1Which of the following best describes the primary objective of the footprinting phase in penetration testing?
A.To launch a Denial of Service (DoS) attack
B.To gain administrative access to the system
C.To gather as much information as possible about the target system or network
D.To install a backdoor for future access
Correct Answer: To gather as much information as possible about the target system or network
Explanation:
Footprinting is the pre-attack phase where the attacker gathers information (IP ranges, domain names, employee details) to create a blueprint of the target.
Incorrect! Try again.
2What is the key difference between Passive and Active footprinting?
A.Active footprinting generates log entries on the target system, while passive usually does not.
B.Passive footprinting is illegal, while active is legal.
C.Active footprinting uses open-source tools, while passive uses proprietary tools.
D.Passive footprinting involves direct interaction with the target, while active does not.
Correct Answer: Active footprinting generates log entries on the target system, while passive usually does not.
Explanation:
Passive footprinting relies on public information (OSINT) without touching the target's infrastructure. Active footprinting involves direct interaction (like pinging or scanning), which is detectable.
Incorrect! Try again.
3Which of the following is considered an OSINT (Open Source Intelligence) source?
A.Packet sniffing on a local LAN
B.Public social media profiles and WHOIS records
C.Intercepted internal company emails
D.Configuration files obtained via an exploit
Correct Answer: Public social media profiles and WHOIS records
Explanation:
OSINT refers to intelligence gathered from publicly available sources.
Incorrect! Try again.
4In the context of 'Google Hacking', what does the search operator filetype:pdf accomplish?
A.It searches for websites hosted on a PDF server.
B.It restricts search results to files with the .pdf extension.
C.It converts HTML pages to PDF.
D.It searches for the text 'pdf' in the URL.
Correct Answer: It restricts search results to files with the .pdf extension.
Explanation:
The filetype operator is used to filter search results to specific file extensions, often used to find leaked documents.
Incorrect! Try again.
5Which DNS record type would a penetration tester query to identify the mail servers of a target organization?
A.MX Record
B.CNAME Record
C.A Record
D.PTR Record
Correct Answer: MX Record
Explanation:
MX (Mail Exchange) records specify the mail servers responsible for accepting email messages on behalf of a domain.
Incorrect! Try again.
6What is the purpose of the archive.org 'Wayback Machine' in the context of information gathering?
A.To crack password hashes
B.To view historical versions of a website to find removed information
C.To conduct SQL injection attacks
D.To scan for open ports on a server
Correct Answer: To view historical versions of a website to find removed information
Explanation:
The Wayback Machine allows testers to view previous versions of a site, potentially revealing contact info, old staff members, or site structures that have since been removed.
Incorrect! Try again.
7Which tool is specifically designed to visualize relationships between people, groups, and companies using open-source intelligence?
A.Wireshark
B.Maltego
C.Metasploit
D.John the Ripper
Correct Answer: Maltego
Explanation:
Maltego is a data mining tool that renders directed graphs for link analysis, helping visualize relationships in OSINT data.
Incorrect! Try again.
8A penetration tester uses the search engine Shodan. What is Shodan primarily used for?
Shodan is a search engine for Internet-connected devices, often used to find vulnerable servers, webcams, and industrial control systems.
Incorrect! Try again.
9Which of the following activities is an example of Social Engineering?
A.Scanning a firewall for open ports
B.Manipulating an employee into revealing their password via a phone call
C.Performing a buffer overflow attack
D.Cracking a WiFi WPA2 handshake
Correct Answer: Manipulating an employee into revealing their password via a phone call
Explanation:
Social engineering relies on psychological manipulation of people to perform actions or divulging confidential information.
Incorrect! Try again.
10What is Dumpster Diving in the context of physical security vulnerabilities?
A.Jumping over a physical security turnstile
B.Deleting files from the trash bin
C.Searching through trash to find discarded sensitive documents
D.Hiding malware in the recycle bin
Correct Answer: Searching through trash to find discarded sensitive documents
Explanation:
Dumpster diving involves rummaging through waste to find bills, notes, or hardware that can provide intelligence about the target.
Incorrect! Try again.
11Which term describes a social engineering attack where the attacker follows an authorized person through a secure door without using a badge?
A.Spoofing
B.Tailgating
C.Phishing
D.Whaling
Correct Answer: Tailgating
Explanation:
Tailgating (or piggybacking) is physically following an authorized user into a restricted area.
Incorrect! Try again.
12In website information gathering, what file is checked to see which parts of the website the administrator wants to hide from search engine crawlers?
A.robots.txt
B.config.php
C.sitemap.xml
D.index.html
Correct Answer: robots.txt
Explanation:
The robots.txt file instructs web crawlers which directories or pages should not be indexed, often revealing sensitive or private directories to a tester.
