Question

During the reconnaissance stage of a penetration test, Cynthia needs to gather information about the target organization's network infrastructure without causing an IPS to alert the target to her information gathering. Which of the following is her best option?

A. Perform a DNS brute-force attack.
B. Use an nmap ping sweep.
C. Perform a DNS zone transfer.
D. Use an nmap stealth scan.

Answer 1

Cynthia's best option for gathering information during the reconnaissance stage of a penetration test without triggering an IPS is to use an nmap stealth scan, as it is designed to be less detectable compared to the other methods.

Step-by-step explanation:

During the reconnaissance stage of a penetration test, it is important to collect information without triggering security mechanisms such as Intrusion Prevention Systems (IPS). Of the options provided, Cynthia should opt for a method that minimizes the risk of detection. A DNS brute-force attack is very noisy and likely to be detected by an IPS due to the sheer number of requests generated. An nmap ping sweep can also be easily detected as it sends ICMP packets to a range of IP addresses.

A DNS zone transfer could be useful if the servers are misconfigured to allow such transfers from any source, but it's a rare occurrence and still more detectable. The most subtle technique in this context would be to use an nmap stealth scan (also known as a SYN scan). This method is designed to be less detectable as it does not open a full TCP connection, which makes it less likely that the scan will be logged or noticed by an IPS.