CompTIA PenTest+ practice test questions to assess your knowledge

The minutest bit of data can create tiny security holes, which could potentially become a gateway for malicious actors into an organization's larger network. Effective pen testers must master finding this data -- and the vulnerabilities it may create -- and then plug the holes before hackers can infiltrate them.

The first step of a penetration test involves passive information gathering: collecting data from publicly available sources, such as search engines, social media platforms, DNS servers and the target's network. There is no interaction with targets, nor do pen testers identify themselves to them.

Active information gathering, step two of a pen test, involves direct engagement with targets by interacting with them or using social engineering techniques, network scanners and pen testing tools to acquire data.

Information gathering is a fundamental concept for any pen tester to master and is covered in pen testing certifications. If you are on a penetration testing career path, the CompTIA PenTest+ certification might be in your future. Are you confident you have what it takes to pass the test? Current penetration tester and author Jonathan Ammerman's CompTIA PenTest+ Certification Practice Exams, a supplement to CompTIA PenTest+ Certification All-in-One Exam Guide, offers insight into penetration testing basics and tools pen testers use to get the job done.

Click the image to learn more
about this title.

The following CompTIA PenTest+ practice test questions, excerpted from Chapter 2, "Getting to know your targets," will quiz your knowledge of passive and active information gathering.

For additional information and more sample test questions, download a PDF of Chapter 2.