Incorrect! Try again.
13Which psychological principle of persuasion (defined by Robert Cialdini) relies on the target's tendency to obey figures such as police officers or executives?
A.Authority
B.Liking
C.Consistency
D.Scarcity
Correct Answer: Authority
Explanation:
The principle of Authority suggests that people are hard-wired to comply with requests from perceived authority figures.
Incorrect! Try again.
14What is Phishing?
A.Sending fraudulent emails to induce individuals to reveal personal information
B.A physical attack on server hardware
C.Guessing passwords using a dictionary
D.Listening to network traffic
Correct Answer: Sending fraudulent emails to induce individuals to reveal personal information
Explanation:
Phishing involves sending deceptive communications (usually email) that appear to come from a reputable source.
Incorrect! Try again.
15Which social engineering technique specifically targets high-profile executives like CEOs or CFOs?
A.Dumpster Diving
B.Baiting
C.Vishing
D.Whaling
Correct Answer: Whaling
Explanation:
Whaling is a specific form of spear phishing aimed at high-value targets (the 'big fish').
Incorrect! Try again.
16What is Vishing?
A.Visual Hacking
B.Virtual Phishing
C.Video Phishing
D.Voice Phishing (using the telephone)
Correct Answer: Voice Phishing (using the telephone)
Explanation:
Vishing stands for Voice Phishing, where attackers use phone systems to steal information.
Incorrect! Try again.
17An attacker drops a USB drive labeled 'Payroll 2024' in the company parking lot, hoping an employee plugs it in. What type of attack is this?
A.Quid Pro Quo
B.Baiting
C.Tailgating
D.Pretexting
Correct Answer: Baiting
Explanation:
Baiting uses physical media (like a USB) and relies on the victim's curiosity or greed to compromise a system.
Incorrect! Try again.
18Which tool is commonly used to harvest email addresses and subdomains from public sources like search engines and PGP servers?
A.Wireshark
B.Aircrack-ng
C.Nmap
D.theHarvester
Correct Answer: theHarvester
Explanation:
theHarvester is a tool designed to gather emails, subdomains, hosts, employee names, open ports, and banners from public sources.
Incorrect! Try again.
19What information does the command nslookup primarily provide?
A.List of open ports
B.DNS records and IP address mapping
C.MAC addresses of local machines
D.Operating System version
Correct Answer: DNS records and IP address mapping
Explanation:
nslookup is a network administration command-line tool for querying the Domain Name System (DNS) to obtain domain name or IP address mapping.
Incorrect! Try again.
20In the context of physical security, what is Shoulder Surfing?
A.Browsing the internet on someone else's computer
B.Sharing a WiFi connection
C.Looking over a user's shoulder to view passwords or sensitive data
D.Using a ladder to climb over a wall
Correct Answer: Looking over a user's shoulder to view passwords or sensitive data
Explanation:
Shoulder surfing is a direct observation technique where the attacker watches the victim enter data.
Incorrect! Try again.
21Which social engineering attack involves creating a fabricated scenario to persuade a victim to release information?
A.Port Scanning
B.Sniffing
C.War Driving
D.Pretexting
Correct Answer: Pretexting
Explanation:
Pretexting involves creating an invented scenario (the pretext) to engage a victim in a manner that increases the chance the victim will divulge information.
Incorrect! Try again.
22What is the primary purpose of Competitive Intelligence gathering in footprinting?
A.To shut down a competitor's website
B.To install ransomware
C.To understand the target organization's market position, partners, and technologies
D.To steal physical assets from a competitor
Correct Answer: To understand the target organization's market position, partners, and technologies
Explanation:
Competitive intelligence involves analyzing a target's business environment, which may reveal tech stacks, employee habits, or partnerships that can be exploited.
Incorrect! Try again.
23When performing website mirroring (e.g., using HTTrack), what is the attacker attempting to do?
A.Inject SQL commands
B.Download a local copy of the website for offline analysis
C.Deface the website
D.Crash the web server
Correct Answer: Download a local copy of the website for offline analysis
Explanation:
Mirroring creates an offline copy of a site, allowing the attacker to analyze directory structures and source code without generating further traffic on the live target.
Incorrect! Try again.
24Which Google Dork operator would you use to find pages specifically containing the phrase 'login' in the URL?
A.intext:login
B.inurl:login
C.site:login
D.filetype:login
Correct Answer: inurl:login
Explanation:
inurl: restricts results to documents containing the specified word in the URL.
Incorrect! Try again.
25What allows an attacker to obtain a complete copy of the DNS database for a domain?
