Welcome to the Information Gathering MCQs Page

Dive deep into the fascinating world of Information Gathering with our comprehensive set of Multiple-Choice Questions (MCQs). This page is dedicated to exploring the fundamental concepts and intricacies of Information Gathering, a crucial aspect of CompTIA PenTest+ Certification Exam PT0 002. In this section, you will encounter a diverse range of MCQs that cover various aspects of Information Gathering, from the basic principles to advanced topics. Each question is thoughtfully crafted to challenge your knowledge and deepen your understanding of this critical subcategory within CompTIA PenTest+ Certification Exam PT0 002.

Check out the MCQs below to embark on an enriching journey through Information Gathering. Test your knowledge, expand your horizons, and solidify your grasp on this vital area of CompTIA PenTest+ Certification Exam PT0 002.

Note: Each MCQ comes with multiple answer choices. Select the most appropriate option and test your understanding of Information Gathering. You can click on an option to test your knowledge before viewing the solution for a MCQ. Happy learning!

Information Gathering MCQs | Page 15 of 17

Explore more Topics under CompTIA PenTest+ Certification Exam PT0 002

01

Penetration Testing

02

Planning and Scoping Penetration Tests 🔒

03

Vulnerability Scanning 🔒

04

Analyzing Vulnerability Scans

05

Exploiting and Pivoting 🔒

06

Exploiting Network Vulnerabilities 🔒

07

Exploiting Physical and Social Vulnerabilities

08

Exploiting Application Vulnerabilities 🔒

09

Attacking Hosts,Cloud Technologies and Specialized Systems 🔒

10

Reporting and Communication

11

Scripting for Penetration Testing 🔒

Q141.

What is passive reconnaissance, often referred to as open source intelligence (OSINT)?

Gathering information by interacting with target systems

Gathering information from third-party sources without interacting with the target's systems and networks

Scanning and querying network devices actively

Interacting with services to determine their capabilities

Discuss

Answer: (b).Gathering information from third-party sources without interacting with the target's systems and networks Explanation:Passive reconnaissance, often called open source intelligence (OSINT), involves gathering information from third-party sources without interacting with the target's systems and networks.

Q142.

What is an example of a technique used in active reconnaissance?

Scraping websites

Reviewing metadata from documents

Gathering information from social media

Reviewing public records and databases

Discuss

Answer: (a).Scraping websites Explanation:Scraping websites is an example of a technique used in active reconnaissance.

Q143.

What is described as an important element of active reconnaissance in information gathering?

Gathering metadata from documents

Scraping websites

Port scanning

Reviewing public records and databases

Discuss

Answer: (c).Port scanning Explanation:Port scanning is described as an important element of active reconnaissance in information gathering.

Q144.

Why is information gathering considered the foundation for each successive phase of a penetration test?

It is the only phase that directly interacts with the target systems.

It provides the penetration tester with access to the target's sensitive data.

It helps build a comprehensive understanding of the target's infrastructure.

It is the final phase that determines the success of the penetration test.

Discuss

Answer: (c).It helps build a comprehensive understanding of the target's infrastructure. Explanation:Information gathering is considered the foundation for each successive phase of a penetration test because it helps build a comprehensive understanding of the target's infrastructure.

Q145.

What is a skill that successful penetration testers must possess in relation to information gathering?

Mastering all tools equally

Ignoring common tools like Nmap

Recognizing where each technique and tool can be used appropriately

Using tools exclusively for passive reconnaissance

Discuss

Answer: (c).Recognizing where each technique and tool can be used appropriately Explanation:Successful penetration testers must possess the skill of recognizing where each technique and tool can be used appropriately in information gathering.

Q146.

What is the primary characteristic of passive information gathering (OSINT)?

Directly interacting with the organization's systems

Relying on third-party information sources

Using interactive assessment techniques

Targeting attacks effectively

Discuss

Answer: (b).Relying on third-party information sources Explanation:The primary characteristic of passive information gathering (OSINT) is relying on third-party information sources.

Q147.

What types of information can be gathered as part of an OSINT effort in passive information gathering?

Interactions with target systems and services

Direct scans of target systems

Data about the organization’s domains, IP ranges, software, employees, finances, and technologies

Use of active reconnaissance search engines like Shodan and Censys

Discuss

Answer: (c).Data about the organization’s domains, IP ranges, software, employees, finances, and technologies Explanation:Data about the organization’s domains, IP ranges, software, employees, finances, and technologies can be gathered as part of an OSINT effort in passive information gathering.

Q148.

What does enumeration provide for penetration testers?

A list of potential targets for testing, social engineering, or other techniques

Direct interactions with target systems

Detailed information about application interfaces

Information about token usage in the organization

Discuss

Answer: (a).A list of potential targets for testing, social engineering, or other techniques Explanation:Enumeration provides a list of potential targets for testing, social engineering, or other techniques for penetration testers.

Q149.

What is the purpose of active reconnaissance in a penetration test?

To perform direct interactions with target systems

To gather information from passive reconnaissance search engines

To avoid detection during information gathering

To target attacks effectively by interacting with target systems and services

Discuss

Answer: (d).To target attacks effectively by interacting with target systems and services Explanation:The purpose of active reconnaissance in a penetration test is to target attacks effectively by interacting with target systems and services.

Q150.

What is an important aspect of understanding how to gather information about applications in penetration tests?

Decompiling every application encountered

Knowing how to read source code and find useful information in compiled code

Ignoring the basics of code analysis

Relying solely on interactive assessment techniques

Discuss

Answer: (b).Knowing how to read source code and find useful information in compiled code Explanation:An important aspect of understanding how to gather information about applications in penetration tests is knowing how to read source code and find useful information in compiled code.

Page 15 of 17

Planning and Scoping Penetration Tests 🔒

Vulnerability Scanning 🔒

Exploiting and Pivoting 🔒

Exploiting Network Vulnerabilities 🔒

Exploiting Application Vulnerabilities 🔒

Attacking Hosts,Cloud Technologies and Specialized Systems 🔒

Scripting for Penetration Testing 🔒

Welcome to the Information Gathering MCQs Page

Information Gathering MCQs | Page 15 of 17

Explore more Topics under CompTIA PenTest+ Certification Exam PT0 002

Penetration Testing

Analyzing Vulnerability Scans

Exploiting Physical and Social Vulnerabilities

Reporting and Communication

Suggested Topics

Wireless and Mobile Communications

Reverse Engineering

Embedded Systems

MS Office

Software Engineering

Discrete Mathematics

Object Oriented Programming Using C++

Computer Hardware

Microprocessor