During an external penetration test, a tester receives the following output from a tool:
test.comptia.org
info.comptia.org
vpn.comptia.org
exam.comptia.org
Which of the following commands did the tester most likely run to get these results?
A . nslookup -type=SOA comptia.org
B . amass enum -passive -d comptia.org
C . nmap -Pn -sV -vv -A comptia.org
D . shodan host comptia.org
Answer: B
Explanation:
The tool and command provided by option B are used to perform passive DNS enumeration, which can uncover subdomains associated with a domain.
Here ’ s why option B is correct:
amass enum -passive -d comptia.org: This command uses the Amass tool to perform passive DNS enumeration, effectively identifying subdomains of the target domain. The output provided (subdomains) matches what this tool and command would produce.
nslookup -type=SOA comptia.org: This command retrieves the Start of Authority (SOA) record, which does not list subdomains.
nmap -Pn -sV -vv -A comptia.org: This Nmap command performs service detection and aggressive scanning but does not enumerate subdomains.
shodan host comptia.org: Shodan is an internet search engine for connected devices, but it does not
perform DNS enumeration to list subdomains.
Reference from Pentest:
Writeup HTB: Demonstrates the use of DNS enumeration tools like Amass to uncover subdomains during external assessments.
Horizontall HTB: Highlights the effectiveness of passive DNS enumeration in identifying subdomains and associated information.
Latest PT0-003 Dumps Valid Version with 131 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund