Where should a security tester be looking for information that could be used by an attacker against
an organization? (Select all that apply)
A.
CHAT rooms
B.
WHOIS database
C.
News groups
D.
Web sites
E.
Search engines
F.
Organization’s own web site
Explanation:
A Security tester should search for information everywhere that he/she can access.
You never know where you find that small piece of information that could penetrate a strong
defense.