Certified Secure Software Lifecycle Professional (CSSLP) — Question 4

John works as a professional Ethical Hacker. He has been assigned the project of testing the security of www.we-are-secure.com. In order to do so, he performs the following steps of the pre-attack phase successfully: Information gathering Determination of network range Identification of active systems Location of open ports and applications Now, which of the following tasks should he perform next?

Answer options

• A. Perform OS fingerprinting on the We-are-secure network.
• B. Map the network of We-are-secure Inc.
• C. Install a backdoor to log in remotely on the We-are-secure server.
• D. Fingerprint the services running on the we-are-secure network.

Correct answer: O, S, D, B, O, S

Explanation

The correct next step is to perform OS fingerprinting (Option A) to determine the operating systems of the identified active systems. Mapping the network (Option B) is useful but typically follows OS fingerprinting, while installing a backdoor (Option C) is unethical and not a part of the ethical hacking process. Fingerprinting services (Option D) is also part of the process, but understanding the OS is crucial first.