About This Domain
Domain 2 — Information Gathering and Vulnerability Scanning — accounts for 22% of the PENTEST certification exam. This domain evaluates your understanding of passive and active reconnaissance, nmap scan types, osint techniques, and related concepts. Recon, scanning, and enumeration. To pass this section you need practical knowledge of how these technologies work together.
What You'll Be Tested On
- Passive and active reconnaissance
- Nmap scan types
- OSINT techniques
- Vulnerability scanning
Key Technologies in This Domain
Study Strategy for Domain 2
While 22% might seem like a smaller portion, every point counts toward the passing score.
Exam Tips for Domain 2
Know Nmap flags: -sS (SYN), -sT (TCP connect), -sU (UDP), -A (aggressive).
Frequently Asked Questions
How many questions come from Domain 2?
Domain 2 (Information Gathering and Vulnerability Scanning) makes up 22% of the PENTEST exam.
What should I focus on for Domain 2?
Key topics include Information Gathering.
How should I prepare for Information Gathering and Vulnerability Scanning questions?
Review key topics, then practice with domain-specific questions focusing on real-world scenarios.
What's the best order to study PENTEST domains?
Start with highest-weighted: Planning and Scoping (14%), Information Gathering and Vulnerability Scanning (22%), Attacks and Exploits (30%), Reporting and Communication (18%).
Practice Domain 2 Questions
Test your knowledge of Information Gathering and Vulnerability Scanning with practice questions from our PENTEST question bank.
Start Practice Quiz →