CCNA Ptp Recon Scanning Questions

33 of 108 questions · Page 2/2 · Ptp Recon Scanning topic · Answers revealed

76
Multi-Selecthard

A penetration tester is performing active reconnaissance on a web application and needs to discover parameters that the application accepts. Which TWO tools are most commonly used for parameter discovery? (Select TWO.)

Select 2 answers
A.ffuf
B.theHarvester
C.WPScan
D.Nikto
E.Arjun
AnswersA, E

ffuf is a fast web fuzzer that can be used for parameter brute-forcing.

Why this answer

ffuf (Fuzz Faster U Fool) is a high-performance web fuzzer commonly used for parameter discovery by brute-forcing HTTP request parameters (GET/POST) against a target endpoint. Arjun is a dedicated parameter discovery tool that uses a wordlist of common parameter names and analyzes response differences (e.g., status codes, content length) to identify valid parameters. Both tools are specifically designed for active reconnaissance to enumerate hidden or undocumented parameters in web applications.

Exam trap

The trap here is that candidates often confuse general-purpose web scanners (like Nikto) or CMS-specific tools (like WPScan) with dedicated parameter discovery tools, leading them to select options that perform different reconnaissance tasks.

77
Multi-Selecthard

During a web application penetration test, the tester wants to discover hidden parameters that the application accepts. Which THREE tools are BEST suited for parameter bruteforcing? (Select THREE.)

Select 3 answers
A.WPScan
B.Arjun
C.Nikto
D.ffuf
E.Burp Suite Intruder
AnswersB, D, E

Correct. Arjun specializes in parameter discovery.

Why this answer

Arjun is specifically designed to discover hidden HTTP parameters by performing parameter bruteforcing using a wordlist. It sends requests with various parameter names and analyzes responses to identify which ones are accepted by the web application, making it a dedicated tool for this task.

Exam trap

The trap here is that candidates may confuse general web vulnerability scanners (like Nikto or WPScan) with tools that are purpose-built for parameter bruteforcing, leading them to select tools that lack the specific functionality for discovering hidden parameters.

78
MCQmedium

During a web application penetration test, the tester wants to discover hidden directories and files on the target web server. Which tool is best suited for this task, and what technique does it use?

A.Curl - manual HTTP requests
B.Whatweb - web server identification
C.Wappalyzer - technology fingerprinting
D.Gobuster - directory brute forcing
AnswerD

Gobuster performs directory/file enumeration via brute force.

Why this answer

Directory enumeration tools like gobuster, dirbuster, and dirsearch use wordlist-based brute force to discover hidden directories and files. Gobuster is a common choice. Wappalyzer is for technology fingerprinting, whatweb is for web server identification, and curl is for HTTP requests but lacks directory brute force functionality.

79
MCQhard

A penetration tester is using OpenVAS to perform an authenticated vulnerability scan of a Linux server. The tester has provided valid SSH credentials. Which of the following is a primary benefit of performing an authenticated scan over an unauthenticated scan?

A.Ability to detect vulnerabilities that require local access
B.Reduced network bandwidth usage
C.Faster scan completion time
D.Elimination of all false positives
AnswerA

Authenticated scans can assess local vulnerabilities and missing patches.

Why this answer

Authenticated scans have deeper access to the system, allowing the scanner to check configuration files, patch levels, and local vulnerabilities that are not visible externally.

80
Multi-Selectmedium

During a web application penetration test, the tester wants to discover hidden API endpoints. Which THREE of the following techniques can be used to achieve this? (Select THREE.)

Select 3 answers
A.Analyzing JavaScript files for API calls
B.Using Arjun for parameter discovery
C.Directory bruteforcing with gobuster
D.Performing a zone transfer
E.Running Nmap with service version detection
AnswersA, B, C

JavaScript files often contain API endpoint URLs.

Why this answer

Directory enumeration tools like gobuster or feroxbuster can find API paths; JavaScript analysis can reveal API calls; and parameter discovery tools like Arjun can find endpoints by brute-forcing parameters.

81
MCQmedium

During a penetration test, a tester wants to discover all live hosts on a subnet without performing a full port scan. Which Nmap command is most appropriate for this purpose?

A.nmap -sS 192.168.1.0/24
B.nmap -sn 192.168.1.0/24
C.nmap -O 192.168.1.0/24
D.nmap -A 192.168.1.0/24
AnswerB

-sn performs a ping sweep to determine which hosts are up without scanning ports.

