Which Unix-like command is commonly used for DNS reconnaissance to gather information about name servers and mail exchanges?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which Unix-like command is commonly used for DNS reconnaissance to gather information about name servers and mail exchanges?

Explanation:
When doing DNS reconnaissance, you want a tool that can query DNS records and reveal how a domain is structured in terms of where it’s delegated and how email is handled. The dig command is ideal for this because it lets you request specific record types and see the exact data returned. For gathering information about name servers, you’d query for NS records to identify the domain’s authoritative name servers. For mail handling, you’d query for MX records to discover the mail exchangers used by the domain. Dig also supports targeting a particular DNS server and offers concise output with +short, which makes it easy to parse in scripts during an assessment. For example, dig NS example.com shows the domain’s name servers, and dig MX example.com reveals the mail servers. The other options aren’t as suitable: an SMTP command like RCPT TO is part of mail transfer, not DNS lookups; Showmount relates to NFS mounting and isn’t used for DNS; nslookup can perform similar queries but is less flexible and scripting-friendly than dig.

When doing DNS reconnaissance, you want a tool that can query DNS records and reveal how a domain is structured in terms of where it’s delegated and how email is handled. The dig command is ideal for this because it lets you request specific record types and see the exact data returned. For gathering information about name servers, you’d query for NS records to identify the domain’s authoritative name servers. For mail handling, you’d query for MX records to discover the mail exchangers used by the domain. Dig also supports targeting a particular DNS server and offers concise output with +short, which makes it easy to parse in scripts during an assessment. For example, dig NS example.com shows the domain’s name servers, and dig MX example.com reveals the mail servers. The other options aren’t as suitable: an SMTP command like RCPT TO is part of mail transfer, not DNS lookups; Showmount relates to NFS mounting and isn’t used for DNS; nslookup can perform similar queries but is less flexible and scripting-friendly than dig.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy