PENTEST Information Gathering Practice Questions - PenTest+

Practice Information Gathering Questions Now

Start a timed practice session focusing on Information Gathering and Vulnerability Scanning topics from the PENTEST question bank.

Start PENTEST Practice Quiz →

PENTEST Information Gathering Question Bank (5 Questions)

Browse all 5 practice questions covering Information Gathering and Vulnerability Scanning for the PENTEST certification exam. Answers are intentionally hidden on this page so you can self-test first before checking results in quiz mode.

Question 1Reconnaissance & Enumeration
A penetration tester executes: `nmap -sS -p 1-1000 -T4 192.168.1.0/24`. What type of scan is being performed?
ATCP connect scan of common ports
BSYN stealth scan of ports 1-1000 at aggressive timing
CUDP scan of all ports
DXMAS scan for firewall evasion
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start PENTEST Quiz
Question 2Reconnaissance & Enumeration
A penetration tester needs to scan a target without being detected by the intrusion detection system. Which Nmap technique is MOST useful for evasion?
Anmap -sT -T5 target
Bnmap -sS -f -T2 --data-length 24 target
Cnmap -sV -A target
Dnmap -sn target
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start PENTEST Quiz
Question 3Vulnerability Discovery & Analysis
A penetration tester is choosing between Nessus and OpenVAS for vulnerability scanning. Which statement is MOST accurate?
ANessus is open-source while OpenVAS is commercial only
BNessus is a commercial scanner with a large plugin database, while OpenVAS is open-source with community-maintained feeds
CBoth tools only scan web applications
DOpenVAS cannot detect vulnerabilities on Windows systems
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start PENTEST Quiz
Question 4Reconnaissance & Enumeration
A penetration tester wants to discover all live hosts on a /24 subnet without performing a port scan. Which Nmap command is MOST appropriate?
Anmap -sn 192.168.1.0/24
Bnmap -sS 192.168.1.0/24
Cnmap -sV 192.168.1.0/24
Dnmap -O 192.168.1.0/24
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start PENTEST Quiz
Question 5Reconnaissance & Enumeration
A penetration tester runs an Nmap scan and the output shows a port as 'open|filtered'. What does this mean?
AThe port is definitely open
BNmap cannot determine whether the port is open or filtered because it received no response
CThe port is closed
DThe scan was blocked by the tester's firewall
Answer hidden for practice.
Use the interactive quiz to reveal the correct answer and explanation.
Start PENTEST Quiz

Key Information Gathering Concepts for PENTEST

reconnaissanceosintnmapscanningenumerationvulnerability

PENTEST Information Gathering Exam Tips

Information Gathering and Vulnerability Scanning questions in PENTEST are typically scenario-based. Focus on service-level decision making aligned to official exam objectives. Priority concepts: reconnaissance, osint, nmap, scanning, enumeration, vulnerability.

What PENTEST Expects

Anchor your answer in select the most practical, secure, and scalable answer for the stated scenario.
Information Gathering scenarios for PENTEST are frequently mapped to Domain 2 (21%), Domain 3 (17%), so read the objective carefully before picking controls or architecture.
Expect multi-topic scenarios where Information Gathering interacts with security, networking, infrastructure, or troubleshooting patterns rather than appearing as an isolated question.
When two options are both technically valid, prefer the choice that best aligns with the exam's operational scope (Professional) and vendor best practices.

High-Value Information Gathering Concepts

Know the core Information Gathering building blocks cold: reconnaissance, osint, nmap, scanning.
Review the edge-case features and limits for enumeration, vulnerability; these details are commonly used to differentiate answer choices.
Practice service-integration reasoning: how Information Gathering pairs with Attacks & Exploits, Planning & Scoping in real deployment patterns.
For PENTEST, explain why the chosen Information Gathering design meets reliability, security, and cost expectations better than the alternatives.

Common PENTEST Traps

Watch for answers that partially solve the requirement but miss operational constraints.
Questions in Reconnaissance and Enumeration often include distractors that look correct for Information Gathering but violate security policy, performance, or reliability requirements.
Avoid picking options purely by feature name; validate data path, failure handling, and governance impact before answering.
If the prompt hints at automation or repeatability, eliminate manual-only operational answers first.

Fast Review Checklist

Can you compare at least two Information Gathering implementation paths and justify which one best fits the scenario?
Can you map the chosen answer back to Reconnaissance and Enumeration (21%) outcomes for PENTEST?
Can you explain security and access boundaries for Information Gathering without relying on default-open assumptions?
Can you describe how Information Gathering integrates with Attacks & Exploits and Planning & Scoping during failure, scaling, and monitoring events?

Exam Domains Covering Information Gathering

Domain 2Reconnaissance and Enumeration21%Domain 3Vulnerability Discovery and Analysis17%

Related Resources

🎯 Free PENTEST Mock Exam Attacks & Exploits Questions Planning & Scoping Questions

More PENTEST Study Resources

← PENTEST Study Hub 30-Day Study Plan Full Practice Exam

🔍 Information Gathering and Vulnerability Scanning - PENTEST Practice Questions