message Queuing Telemetry Transport)- Used for lightweight messaging in IoT
Modbus- Used in industrial environments for primary/secondary
relationships between controllers
What is the IoT (Internet of Things)?
Network‑connected smart devices such as sensors, cameras, smart lights, and home automation systems.
What is the OT (Operational Technology) ?
Industrial systems that control physical processes, such as manufacturing equipment, power plants, water systems, and PLC controllers.
What is the protocol MQTT (Message Queuing Telemetry Transport)?
A lightweight publish‑subscribe messaging protocol commonly used in IoT devices for efficient communication between sensors and controllers.
What is the protocol Modbus?
A widely used industrial protocol in OT environments that enables communication between a master controller and multiple slave devices (e.g., PLCs, sensors, actuators).
What is an Active Reconnaissance?
Involves directly interacting with the target’s systems to gather important
data
What is the risks using Active Reconnaissance?
May alert the target that someone is assessing their security
TCP Scanning:
Uses Transmission Control Protocol to find open ports and running services
Involves starting a handshake to see if a port is open
SYN scan with Nmap sends a:
TCP SYN packet;
receiving a SYN-ACK response indicates an open port
UDP Scanning:
Uses User Datagram Protocol to find open ports and running services
Sends UDP packets to various ports to determine status based on responses
On a UDP scan, what dose No response indicates?
a blocked UDP port
On a UDP scan, what dose ICMP port unreachable error suggests?
a closed port
What are Banner Grabbing?
Gathers information about the software running on a network, including type and version
Involves connecting to a remote service and recording the banner
information sent back
