Assignment: Reconnaissance and Footprinting | Ethical Hacking using Kali Linux (in English) - Software Development PDF Download

Multiple Choice Questions (MCQs)

Q1: Which tool is commonly used for passive reconnaissance?
(a) whois
(b) nmap
(c) Metasploit
(d) John the Ripper
Ans: (a) whois

Q2: What does the nslookup command do?
(a) Scans open ports
(b) Queries DNS records
(c) Captures network traffic
(d) Cracks passwords
Ans: (b) Queries DNS records

Q3: Which of the following is an active reconnaissance technique?
(a) Searching for emails on Google
(b) Running an nmap scan on the target
(c) Looking up domain registration information
(d) Checking LinkedIn for employee details
Ans: (b) Running an nmap scan on the target

Q4: Which command is used to discover subdomains of a target website?
(a) dig
(b) sublist3r
(c) ifconfig
(d) hydra
Ans: (b) sublist3r

Q5: What is the purpose of the theHarvester tool?
(a) Brute force login attempts
(b) Gather email addresses and domain info
(c) Scan for vulnerabilities
(d) Encrypt data
Ans: (b) Gather email addresses and domain info

Q6: What type of reconnaissance involves directly interacting with the target system?
(a) Passive reconnaissance
(b) Active reconnaissance
(c) Social engineering
(d) Spear phishing
Ans: (b) Active reconnaissance

Q7: Which command can be used to perform a DNS zone transfer?
(a) nslookup -type=AXFR
(b) whois
(c) netstat -an
(d) traceroute
Ans: (a) nslookup -type=AXFR

Q8: What tool is used to trace the route packets take to reach a target?
(a) traceroute
(b) dig
(c) nmap
(d) john
Ans: (a) traceroute

Q9: How can you extract metadata from a document?
(a) strings
(b) exiftool
(c) airmon-ng
(d) hping3
Ans: (b) exiftool

Q10: Which of the following techniques is considered passive footprinting?
(a) Port scanning
(b) Social media research
(c) Exploiting a web server
(d) Sending phishing emails
Ans: (b) Social media research

Clear all your Software Development doubts with EduRev Join for Free

Join for Free

Fill in the Blanks

Q1: The command ________ is used to perform a traceroute in Linux.
Ans: traceroute

Q2: The tool ________ is used to extract metadata from files.
Ans: exiftool

Q3: Passive reconnaissance involves gathering information without directly interacting with the ________.
Ans: target system

Q4: The ________ command in Linux is used to check domain name system (DNS) records.
Ans: dig

Q5: An example of active reconnaissance is running a ________ scan on a target.
Ans: nmap

True/False

1. Whois lookup provides information about the owner of a domain.
Ans: True

2. Passive reconnaissance involves scanning a target's open ports.
Ans: False

3. TheHarvester is a tool used for discovering emails and subdomains.
Ans: True

4. DNS zone transfers are a passive reconnaissance method.
Ans: False

5. Traceroute helps in mapping the path packets take across networks.
Ans: True

Download the notes Assignment: Reconnaissance and Footprinting

Download as PDF

Download as PDF

HOTS (Higher Order Thinking Skills) Questions

Q1: You are hired by a company to gather information about their online presence without directly interacting with their systems. What tools and techniques would you use?
Ans: Use whois, theHarvester, Google Dorking, shodan, and social media analysis.

Q2: While conducting a security assessment, you suspect that a company’s DNS server allows unauthorized zone transfers. How would you confirm this, and what are the risks?
Ans: Use nslookup -type=AXFR target.com to test for zone transfer vulnerability. If successful, attackers can gain detailed DNS records, revealing the internal network structure.

Q3: A financial organization wants to ensure that their sensitive documents do not contain hidden metadata before publication. How would you verify and remove metadata from their files?
Ans: Use exiftool document.pdf to check for metadata and exiftool -all= document.pdf to remove it.

Q4: During an engagement, you need to find all subdomains of a target organization to check for exposed services. What tool and command would you use, and why is this important?
Ans: Use Sublist3r -d target.com. Finding subdomains helps identify forgotten or misconfigured services that could be exploited.

Q5: Your client wants to understand what technologies their competitors use on their websites without directly interacting with them. What tool would you recommend, and how would you use it?
Ans: Use whatweb target.com or builtwith.com to passively analyze the technology stack of a competitor’s website.

Take a Practice Test Test yourself on topics from Software Development exam

Practice Now

Practice Now

Hands-on Coding Questions

Q1: Write a Python script that extracts email addresses from a given webpage using regex.
Ans:
import re
import requests
url = "https://example.com"
response = requests.get(url)
emails = re.findall(r"[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}", response.text)
print("Extracted Emails:", emails)

Q2: Create a Bash script that performs a whois lookup on a list of domains from a file.
Ans: 
#!/bin/bash
while read domain; do
    echo "Performing whois lookup for: $domain"
    whois $domain
    echo "--------------------------------"
done < domains.txt