Why this answer

The -sn flag performs a ping sweep (host discovery) without port scanning, which is the standard method to discover live hosts on a subnet efficiently.

82
MCQeasy

A penetration tester is using Google dorks to find sensitive information about a target organization. Which search operator would help the tester find PDF files containing the word 'confidential' on the target's website?

A.site:target.com ext:pdf confidential
B.site:target.com intitle:confidential pdf
C.inurl:target.com filetype:pdf confidential
D.site:target.com filetype:pdf intext:confidential
AnswerD

site limits the search to the target domain, filetype:pdf returns only PDF files, and intext:confidential finds pages containing the word 'confidential'.

Why this answer

The filetype operator filters results by file extension (e.g., pdf), and the intext operator searches for the specified text within the page content.

83
Multi-Selectmedium

A penetration tester is performing passive reconnaissance on a target organization. Which TWO of the following sources can provide information about the organization's historical web content? (Select TWO.)

Select 2 answers
A.Nmap
B.Shodan
C.Wayback Machine
D.Wireshark
E.Pastebin
AnswersC, E

Wayback Machine archives web pages over time, providing historical content.

Why this answer

The Wayback Machine archives historical snapshots of websites, and Pastebin can contain pasted content from the organization, including historical data.

84
MCQmedium

After gaining initial access to an internal network, a penetration tester wants to identify live hosts on a subnet without generating excessive traffic. Which Nmap command would be most appropriate for host discovery using ICMP echo requests and TCP SYN to port 80?

A.nmap -A 192.168.1.0/24
B.nmap -sS 192.168.1.0/24
C.nmap -O 192.168.1.0/24
D.nmap -sn 192.168.1.0/24
AnswerD

-sn disables port scan and only performs host discovery.

Why this answer

Nmap's -sn flag performs a ping sweep, which by default uses ICMP echo, TCP SYN to port 80, and other probes. The other options are for port scanning or OS detection.

85
Multi-Selectmedium

A penetration tester is performing reconnaissance on a target network and wants to identify all live hosts without sending many packets. Which TWO techniques are MOST effective for host discovery in a local subnet? (Select TWO.)

Select 2 answers
A.ARP scan using arp-scan
B.TCP SYN scan on port 80
C.UDP scan on port 161
D.ICMP ping sweep using nmap -sn
E.DNS zone transfer
AnswersA, D

Correct. ARP scanning is effective for local subnet discovery.

Why this answer

ARP scan using arp-scan is effective because it sends ARP requests to every IP in the subnet and listens for ARP replies. Since ARP is a Layer 2 protocol, it does not require IP-level responses and works even if hosts block ICMP or TCP probes. This technique is extremely fast and generates minimal traffic, making it ideal for local subnet host discovery.

Exam trap

The trap here is that candidates often overlook ARP scans because they think only ICMP or TCP techniques are valid for host discovery, but on a local subnet ARP is the most efficient and stealthy method, while ICMP ping sweeps are also correct but can be blocked by host firewalls.

86
MCQeasy

A penetration tester is performing passive reconnaissance on a target organization. Which of the following tools is best suited for gathering information from public sources such as search engines, social media, and website scraping?

A.theHarvester
B.Metasploit
C.Nessus
D.Nmap
AnswerA

theHarvester is specifically designed for passive information gathering from public sources.

Why this answer

theHarvester is an OSINT tool designed to gather emails, subdomains, IPs, and URLs from public sources like search engines and social media.

87
Multi-Selecthard

A penetration tester is conducting a vulnerability assessment and wants to minimize false positives. Which THREE actions should the tester take? (Select THREE.)

Select 3 answers
A.Run the same scan multiple times
B.Verify findings manually
C.Cross-reference results with multiple scanners
D.Ignore all high-severity findings initially
E.Use authenticated scanning where possible
AnswersB, C, E

Manual verification helps confirm whether a reported vulnerability is genuine.

Why this answer

Option B is correct because manual verification of findings (e.g., confirming a vulnerability by exploiting it or inspecting the service banner) eliminates false positives that automated scanners often report due to signature mismatches or incomplete checks. For example, a scanner might flag a service as vulnerable based on version string alone, but manual testing can confirm whether the actual exploit conditions exist, such as checking for specific configuration flaws or patch levels.

