Welcome to the Information Gathering MCQs Page

Dive deep into the fascinating world of Information Gathering with our comprehensive set of Multiple-Choice Questions (MCQs). This page is dedicated to exploring the fundamental concepts and intricacies of Information Gathering, a crucial aspect of CompTIA PenTest+ Certification Exam PT0 002. In this section, you will encounter a diverse range of MCQs that cover various aspects of Information Gathering, from the basic principles to advanced topics. Each question is thoughtfully crafted to challenge your knowledge and deepen your understanding of this critical subcategory within CompTIA PenTest+ Certification Exam PT0 002.

Check out the MCQs below to embark on an enriching journey through Information Gathering. Test your knowledge, expand your horizons, and solidify your grasp on this vital area of CompTIA PenTest+ Certification Exam PT0 002.

Note: Each MCQ comes with multiple answer choices. Select the most appropriate option and test your understanding of Information Gathering. You can click on an option to test your knowledge before viewing the solution for a MCQ. Happy learning!

Information Gathering MCQs | Page 16 of 17

Explore more Topics under CompTIA PenTest+ Certification Exam PT0 002

01

Penetration Testing

02

Planning and Scoping Penetration Tests 🔒

03

Vulnerability Scanning 🔒

04

Analyzing Vulnerability Scans

05

Exploiting and Pivoting 🔒

06

Exploiting Network Vulnerabilities 🔒

07

Exploiting Physical and Social Vulnerabilities

08

Exploiting Application Vulnerabilities 🔒

09

Attacking Hosts,Cloud Technologies and Specialized Systems 🔒

10

Reporting and Communication

11

Scripting for Penetration Testing 🔒

Q151.

Megan runs the following Nmap scan:
nmap -sU -sT -p 1-65535 example.com

What information will she not receive?

TCP services

The state of the service

UDP services

A list of vulnerable services

Discuss

Answer: (d).A list of vulnerable services Explanation:This is a port scan, not a vulnerability scan, so Megan will not be able to determine if the services are vulnerable just from this scan. The Nmap scan will show the state of the ports, both TCP and UDP.

Q152.

Tom wants to find metadata about an organization using a search engine. What tool from the following list should he use?

ExifTool

MetaSearch

FOCA

Nmap

Discuss

Answer: (c).FOCA Explanation:FOCA, or Fingerprinting Organizations with Collected Archives, is a useful tool for searching for metadata via search engines. ExifTool is used for individual files. Although Nmap has many functions, it isn’t used for metadata searches via search engines.

Q153.

After running an Nmap scan of a system, Zarmeena discovers that TCP ports 139, 443, and 3389 are open. What operating system is she most likely to discover running on the system?

Windows

Android

Linux

iOS

Discuss

Answer: (a).Windows Explanation:Zarmeena knows that TCP ports 139, 445, and 3389 are all commonly used for Windows services. Although those ports could be open on a Linux, Android, or iOS device, Windows is her best bet.

Q154.

Charles runs an Nmap scan using the following command:
nmap -sT -sV -T2 -p 1-65535 example.com

After watching the scan run for over two hours, he realizes that he needs to optimize the scan. Which of the following is not a useful way to speed up his scan?

Only scan via UDP to improve speed.

Change the scan timing to 3 or faster.

Change to a SYN scan.

Use the default port list.

Discuss

Answer: (a).Only scan via UDP to improve speed. Explanation:Only scanning via UDP will miss any TCP services. Since the great majority of services in use today are provided as TCP services, this would not be a useful way to conduct the scan. Setting the scan to faster timing (3 or faster), changing from a TCP connect scan to a TCP SYN scan, or limiting the number of ports tested are all valid ways to speed up a scan. Charles needs to remain aware of what those changes can mean, since a fast scan may be detected or cause greater load on a network, and scanning fewer ports may miss some ports.

Q155.

Karen identifies TCP ports 8080 and 8443 open on a remote system during a port scan. What tool is her best option to manually validate the services running on these ports?

