Which of the following is a passive information gathering technique?

  1. Reviewing public DNS records ✓
  2. Performing a vulnerability scan
  3. Attempting SQL injection
  4. Running a port scan against the target

Correct answer: Reviewing public DNS records

Option A is correct because reviewing public DNS records is a passive technique that gathers information without directly interacting with the target's systems, using only publicly available data sources. Option B is incorrect because a vulnerability scan actively probes target hosts, generating network traffic and log entries on the target. Option C is incorrect because attempting SQL injection is an active exploitation technique that directly interacts with and attacks the target application. Option D is incorrect because running a port scan sends packets directly to the target, which constitutes active reconnaissance and is detectable by the target.

Topic: · passive reconnaissance, osint, information gathering, dns

Practice CompTIA PenTest+ (PT0-002) Questions Free