Exam trap

The trap here is that candidates may think running the same scan multiple times (Option A) improves accuracy, but it actually increases noise without validating findings, whereas manual verification and cross-referencing are the proven methods to minimize false positives.

88
MCQmedium

A penetration tester is conducting active reconnaissance on a target network and wants to perform a SYN scan to identify open ports without completing the full TCP handshake. Which Nmap flag should the tester use?

A.-sS
B.-sA
C.-sU
D.-sT
AnswerA

-sS performs a SYN scan, sending SYN packets and analyzing responses.

Why this answer

The -sS flag specifies a SYN scan, which is stealthy and does not complete the three-way handshake.

89
Multi-Selectmedium

A penetration tester is performing initial reconnaissance on a target domain. Which THREE sources can provide historical data about the target? (Select THREE.)

Select 3 answers
A.Wayback Machine
B.Pastebin
C.Shodan
D.Certificate Transparency logs (crt.sh)
E.Nmap
AnswersA, B, D

Wayback Machine archives historical snapshots of websites.

Why this answer

The Wayback Machine archives web pages, Pastebin may contain leaked historical data, and certificate transparency logs (crt.sh) provide historical certificate issuance data.

90
Multi-Selectmedium

A penetration tester is tasked with performing a DNS enumeration of a target domain to discover subdomains. Which THREE tools are commonly used for subdomain bruteforcing? (Select THREE.)

Select 3 answers
A.amass
B.subfinder
C.dnsx
D.sublist3r
E.gobuster dns
AnswersA, B, C

Correct. Amass performs subdomain enumeration using various techniques.

Why this answer

Amass is correct because it is a dedicated subdomain enumeration tool that performs bruteforcing via DNS queries, using wordlists and recursive resolution to discover subdomains. It integrates with multiple data sources and supports active bruteforcing techniques against target domains.

Exam trap

The trap here is that candidates may confuse passive enumeration tools like sublist3r with active bruteforcing tools, or misidentify the correct tool name format (e.g., 'gobuster dns' vs. 'gobuster' with the dns subcommand).

91
MCQeasy

Which of the following is a common community string used in SNMP enumeration?

A.root
C.public
D.admin
AnswerC

Public is the default read-only community string in many SNMP implementations.

Why this answer

The default community strings for SNMP are often 'public' for read-only and 'private' for read-write access.

92
MCQeasy

A penetration tester is performing passive reconnaissance and wants to identify subdomains associated with a target domain without directly querying the target's DNS servers. Which tool is specifically designed for this purpose?

A.WPScan
B.Nmap
C.theHarvester
D.Gobuster
AnswerC

theHarvester collects emails, subdomains, and other data from public sources, suitable for passive reconnaissance.

Why this answer

TheHarvester is specifically designed for passive reconnaissance, gathering subdomains from public sources like search engines (Google, Bing), PGP key servers, and the Shodan database without querying the target's DNS servers directly. This aligns with the requirement to avoid direct interaction with the target's infrastructure, making it the correct choice for passive subdomain enumeration.

Exam trap

The trap here is that candidates often confuse passive reconnaissance with tools that can perform subdomain enumeration but require active DNS queries, such as Gobuster or Nmap's dns-brute script, leading them to overlook theHarvester's passive data collection from public sources.

How to eliminate wrong answers

Option A is wrong because WPScan is a WordPress vulnerability scanner that actively probes the target web server, not a passive reconnaissance tool for subdomain discovery. Option B is wrong because Nmap is an active network scanner that sends packets to target hosts, directly querying DNS servers if used with scripts like dns-brute, which violates the passive requirement. Option D is wrong because Gobuster performs active brute-force enumeration of subdomains by sending DNS queries to the target's DNS servers, making it an active technique, not passive.

93
MCQmedium

During a web application penetration test, the tester wants to identify the technologies used by the target website. Which of the following tools is best suited for technology fingerprinting?

A.Nikto
B.Nmap
C.Gobuster
D.WhatWeb
AnswerD

WhatWeb is a tool specifically designed for website fingerprinting to identify technologies.

Why this answer

Wappalyzer is a browser extension and online tool that identifies web technologies such as frameworks, CMS, and server software.

94
MCQmedium

A penetration tester is performing service enumeration on a discovered host and wants to grab banners from open ports to identify the exact software and version running. Which of the following command-line tools would be most appropriate for this task?

