CompTIA Security+ (SY0-601) — Question 103

An IT security manager requests a report on company information that is publicly available. The manager's concern is that malicious actors will be able to access the data without engaging in active reconnaissance. Which of the following is the MOST efficient approach to perform the analysis?

Answer options

• A. Provide a domain parameter to theHarvester tool.
• B. Check public DNS entries using dnsenum.
• C. Perform a Nessus vulnerability scan targeting a public company’s IP.
• D. Execute nmap using the options: scan all ports and sneaky mode.

Correct answer: A

Explanation

The correct answer is A because theHarvester is specifically designed to gather publicly available information about domains, making it the most efficient choice for this task. Options B and C, while useful, do not focus specifically on collecting data available without active reconnaissance, and D involves more intrusive scanning techniques that are not suitable for passive data collection.