Scanning and Enumeration

Question 1

What is an Enumeration?

Answer 1

Actively probing the target to identify services, users, and devices on a
network.

Builds on OSINT phase to understand target landscape in detail.

Question 2

What is an Enumerating Protocols

Answer 2

Identify communication rules used by devices.

Reveal potential security weaknesses in data transmission and processing.

Question 3

What is an ICMP (Internet Control Message Protocol) ?

Answer 3

Ping

Question 4

What is an IPSec (Internet Protocol Security)?

Answer 4

Provides encryption and authentication for secure
communication.

Testers look for supported protocols, ciphers, and configurations.

Analyze encryption algorithms and key exchange methods.

Question 5

What is a SNMP (Simple Network Management Protocol)

Answer 5

Used for managing network devices.

Enumerate SNMP to gather network information or reconfigure
devices.

Question 6

What is a SMB (Server Message Block)?

Answer 6

Used by Windows systems for file sharing and network services.

Identify open shares, permissions, and OS details

Question 7

What is a DNS Enumeration?

Answer 7

Provides insights into target’s network infrastructure.

Reveals potential vulnerabilities and misconfigurations.

Question 8

What is a DNS Zone Transfer?

Answer 8

Replicates DNS records between primary and secondary DNS servers.

Misconfigured servers allowing zone transfers can reveal detailed
information.

Question 9

What is MX Records?

Answer 9

identify mail servers

dig MX ***.com

Question 10

What is NS Records?

Answer 10

Identify authoritative name servers.
dig NS ***.com

Question 11

Reverse DNS Lookup are

Answer 11

Queries DNS system to find the domain name associated with an IP
address.

Question 12

DNS Brute Force Uses

Answer 12

a wordlist of common subdomains to discover additional
subdomains.

Question 13

What are SRV Records?

Answer 13

Provide information about the location of specific services within a
domain.

Question 14

What is Directory Enumeration?

Answer 14

Identifying and mapping out directories and files on a web server or within a web application.

Helps uncover hidden resources, sensitive information, and potential
attack vectors

Question 15

What are Web Crawlers?

Answer 15

tools like:
DirBuster
Gobuster
Dirsearch

Question 16

What is the function of Web Crawlers?

Answer 16

Automate discovering directories and files using wordlists.

Question 17

What is the Purpose of Analyzing robots.txt Files?

Answer 17

Indicates which directories or files should not be indexed by
search engines.

Question 18

What are an Error Messages?

Answer 18

Provide information when requesting non-existent directories or
files

Question 19

Some web servers list contents of a directory if no

Answer 19

index file is present.

Question 20

What is URL Fuzzing?

Answer 20

Technique: Changing URLs to discover hidden directories and files.

Tools: Burp Suite

Question 21

What is the Technique of Server-Side Includes (SSI) Injections

Answer 21

Injecting SSI directives into URLs or form fields to execute
server-side commands or include files.

Question 22

What are the tools for Enumerating Network Services and Shares?

Answer 22

Metasploit

net view
○ arp -a
○ net user
○ ipconfig /displaydns.