A.DNS Reflection
B.DNS Zone Transfer
C.DNS Cache Poisoning
D.DNS Spoofing
Correct Answer: DNS Zone Transfer
Explanation:
If a DNS server is misconfigured to allow Zone Transfers (AXFR) to unauthorized IPs, an attacker can get a list of all hosts in the domain.
Incorrect! Try again.
26Which of the following is an example of Passive Information Gathering?
A.Running a port scan with Nmap
B.Browsing the target's LinkedIn employee list
C.Attempting default passwords on a login page
D.Injecting XSS payloads
Correct Answer: Browsing the target's LinkedIn employee list
Explanation:
Browsing LinkedIn does not interact with the target's servers or network infrastructure, making it passive.
Incorrect! Try again.
27What is Smishing?
A.Phishing via Smart Mail
B.Phishing via Social Media
C.Phishing via SMTP
D.Phishing via SMS (Text Message)
Correct Answer: Phishing via SMS (Text Message)
Explanation:
Smishing is a security attack in which the user is tricked into downloading a Trojan horse or other malware via a text message (SMS).
Incorrect! Try again.
28In the context of the Human Psyche, 'Scarcity' creates a feeling of:
A.Urgency due to limited availability
B.Comfort in following the crowd
C.Obligation to return a favor
D.Trust in authority
Correct Answer: Urgency due to limited availability
Explanation:
Scarcity implies that an item or opportunity is limited, which pressures the victim to act quickly.
Incorrect! Try again.
29What is the Quid Pro Quo social engineering technique?
A.Promising a benefit in exchange for information
B.Looking through trash
C.Threatening the victim
D.Pretending to be a CEO
Correct Answer: Promising a benefit in exchange for information
Explanation:
Quid Pro Quo means 'something for something'. An attacker might offer a service (like IT support) in exchange for credentials.
Incorrect! Try again.
30Which tool can be used to extract Metadata (EXIF data) from images found on a target's website?
A.Ping
B.Traceroute
C.ExifTool
D.Netcat
Correct Answer: ExifTool
Explanation:
ExifTool is a platform-independent Perl library and command-line application for reading, writing, and editing meta information in image files.
Incorrect! Try again.
31What does the traceroute (or tracert) command help a penetration tester identify?
A.The content of the database
B.The passwords of users
C.The path packets take and intermediate routers (network topology)
D.The web server software version
Correct Answer: The path packets take and intermediate routers (network topology)
Explanation:
Traceroute maps the network path, showing hops (routers) between the source and destination.
Incorrect! Try again.
32What is Lock Picking classified as?
A.A physical security attack
B.A cryptographic attack
C.A network-based attack
D.A social engineering attack
Correct Answer: A physical security attack
Explanation:
Lock picking is the art of unlocking a lock by analyzing and manipulating the components of the lock device without the original key.
Incorrect! Try again.
33Which online database allows users to look up the ownership and contact details of a domain name?
A.NAT
B.WHOIS
C.ARP
D.DHCP
Correct Answer: WHOIS
Explanation:
WHOIS is a query and response protocol that is used for querying databases that store the registered users or assignees of an Internet resource.
Incorrect! Try again.
34What does the acronym OSINT stand for?
A.Open Source Intelligence
B.Official Security Intelligence
C.Operating System Integration
D.Open Source Internal Network Technology
Correct Answer: Open Source Intelligence
Explanation:
OSINT stands for Open Source Intelligence.
Incorrect! Try again.
35A hacker calls a receptionist claiming to be from the IT department and asks for the WiFi password to 'fix the network'. This is an example of:
A.Dumpster Diving
B.Buffer Overflow
C.SQL Injection
D.Impersonation
Correct Answer: Impersonation
Explanation:
Impersonation involves assuming the identity of a legitimate employee or trusted individual to gain access.
Incorrect! Try again.
36Which Google search operator restricts results to a specific domain (e.g., only showing results from example.com)?
A.site:example.com
B.domain:example.com
C.host:example.com
D.link:example.com
Correct Answer: site:example.com
Explanation:
The site: operator limits the search to the specified domain.
Incorrect! Try again.
37Why is Social Media scrubbing (gathering data from Facebook, LinkedIn, Twitter) valuable to a penetration tester?
A.It helps build a profile of employees for password guessing and social engineering.
B.It allows for physical access to the building.
C.It directly provides root access to servers.
D.It crashes the target's network.
Correct Answer: It helps build a profile of employees for password guessing and social engineering.
Explanation:
Personal details (pet names, birthdays, job titles) found on social media are often used in password guessing or crafting convincing phishing emails.
Incorrect! Try again.
38What is the best countermeasure against Dumpster Diving?
A.Using strong passwords
B.Shredding sensitive documents before disposal
C.Installing a firewall
D.Encrypting email
Correct Answer: Shredding sensitive documents before disposal
Explanation:
Physical destruction of documents (shredding/burning) prevents attackers from recovering data from trash.