SSH

SFTP

Telnet

A web browser

Discuss

Answer: (d).A web browser Explanation:Karen knows that many system administrators move services from their common service ports to alternate ports and that 8080 and 8443 are likely alternate HTTP (TCP 80) and HTTPS (TCP 443) server ports, and she will use a web browser to connect to those ports to check them. She could use Telnet for this testing, but it requires significantly more manual work to gain the same result, making it a poor second choice unless Karen doesn’t have another option.

Q156.

Angela recovered a PNG image during the early intelligence-gathering phase of a penetration test and wants to examine it for useful metadata. What tool could she most successfully use to do this?

ExifTool

Grep

PsTools

Nginx

Discuss

Answer: (a).ExifTool Explanation:ExifTool is designed to pull metadata from images and other files. Grep may be useful to search for specific text in a file, but it won’t pull the range of possible metadata from the file. PsTools is a Windows Sysinternals package that includes a variety of process-oriented tools. Nginx is a web server, load balancer, and multipurpose application services stack.

Q157.

During an Nmap scan, Casey uses the -O flag. The scan identifies the host as follows:
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6
OS details: Linux 2.6.9 - 2.6.33

What can she determine from this information?

The Linux distribution installed on the target

The patch level of the installed Linux kernel

The date the remote system was last patched

That the system is running a Linux 2.6 kernel between .9 and .33

Discuss

Answer: (d).That the system is running a Linux 2.6 kernel between .9 and .33 Explanation:OS identification in Nmap is based on a variety of response attributes. In this case, Nmap’s best guess is that the remote host is running a Linux 2.6.9–2.6.33 kernel, but it cannot be more specific. It does not specify the distribution, the patch level, or when the system was last patched.

Q158.

What is the full range of ports that a UDP service can run on?

1–1024

1–16,383

1–32,767

1–65,535

Discuss

Answer: (d).1–65,535 Explanation:The full range of ports available to both TCP and UDP services is 1–65,535. Although port 0 exists, it is a reserved port and shouldn’t be used.

Q159.

Steve is working from an unprivileged user account that was obtained as part of a penetration test. He has discovered that the host he is on has Nmap installed, and he wants to scan other hosts in his subnet to identify potential targets as part of a pivot attempt. What Nmap flag will Steve probably have to use to successfully scan hosts from this account?

-sV

-u

CoA

-sT

Discuss

Answer: (d).-sT Explanation:The TCP connect scan is often used when an unprivileged account is the tester’s only option. Linux systems typically won’t allow an unprivileged account to have direct access to create packets, but they will allow accounts to send traffic. Steve probably won’t be able to use a TCP SYN scan, but a connect scan is likely to work. The other flags shown are for version testing (-sV) and output type selection (-oA), and -u doesn’t do anything at all.

Q160.

Which of the following provides information about a domain’s registrar and physical location?

Nslookup

host

WHOIS

raceroute

Discuss

Answer: (c).WHOIS Explanation:WHOIS provides information that can include the organization’s physical address, registrar, contact information, and other details. Nslookup will provide IP address or hostname information, whereas the host command provides IPv4 and IPv6 addresses as well as email service information. Traceroute attempts to identify the path to a remote host as well as the systems along the route.

Page 16 of 17

Planning and Scoping Penetration Tests 🔒

Vulnerability Scanning 🔒

Exploiting and Pivoting 🔒

Exploiting Network Vulnerabilities 🔒

Exploiting Application Vulnerabilities 🔒

Attacking Hosts,Cloud Technologies and Specialized Systems 🔒

Scripting for Penetration Testing 🔒

Welcome to the Information Gathering MCQs Page

Information Gathering MCQs | Page 16 of 17

Explore more Topics under CompTIA PenTest+ Certification Exam PT0 002

Penetration Testing

Analyzing Vulnerability Scans

Exploiting Physical and Social Vulnerabilities

Reporting and Communication

Suggested Topics

MySQL Database

Object Oriented Programming

Reverse Engineering

Computer Graphics

Systems Analysis and Design Methods

Python

Cloud Computing

PHP

Systems Programming