About This Domain

Domain 2 — Reconnaissance and Enumeration — accounts for 21% of the PENTEST certification exam. This domain evaluates your understanding of passive and active reconnaissance, osint techniques, dns enumeration and service discovery, and related concepts. Active and passive recon, OSINT, and enumeration. To pass this section you need practical knowledge of how these technologies work together.

What You'll Be Tested On

Passive and active reconnaissance
OSINT techniques
DNS enumeration and service discovery
Recon tools: Nmap, Wireshark, Shodan
Script customization (Python, PowerShell, Bash)

Key Technologies in This Domain

🔍Information Gathering

Study Strategy for Domain 2

While 21% might seem like a smaller portion, every point counts toward the passing score.

Exam Tips for Domain 2

💡

Know Nmap flags: -sS (SYN), -sT (TCP connect), -sU (UDP), -A (aggressive).

Frequently Asked Questions

How many questions come from Domain 2?

Domain 2 (Reconnaissance and Enumeration) makes up 21% of the PENTEST exam.

What should I focus on for Domain 2?

Key topics include Information Gathering.

How should I prepare for Reconnaissance and Enumeration questions?

Review key topics, then practice with domain-specific questions focusing on real-world scenarios.

What's the best order to study PENTEST domains?

Start with highest-weighted: Engagement Management (13%), Reconnaissance and Enumeration (21%), Vulnerability Discovery and Analysis (17%), Attacks and Exploits (35%), Post-Exploitation and Lateral Movement (14%).

Practice Domain 2 Questions

Test your knowledge of Reconnaissance and Enumeration with practice questions from our PENTEST question bank.

Start Practice Quiz →

Other PENTEST Domains

Domain 1Engagement Management13%Domain 3Vulnerability Discovery and Analysis17%Domain 4Attacks and Exploits35%Domain 5Post-Exploitation and Lateral Movement14%

← PENTEST Study Hub Free Mock Exam 30-Day Study Plan