CompTIA PenTest+ (PT0-002) — Question 441

A company that requires minimal disruption to its daily activities needs a penetration tester to perform information gathering around the company's web presence.
Which of the following would the tester find MOST helpful in the initial information-gathering steps? (Choose two.)

Answer options

• A. MX records
• B. Zone transfers
• C. DNS forward and reverse lookups
• D. Internet search engines
• E. Externally facing open ports
• F. Shodan results

Correct answer: C, D

Explanation

DNS forward and reverse lookups (C) are essential for understanding the domain's structure and IP address mapping, while Internet search engines (D) provide a wealth of publicly available information about the company. The other options, while useful, do not offer the same breadth of initial data needed for effective information gathering.