A.traceroute target.com
B.ping target.com
C.curl http://target.com
D.nc -v target.com 22
AnswerD

Netcat connects to port 22 and will display the SSH banner.

Why this answer

Option D is correct because `nc -v target.com 22` uses Netcat in verbose mode to connect to port 22 on the target, which triggers the SSH server to send its banner (e.g., "SSH-2.0-OpenSSH_8.9p1"). This banner directly reveals the exact software and version running on that port, making it ideal for service enumeration and banner grabbing.

Exam trap

Cisco often tests the distinction between general connectivity tools (ping, traceroute) and service-specific tools (nc, telnet, nmap -sV), expecting candidates to recognize that only raw TCP connection tools can perform banner grabbing on arbitrary ports.

How to eliminate wrong answers

Option A is wrong because `traceroute` is used to map the network path (hops) between the source and destination, not to connect to open ports or retrieve banners. Option B is wrong because `ping` uses ICMP Echo Requests to test host reachability and does not interact with TCP/UDP services to grab banners. Option C is wrong because `curl http://target.com` sends an HTTP request and retrieves the web page content, but it does not perform raw TCP banner grabbing on arbitrary ports (e.g., SSH on port 22) and may not reveal the exact software version unless the server leaks it in HTTP headers.

95
MCQhard

A penetration tester is performing web application reconnaissance and wants to discover API endpoints and hidden parameters that may not be linked from the main application. Which technique would be most effective for this purpose?

A.Running Nikto for web server vulnerabilities
B.JavaScript analysis for endpoint discovery
C.Directory bruteforcing with gobuster
D.Using Wappalyzer to fingerprint technologies
AnswerB

JavaScript files often contain API endpoints, routes, and parameters.

Why this answer

JavaScript analysis often reveals AJAX API endpoints, keys, and parameters that are not visible in HTML. Directory bruteforcing may find endpoints but JS analysis is more targeted for hidden APIs.

96
MCQmedium

A penetration tester runs a SYN scan against a target and receives SYN-ACK responses from several ports. The tester then runs version detection on those ports. What is the primary purpose of version detection?

A.To identify the operating system of the target
B.To perform a vulnerability scan
C.To determine if the host is online
D.To identify the software and version running on open ports
AnswerD

Version detection probes open ports to determine the application name and version, aiding vulnerability assessment.

Why this answer

Version detection (-sV) in Nmap identifies the specific software and version running on open ports, helping assess potential vulnerabilities and plan further exploitation.

97
MCQmedium

A penetration tester is performing passive reconnaissance and wants to find historical versions of the target website, including old pages that may contain sensitive information. Which resource should the tester use?

A.Pastebin
B.Shodan
C.Wayback Machine
D.Google dorks
AnswerC

Wayback Machine archives historical versions of websites.

Why this answer

The Wayback Machine (archive.org) archives historical snapshots of websites. Pastebin is for pasted text, Google dorks are for search queries, and Shodan is for device discovery.

98
Multi-Selecthard

A penetration tester is assessing a web application and wants to discover hidden directories, files, and parameters. Which THREE of the following tools are most appropriate for this task?

Select 3 answers
A.Nikto
B.dirsearch
C.Wappalyzer
D.feroxbuster
E.Gobuster
AnswersB, D, E

Dirsearch is a directory bruteforcing tool.

Why this answer

B (dirsearch) is correct because it is a purpose-built tool for brute-forcing hidden directories and files in web applications using HTTP GET requests and a wordlist. It efficiently discovers unlinked resources that are not exposed via normal navigation, which is critical for information gathering during a penetration test.

Exam trap

The trap here is that candidates confuse vulnerability scanners (Nikto) or technology fingerprinters (Wappalyzer) with directory brute-forcing tools, leading them to select options that serve different phases of the penetration testing methodology.

99
MCQeasy

A penetration tester wants to use Google dorking to find publicly accessible documents containing sensitive information on a target domain 'example.com'. Which Google dork would be MOST appropriate to locate PDF files with the word 'confidential'?

A.site:example.com intitle:confidential pdf
B.filetype:pdf site:example.com password
C.site:example.com filetype:pdf confidential
D.site:example.com inurl:pdf confidential
AnswerC

Correct. This dork specifically targets PDFs on the domain containing 'confidential'.

