Bird
Raised Fist0
Cybersecurityknowledge~5 mins

Reconnaissance and information gathering in Cybersecurity - Cheat Sheet & Quick Revision

Choose your learning style10 modes available
LearnWhyDeepVisualPracticeChallengeProjectRecallTime

Start learning this pattern below

Jump into concepts and practice - no test required

or
Recommended
Test this pattern10 questions across easy, medium, and hard to know if this pattern is strong
Recall & Review
beginner
What is reconnaissance in cybersecurity?
Reconnaissance is the process of collecting information about a target system or network to find ways to exploit it.
Click to reveal answer
beginner
Name two types of reconnaissance.
The two main types are passive reconnaissance (gathering information without interacting directly with the target) and active reconnaissance (directly interacting with the target to collect data).
Click to reveal answer
intermediate
What is the difference between passive and active reconnaissance?
Passive reconnaissance collects information without alerting the target, like searching public websites. Active reconnaissance involves direct interaction, such as scanning the target's network.
Click to reveal answer
beginner
Give an example of a tool used for active reconnaissance.
Nmap is a popular tool used for active reconnaissance to scan networks and discover open ports and services.
Click to reveal answer
beginner
Why is reconnaissance important in cybersecurity?
It helps identify vulnerabilities and weaknesses in a system before launching an attack or to strengthen defenses by understanding potential threats.
Click to reveal answer
Which of the following is an example of passive reconnaissance?
APort scanning a target network
BSearching public social media profiles
CSending phishing emails
DExploiting a vulnerability
What does active reconnaissance usually involve?
AListening to radio broadcasts
BReading public documents
CWatching news about the target
DScanning target systems for open ports
Which tool is commonly used for network scanning during reconnaissance?
ANmap
BPhotoshop
CExcel
DWordPress
Why might an attacker perform reconnaissance before an attack?
ATo install antivirus software
BTo update their own system
CTo find weaknesses to exploit
DTo create a backup
Which of these is NOT a goal of reconnaissance?
ADirectly exploiting the system
BIdentifying vulnerabilities
CPlanning further attack steps
DGathering information about the target
Explain the difference between passive and active reconnaissance with examples.
Think about whether the target is aware of the information gathering.
You got /4 concepts.
    Why is reconnaissance a critical step in cybersecurity attacks and defenses?
    Consider both attacker and defender perspectives.
    You got /3 concepts.

      Practice

      (1/5)
      1. What is the main purpose of reconnaissance in cybersecurity?
      easy
      A. To gather information about a target system or network
      B. To fix vulnerabilities in software
      C. To encrypt data for security
      D. To create user accounts on a system

      Solution

      1. Step 1: Understand the role of reconnaissance

        Reconnaissance is the initial phase where information about a target is collected to plan further actions.

      2. Step 2: Identify the correct purpose

        Among the options, only gathering information fits the reconnaissance phase.

      3. Final Answer:

        To gather information about a target system or network -> Option A

      4. Quick Check:

        Reconnaissance = Information gathering [OK]
      Hint: Reconnaissance means collecting info first [OK]
      Common Mistakes:
      • Confusing reconnaissance with fixing or attacking
      • Thinking it involves encryption
      • Assuming it creates accounts
      2. Which of the following commands is commonly used for passive reconnaissance to find domain information?
      easy
      A. ping
      B. nmap
      C. whois
      D. netstat

      Solution

      1. Step 1: Identify passive reconnaissance tools

        Passive reconnaissance collects data without interacting directly with the target system.

      2. Step 2: Match command to passive info gathering

        The whois command queries public domain registration info without contacting the target directly.

      3. Final Answer:

        whois -> Option C

      4. Quick Check:

        Passive info tool = whois [OK]
      Hint: whois shows domain info without touching target [OK]
      Common Mistakes:
      • Using ping which sends packets actively
      • Confusing nmap as passive (it scans actively)
      • Thinking netstat gathers external info
      3. Consider this command output from nmap -sP 192.168.1.0/30:
      Host 192.168.1.1 is up
Host 192.168.1.2 is up
Host 192.168.1.3 is down
Host 192.168.1.4 is up

      What does this output tell you?
      medium
      A. All hosts are unreachable
      B. Hosts 192.168.1.1, 1.2, and 1.4 are reachable; 1.3 is not
      C. Only 192.168.1.3 is reachable
      D. The scan failed due to syntax error

      Solution

      1. Step 1: Understand nmap ping scan output

        The -sP option checks which hosts respond to ping requests in the given IP range.

      2. Step 2: Interpret the output lines

        Hosts marked "is up" respond and are reachable; "is down" means no response.

      3. Final Answer:

        Hosts 192.168.1.1, 1.2, and 1.4 are reachable; 1.3 is not -> Option B

      4. Quick Check:

        Ping scan shows reachable hosts = 1.1, 1.2, 1.4 [OK]
      Hint: Look for 'is up' = reachable hosts [OK]
      Common Mistakes:
      • Assuming 'is down' means reachable
      • Thinking all hosts are unreachable
      • Confusing syntax error with normal output
      4. A user runs the command nslookup example.com but gets an error saying "server can't find example.com". What is the most likely cause?
      medium
      A. The DNS server is unreachable or misconfigured
      B. The domain example.com does not exist
      C. The user typed the command incorrectly
      D. The network cable is unplugged

      Solution

      1. Step 1: Understand nslookup error message

        The error "server can't find" usually means the DNS server queried cannot resolve the domain.

      2. Step 2: Analyze possible causes

        If the domain exists, the likely cause is DNS server issues, not user typo or physical network problems.

      3. Final Answer:

        The DNS server is unreachable or misconfigured -> Option A

      4. Quick Check:

        DNS error = server unreachable or misconfigured [OK]
      Hint: DNS errors often mean server issues, not typos [OK]
      Common Mistakes:
      • Assuming domain does not exist without checking
      • Blaming user typo without evidence
      • Thinking physical cable issues cause DNS errors
      5. You want to gather email addresses from a company website without alerting their security systems. Which reconnaissance method should you use?
      hard
      A. Active scanning with port scanners
      B. Brute force login attempts
      C. Sending phishing emails
      D. Passive reconnaissance by analyzing public web pages

      Solution

      1. Step 1: Understand active vs passive reconnaissance

        Active methods interact directly and can alert security; passive methods gather info without direct contact.

      2. Step 2: Choose method to avoid detection

        Analyzing public web pages is passive and safe for collecting emails without triggering alarms.

      3. Final Answer:

        Passive reconnaissance by analyzing public web pages -> Option D

      4. Quick Check:

        Safe info gathering = passive reconnaissance [OK]
      Hint: Use passive methods to avoid detection [OK]
      Common Mistakes:
      • Using active scans that trigger alerts
      • Trying brute force which is illegal and noisy
      • Confusing phishing with reconnaissance