Computer Hacking Forensic Investigator (CHFI) — Question 137

You work as an IT security auditor hired by a law firm in Boston to test whether you can gain access to sensitive information about the company clients. You have rummaged through their trash and found very little information. You do not want to set off any alarms on their network, so you plan on performing passive foot printing against their Web servers. What tool should you use?

Answer options

• A. Ping sweep
• B. Nmap
• C. Netcraft
• D. Dig

Correct answer: C

Explanation

The correct answer is C, Netcraft, as it specializes in providing detailed information about web servers without actively probing the network, thus allowing for passive footprinting. Options A and B, Ping sweep and Nmap, involve active scanning techniques that could trigger alarms. Option D, Dig, is used for DNS queries but does not offer the comprehensive web server information that Netcraft does.