Why this answer

Option C is correct because the Google dork 'site:example.com filetype:pdf confidential' combines the site restriction to the target domain, the filetype filter for PDFs, and the keyword 'confidential' to search for PDF documents containing that word. This directly matches the requirement to locate publicly accessible PDF files with the word 'confidential' on example.com.

Exam trap

The trap here is that candidates often confuse 'filetype:pdf' with 'inurl:pdf' or 'intitle:pdf', not realizing that 'filetype' specifically filters by file extension, while 'inurl' and 'intitle' search for text in the URL or title, which may not correspond to actual PDF files.

How to eliminate wrong answers

Option A is wrong because 'intitle:confidential pdf' searches for the word 'confidential' in the page title and the literal word 'pdf' anywhere in the page, not for PDF files containing 'confidential'. Option B is wrong because it searches for PDF files containing the word 'password', not 'confidential'. Option D is wrong because 'inurl:pdf confidential' looks for the string 'pdf' in the URL and the word 'confidential' anywhere on the page, which does not guarantee the file is a PDF and may miss PDFs with 'confidential' in the content.

100
Multi-Selectmedium

A penetration tester is conducting a vulnerability scan of a Linux server using OpenVAS. Which TWO scan configurations would provide the MOST comprehensive results? (Select TWO.)

Select 2 answers
A.Scan using the 'Full and fast' configuration
B.Scan using only the 'Discovery' category
C.Authenticated scan with SSH credentials
D.Scan using the 'Denial of Service' configuration
E.Unauthenticated scan with default settings
AnswersA, C

Correct. Full and fast includes all plugins and is comprehensive.

Why this answer

Authenticated scans with credentials allow the scanner to log in and check for missing patches, misconfigurations, and vulnerabilities that are not visible externally. Full and fast scan configurations are typical for comprehensive coverage.

101
MCQeasy

When performing vulnerability scanning, which of the following best describes a false positive?

A.A vulnerability that is correctly identified and verified.
B.A vulnerability that is exploited during the test.
C.A vulnerability that the scanner reports but does not actually exist.
D.A vulnerability that exists but the scanner fails to detect it.
AnswerC

A false positive is an incorrect identification of a vulnerability.

Why this answer

A false positive in vulnerability scanning occurs when the scanner reports a vulnerability that does not actually exist. This is option C. False positives are caused by factors such as overly aggressive signature matching, misconfigured scan profiles, or incomplete verification of service responses.

They waste resources by prompting unnecessary remediation efforts.

Exam trap

The trap here is confusing false positives with false negatives; candidates often pick option D because they misremember the definition, but false negatives are missed vulnerabilities, not incorrect reports.

How to eliminate wrong answers

Option A is wrong because a vulnerability that is correctly identified and verified is a true positive, not a false positive. Option B is wrong because a vulnerability that is exploited during the test is a confirmed exploit, not a false positive; false positives are not exploitable. Option D is wrong because a vulnerability that exists but the scanner fails to detect it is a false negative, not a false positive.

102
Multi-Selectmedium

A penetration tester is conducting passive reconnaissance using OSINT techniques. Which TWO of the following are examples of passive OSINT sources?

Select 2 answers
A.Social engineering
B.Certificate transparency logs (crt.sh)
C.snmpwalk
D.WHOIS databases
E.Nmap SYN scan
AnswersB, D

Certificate logs are publicly accessible and passive.

Why this answer

Certificate transparency logs (crt.sh) are a passive OSINT source because they provide publicly accessible records of SSL/TLS certificates issued for domains. A penetration tester can query these logs without interacting with the target's systems, making it a non-intrusive information-gathering technique.

Exam trap

Cisco often tests the distinction between passive reconnaissance (no direct interaction with the target) and active reconnaissance (generates traffic or requires interaction), and candidates may mistakenly classify tools like snmpwalk or Nmap scans as passive because they are automated or do not require credentials.

103
Multi-Selectmedium

A penetration tester is performing active reconnaissance on a web application and wants to discover hidden API endpoints. Which TWO tools are BEST suited for this task? (Select TWO.)

Select 2 answers
A.Wappalyzer
B.Nikto
C.theHarvester
D.Feroxbuster
E.Gobuster
AnswersD, E

Correct. Feroxbuster is a fast directory/file bruteforcer.

Why this answer

Gobuster can be used to bruteforce directories and files, including API paths. Feroxbuster is a similar tool written in Rust that is faster and supports recursion. Both are effective for API endpoint discovery.

