Certified Ethical Hacker (CEH v12) — Question 220

A penetration tester is tasked with gathering information about the subdomains of a target organization's website. The tester needs a versatile and efficient solution for the task. Which of the following options would be the most effective method to accomplish this goal?

Answer options

• A. Analyzing LinkedIn profiles to find employees of the target company and their job titles
• B. Employing a tool like Sublist3r, which is designed to enumerate the subdomains of websites using OSINT
• C. Using a people search service, such as Spokeo or Intelius, to gather information about the employees of the target organization
• D. Utilizing the Harvester tool to extract email addresses related to the target domain using a search engine like Google or Bing

Correct answer: B

Explanation

The correct answer is B because Sublist3r is specifically engineered to enumerate subdomains using OSINT techniques, making it the most efficient choice for the task. Options A and C focus on gathering employee information, which does not directly relate to subdomain discovery, while option D, although useful for gathering emails, does not serve the primary goal of identifying subdomains.