Reconnaissance and Enumeration Questions
Practice questions for Reconnaissance and Enumeration topic in CompTIA PenTest+. 21 questions covering this domain.
A penetration tester uses the Shodan search engine during reconnaissance. What type of information can Shodan provide about a target organization?
A penetration tester wants to identify email addresses, subdomains, and employee names associated with a target company without sending any packets to...
During passive reconnaissance, a penetration tester reviews SSL/TLS certificate transparency logs for the target domain. What is the PRIMARY value of ...
A penetration tester is enumerating a target web application and discovers a robots.txt file that disallows crawlers from several directories. How sho...
During reconnaissance, a penetration tester runs the following command to gather information about a target domain:\n\n```bash\nnmap -sV -p 1-65535 19...
Which Nmap scan type sends TCP SYN packets and is considered a stealthy scan because it does not complete the full TCP three-way handshake?
A penetration tester is using Python to automate reconnaissance tasks. They write a script to iterate over a list of common subdomains and perform DNS...
Which tool is commonly used for network discovery and port scanning during the reconnaissance phase of a penetration test?
A penetration tester is performing DNS enumeration against a target domain and discovers that the target's DNS server responds to zone transfer reques...
Which type of reconnaissance involves gathering information about a target using publicly available sources without directly interacting with the targ...
A penetration tester needs to enumerate SNMP-enabled devices on a network to discover device configurations and community strings. Which tool is speci...
A penetration tester wants to discover live hosts on a network segment without triggering IDS alerts from TCP SYN scans. Which Nmap scan technique sen...
A penetration tester needs to identify all email addresses associated with a target domain for phishing simulation purposes. Which tool is specificall...
A penetration tester needs to enumerate SMB shares and check for null session vulnerabilities on a Windows target. Which tool is BEST suited for this ...
A penetration tester is enumerating a Windows Active Directory environment from a compromised domain-joined machine. Which command-line tool can be us...
Which Nmap script engine (NSE) category is specifically designed to enumerate and gather information about target services and applications?
During reconnaissance, a penetration tester wants to identify which web technologies a target website is using, such as the CMS, web server, and JavaS...
A penetration tester is analyzing a target company's LinkedIn employees and notices that many developers list experience with "GitLab CE 15.x" in thei...
Which OSINT technique involves searching for sensitive information accidentally exposed in search engine results, such as configuration files, login p...
A penetration tester is performing reconnaissance on a target organization and discovers a job posting listing specific software versions and technolo...
Sign in to see all 21 questions
Create a free account to browse all questions — completely free during our launch phase.