How would you enumerate subdomains for a given AWS application domain?
Correct Answer: A
Explanation:
1. Use a subdomain wordlist with subfinder or amass: subfinder -d example.com -o subs.txt 2. Validate with dnsx: dnsx -l subs.txt -a -resp 3. Use Google/Bing dorking for additional subdomain discovery. 4. Check for AWS-specific naming like dev.example.com.s3.amazonaws.com 5. Test discovered subdomains for active services or exposed APIs.
Question 2
Describe how to crawl and spider an AWS-hosted application to enumerate all reachable endpoints and parameterized pages.
Correct Answer: A
Explanation:
1. Use Burp Suite → Target → Site Map to crawl automatically. 2. Or run: gospider -s https://example.com -o spider_output/ 3. Parse the output for URLs, JS endpoints, and hidden paths. 4. Look for API endpoints and potential S3 links or tokens. 5. Feed discovered endpoints into fuzzers or scanners.
Question 3
How would you perform content discovery on a web server hosted in AWS to find hidden files and directories?
Correct Answer: A
Explanation:
1. Use ffuf or dirsearch: ffuf -u https://example.com/FUZZ -w /usr/share/wordlists/dirb/common.txt 2. Analyze the HTTP response codes for valid directories (e.g., 200/403). 3. Modify extensions: add .php, .bak, .zip, etc. 4. Add -e flag in ffuf for extension fuzzing: -e .php,.html,.bak 5. Explore valid paths manually or with tools like Burp Suite.
Demo Practice Mode
You are viewing only the questions marked as Demo.