🔥 3-day streak
CompTIA PenTest+ (PT0-003)34 / 175
Question 34 of 175

During the passive reconnaissance phase of an external assessment, a penetration tester wants to identify as many subdomains and internal hostnames as possible for the target domain example.com. The tester notices the authoritative name server ns1.example.com responds to queries. Which command is MOST likely to reveal a complete list of the organization's DNS records if the server is misconfigured?

Reviewed for accuracy · Report an issueNext question