104
MCQmedium

You are tasked with identifying the technologies used by a web application (e.g., web server, frameworks, libraries) during the reconnaissance phase. Which tool would you use?

A.Gobuster
B.theHarvester
C.Nmap
D.WhatWeb
AnswerD

WhatWeb is specifically designed for web technology identification.

Why this answer

WhatWeb is a tool for fingerprinting web technologies. It identifies software, frameworks, and other components by analyzing HTTP responses and page content. Wappalyzer is a browser extension but WhatWeb is command-line and scriptable.

105
Multi-Selectmedium

A penetration tester is preparing to perform an authenticated vulnerability scan of a network. Which THREE of the following are important considerations before starting the scan? (Select THREE.)

Select 3 answers
A.Using default community strings for SNMP
B.Configuring the scanner to use the appropriate credentials
C.Ensuring the scan will not disrupt production services
D.Selecting a random scan time to avoid detection
E.Obtaining written authorization from the target organization
AnswersB, C, E

Credentials are required for authenticated scans; using wrong credentials leads to incomplete results.

Why this answer

Authenticated scans require valid credentials to log into systems for deeper assessment. It's important to understand the risk of service disruption, ensure credentials have appropriate privileges, and obtain written authorization to avoid legal issues.

106
MCQmedium

While performing web application reconnaissance, a tester wants to enumerate hidden directories and files on a web server. Which of the following tools is specifically designed for directory brute-forcing?

A.Nikto
B.Gobuster
C.WPScan
D.Nmap
AnswerB

Gobuster is a tool for directory/file and DNS subdomain brute-forcing, commonly used in web app recon.

Why this answer

Gobuster is specifically designed for directory brute-forcing by using a wordlist to discover hidden directories and files on a web server. It sends HTTP GET requests to the target and reports valid responses (e.g., 200, 301, 403), making it the correct tool for this task.

Exam trap

The trap here is that candidates may confuse Nikto's web scanning capabilities with directory brute-forcing, but Nikto's focus is on vulnerability detection rather than enumerating hidden paths via wordlists.

How to eliminate wrong answers

Option A is wrong because Nikto is a web server vulnerability scanner that checks for known vulnerabilities, outdated software, and misconfigurations, not a directory brute-forcer. Option C is wrong because WPScan is a specialized scanner for WordPress sites, focusing on themes, plugins, and user enumeration, not generic directory brute-forcing. Option D is wrong because Nmap is a network port scanner and host discovery tool, not designed for HTTP-based directory enumeration.

107
MCQmedium

A penetration tester is evaluating the security of a WordPress site. Which tool is specifically designed to scan WordPress installations for vulnerabilities?

A.Nessus
B.WPScan
C.OpenVAS
D.Nikto
AnswerB

WPScan is specifically built for WordPress security assessments.

Why this answer

WPScan is a dedicated WordPress vulnerability scanner that checks for known vulnerabilities in WordPress core, plugins, and themes.

108
MCQeasy

In the context of OSINT, which resource would you use to find historical versions of a company's website that may reveal outdated information or hidden directories?

A.crt.sh
B.Censys
C.Shodan
D.Wayback Machine
AnswerD

The Wayback Machine archives historical versions of web pages.

Why this answer

The Wayback Machine (archive.org) is the correct resource because it archives historical snapshots of websites, allowing you to view past versions that may contain outdated information, hidden directories, or old configurations no longer present on the live site. This is a core OSINT technique for discovering legacy content or forgotten endpoints.

Exam trap

The trap here is that candidates confuse OSINT tools focused on current infrastructure (Shodan, Censys) or certificate data (crt.sh) with the only tool that provides historical web content snapshots, the Wayback Machine.

How to eliminate wrong answers

Option A is wrong because crt.sh is a certificate transparency log search tool that retrieves SSL/TLS certificates issued for domains, not historical website content or directory structures. Option B is wrong because Censys is a search engine for internet-connected devices and certificates, focusing on current network exposure and services, not archived web pages. Option C is wrong because Shodan is a search engine for internet-connected devices (e.g., IoT, servers, routers) and their banners, not for browsing historical versions of a website.

← PreviousPage 2 of 2 · 108 questions total

Ready to test yourself?

Try a timed practice session using only Ptp Recon Scanning questions.