ExamGecko
Search Search Login
Home Home / Isaca / Cybersecurity Audit
Question list
Search
Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

Which of the following is the BEST indication of mature third-party vendor risk management for an organization?
Using digital evidence to provide validation that an attack has actually occurred is an example of;
Which of the following is the BEST indication that an organization's vulnerability management process is operating effectively?
The GREATEST advantage of using a common vulnerability scoring system is that it helps with:
Which of the following would provide the BEST basis for allocating proportional protection activities when comprehensive classification is not feasible?
Which of the following BEST characterizes security mechanisms for mobile devices?
Using a data loss prevention (DLP) solution to monitor data saved to a USB memory device is an example of managing:
The risk of an evil twin attack on mobile devices is PRIMARILY due to:
What is the FIRST activity associated with a successful cyber attack?
Which of the following backup procedure would only copy files that have changed since the last backup was made?

Question 39 - Cybersecurity Audit discussion

Report
Export

Which of the following is a passive activity that could be used by an attacker during reconnaissance to gather information about an organization?

A.
Using open source discovery
Answers
A.
Using open source discovery
B.
Scanning the network perimeter
Answers
B.
Scanning the network perimeter
C.
Social engineering
Answers
C.
Social engineering
D.
Crafting counterfeit websites
Answers
D.
Crafting counterfeit websites
Suggested answer: A

Explanation:

A passive activity that could be used by an attacker during reconnaissance to gather information about an organization is using open source discovery. This is because open source discovery is a technique that involves collecting and analyzing publicly available information about an organization, such as its website, social media, press releases, annual reports, etc. Open source discovery does not require any direct interaction or communication with the target organization or its systems or network, and therefore does not generate any traffic or alerts that could be detected by the organization's security controls. The other options are not passive activities that could be used by an attacker during reconnaissance to gather information about an organization, but rather active activities that involve direct or indirect interaction or communication with the target organization or its systems or network, such as scanning the network perimeter (B), social engineering C, or crafting counterfeit websites (D).

Show Answer
asked 18/09/2024
Arun Lailamony
38 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms