CompTIA Pentest+ Quiz Questions and Answers

Which technique is used during passive reconnaissance to map a user-defined hostname to the IP address or addresses with which it is associated?

Answer :
  • Forward DNS lookup

Explanation :

A forward DNS lookup queries the name server for a domain or hostname, for which the DNS server will then provide the associated IP address; this function is present at the heart of the internet, as the use of human-readable terms such as "google.com" in web browsers would fail without it. Put another way, in the absence of a service such as DNS, we would be required to use machine-readable logical addresses alone (that is, IP addresses) to do nearly anything across a network. A DNS zone transfer is a type of DNS transaction wherein a DNS database is replicated to the requesting system. DNS zone transfers can be of great benefit to penetration testers if internal corporate name servers permit them; knowledge of the entirety of an organization's IP space and hostnames can be of immense value in identifying potential targets during a penetration test. A reverse DNS lookup takes a user-provided IP address and then queries a name server for the host(s) or domain(s) with which that address is associated. Investigation is incorrect because it is not a term with an explicit definition in the lexicon of penetration testing.

Which free and GNU-licensed tool written for the Windows operating system family gathers information by scraping metadata from Microsoft Office documents, which can include usernames, e-mail addresses, and real names?

Answer :
  • FOCA

Explanation :

FOCA is a free, GNU-licensed tool that gathers information by scraping metadata from Microsoft Office documents, which can include usernames, e-mail addresses, and real names. Note that while FOCA can be run in Linux and Unix variants using WINE (a compatibility layer or interface that allows Windows applications to run on *nix operating systems), the question specifically mentions that the tool was written for Windows, rather than stating that it only runs in Windows. While Maltego and recon-ng are capable of scraping metadata from files with the use of transforms or modules, neither of these tools was written specifically for the Windows operating system family. Theharvester is limited to what can be pulled directly from a website; scraping the contents of files stored on a website is beyond its capabilities. In addition, theharvester is like Maltego and recon-ng in that it was not written specifically for the Windows operating system.

What is the process of assessing a target to collect preliminary knowledge about systems, software, networks, or people without directly engaging the target or its assets?

Answer :
  • Passive information gathering

Explanation :

Passive information gathering is the process of assessing a target to collect preliminary knowledge about systems, software, networks, or people without directly engaging the target or its assets. Reconnaissance is a broader term that can describe both passive and active information-gathering efforts. Web searching is just one specific activity which is performed while passive information gathering. Active information gathering is the process of collecting information about target systems, software, networks, or people in a manner which requires direct engagement with the target or its assets.

While footprinting an organization for a penetration test, you discover that a service it relies on uses FTP across port 14147 for data transfers. How could you refine a Shodan search to only reveal FTP servers on that port?

Answer :
  • FTP port:14147

Explanation :

Search and filter terms in Shodan must be provided in the format search_string filter:value. In the example given, FTP port:14147 will search for FTP connections available on the open Internet and then filter all but those running on port 14147 from the search results. The other options are incorrect because search and filter terms in Shodan must be provided in the format search_string filter:value.

Which of the following data sources is not a valid option in the harvester?

Answer :
  • Facebook

Explanation :

Although theharvester can query many data sources, Facebook is not one of them, which makes it the correct answer. Pay careful attention to questions that are stated with a negating term such as "is not" or "are not." Google, LinkedIn, and Twitter are all valid data sources for theharvester, making these incorrect choices for this question.

Which method of collecting open-source intelligence consists of the collection of published documents, such as Microsoft Office or PDF files, and parsing the information hidden within to reveal usernames, e-mail addresses, or other sensitive data?

Answer :
  • Metadata analysis

Explanation :

Metadata analysis is the term for collecting open-source intelligence by parsing published documents for information hidden within to reveal usernames, e-mail addresses, or other sensitive data.

Domain registration information returned on a Whois search does not include which of the following?

Answer :
  • Domain administrator GPS coordinates

Explanation :

Whois domain registration information can be quite detailed, the most one can expect to find concerning geographic location is a physical address

Open-source intelligence (OSINT) collection frameworks are used to effectively manage sources of collected information. Which of the following best describes open-source intelligence?

Answer :
  • Any information or data obtained via publicly available sources that is used to aid or drive decision-making processes

Explanation :

Any information or data obtained via publicly available sources that is used to aid or drive decision-making processes

What is the process by which large data sets are analyzed to reveal patterns or hidden anomalies?

Answer :
  • Data mining

Explanation :

Data mining is the process by which large data sets are analyzed to reveal patterns or hidden anomalies.

Which of the following search engines is not used by FOCA when searching for documents?

Answer :
  • Google

Explanation :

Yahoo is not used by FOCA when it searches for documents, making this the correct answer.