Certified Ethical Hacker (CEH) — Question 100
A penetration tester was hired to perform a penetration test for a bank. The tester began searching for IP ranges owned by the bank, performing lookups on the bank's DNS servers, reading news articles online about the bank, watching what times the bank employees come into work and leave from work, searching the bank's job postings (paying special attention to IT related jobs), and visiting the local dumpster for the bank's corporate office. What phase of the penetration test is the tester currently in?
Answer options
- A. Information reporting
- B. Vulnerability assessment
- C. Active information gathering
- D. Passive information gathering
Correct answer: D
Explanation
The correct answer is D, Passive information gathering, as the tester is collecting information without directly interacting with the bank's systems. The other options involve more active engagement with the target, such as scanning for vulnerabilities or reporting findings, which is not occurring at this stage.