The minutest bit of data can create tiny security holes, which could potentially become a gateway for malicious actors into an organization's larger network. Effective pen testers must master finding this data -- and the vulnerabilities it may create -- and then plug the holes before hackers can infiltrate them.
The first step of a penetration test involves passive information gathering: collecting data from publicly available sources, such as search engines, social media platforms, DNS servers and the target's network. There is no interaction with targets, nor do pen testers identify themselves to them.
Active information gathering, step two of a pen test, involves direct engagement with targets by interacting with them or using social engineering techniques, network scanners and pen testing tools to acquire data.
Information gathering is a fundamental concept for any pen tester to master and is covered in pen testing certifications. If you are on a penetration testing career path, the CompTIA PenTest+ certification might be in your future. Are you confident you have what it takes to pass the test? Current penetration tester and author Jonathan Ammerman's CompTIA PenTest+ Certification Practice Exams, a supplement to CompTIA PenTest+ Certification All-in-One Exam Guide, offers insight into penetration testing basics and tools pen testers use to get the job done.
The following CompTIA PenTest+ practice test questions, excerpted from Chapter 2, "Getting to know your targets," will quiz your knowledge of passive and active information gathering.
For additional information and more sample test questions, download a PDF of Chapter 2.
CompTIA PenTest+ practice test questions
About the author
An English major turned army officer turned high-performance computing systems administrator, Jonathan Ammerman has taken a decidedly less than typical route to the information security field. His experiences in the military and private sectors led to a heightened interest in the security arena, manifested in his current role as a penetration tester with nDepth Security. In his spare time, Ammerman enjoys spending time with his children and hiking or camping in areas that preclude the possibility of so much as a phone call.