Incorrect! Try again.
39In the context of Human Vulnerabilities, what does FOMO (Fear Of Missing Out) relate to?
A.Wireless encryption cracking
B.Physical bypassing of locks
C.Social engineering leveraging Urgency/Scarcity
D.Technical exploitations
Correct Answer: Social engineering leveraging Urgency/Scarcity
Explanation:
Attackers exploit the psychological trigger of FOMO (linked to Scarcity) to make victims click malicious links quickly.
Incorrect! Try again.
40What is Piggybacking in physical security?
A.An unauthorized person enters a secure area with the consent/knowledge of an authorized person.
B.Copying a hard drive.
C.Intercepting WiFi signals.
D.Using a brute force attack.
Correct Answer: An unauthorized person enters a secure area with the consent/knowledge of an authorized person.
Explanation:
While often used interchangeably with tailgating, Piggybacking technically implies the authorized person is aware and allows the unauthorized person to enter (e.g., holding the door out of politeness).
Incorrect! Try again.
41Which tool would you use to identify the technologies (CMS, Web Server, Frameworks) used by a website?
A.BuiltWith
B.Ping
C.Calculator
D.Notepad
Correct Answer: BuiltWith
Explanation:
BuiltWith is a website profiler tool that identifies technologies used on a website.
Incorrect! Try again.
42What is the risk of Reverse Image Searching an employee's profile picture?
A.It changes the employee's password.
B.It infects the computer with a virus.
C.It can reveal other social media profiles using the same image.
D.It deletes the image from the server.
Correct Answer: It can reveal other social media profiles using the same image.
Explanation:
Reverse image searching (e.g., via TinEye or Google Images) can find where else an image appears, linking different online identities.
Incorrect! Try again.
43Which DNS record type maps an IP address back to a hostname (Reverse DNS)?
A.MX
B.A
C.NS
D.PTR
Correct Answer: PTR
Explanation:
PTR (Pointer) records are used for reverse DNS lookups (IP to Hostname).
Incorrect! Try again.
44Which of the following describes Insider Threat?
A.A threat from a disgruntled or compromised employee within the organization.
B.An attack originating from outside the firewall.
C.A virus downloaded from the internet.
D.A denial of service attack from a botnet.
Correct Answer: A threat from a disgruntled or compromised employee within the organization.
Explanation:
Insider threats come from individuals who have authorized access to the organization's assets.
Incorrect! Try again.
45What type of information is found in the EDGAR database?
A.DNS records
B.Financial reports of publicly traded US companies
C.Criminal records
D.Email passwords
Correct Answer: Financial reports of publicly traded US companies
Explanation:
EDGAR is the SEC database for corporate financial reports, useful for gathering business intelligence.
Incorrect! Try again.
46The command ping is used primarily to test:
A.The speed of the CPU
B.The type of web server software
C.The strength of a password
D.Reachability of a host on an IP network
Correct Answer: Reachability of a host on an IP network
Explanation:
Ping sends ICMP Echo Request messages to verify if a host is reachable.
Incorrect! Try again.
47Which social engineering tactic relies on the principle of 'Social Proof' (Consensus)?
A.'I will give you a gift card if you help me.'
B.'Do this because the CEO said so.'
C.'This offer expires in 5 minutes.'
D.'Everyone else in the department has already updated their password.'
Correct Answer: 'Everyone else in the department has already updated their password.'
Explanation:
Social Proof is the psychological phenomenon where people assume the actions of others in an attempt to reflect correct behavior.
Incorrect! Try again.
48What is RFID Cloning?
A.Duplicating an email
B.Copying the data from an RFID badge to a blank card to gain physical access
C.Cloning a website
D.Copying a biological fingerprint
Correct Answer: Copying the data from an RFID badge to a blank card to gain physical access
Explanation:
RFID cloning involves capturing the radio signal from an access card and writing it to another card.
Incorrect! Try again.
49In the context of footprinting, what is the 'target address range'?
A.The physical distance between the hacker and the server
B.The list of email addresses
C.The range of WiFi signal
D.The set of IP addresses owned or used by the target organization
Correct Answer: The set of IP addresses owned or used by the target organization
Explanation:
Identifying the IP address range (netblock) is a crucial step in defining the scope of the technical assessment.
Incorrect! Try again.
50If a penetration tester finds a document with the extension .xls via Google Dorking, what kind of data are they likely looking at?
A.An Excel spreadsheet
B.A PDF document
C.A database backup
D.An executable program
Correct Answer: An Excel spreadsheet
Explanation:
.xls is the file extension for Microsoft Excel spreadsheets, which often contain sensitive data like financial info or employee lists.