CEH v13 Domain 2.1 Practice Test 001

By /

Welcome to this CEH v13 practice test!

This practice test covers Domain 2 (Reconnaissance Techniques) Subdomain 1 (Footprinting and Reconnaissance) from the CEH v13 (312-50v13) exam blueprint (v5).

These questions are inspired by the EC-Council CEH exam and are designed to help you test your knowledge of ethical hacking tools, techniques, and methodologies. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CEH exam.

Note: CEH and Certified Ethical Hacker are registered trademarks of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CEH practice tests based on specific domains and subdomains, click that link.

CEH v13 Domain 2.1 Practice Test 001
10 questions • 8 single-answer, 2 multi-select
CEH v13 (312-50v13) • Domain 2: Reconnaissance Techniques — Sub-Domain 2.1: Footprinting and Reconnaissance
Question 1
A penetration tester has been hired to perform a black-box assessment against a financial services firm. Before making any direct contact with the target's systems, the tester wants to gather as much publicly available information as possible using Google search operators. The tester enters the following query into Google: `site:targetbank.com filetype:pdf "internal use only"` What type of footprinting technique is the tester employing?
    Question 2
    Clark, a professional hacker, is in the early stages of targeting a multinational corporation. He visits the target organization's website and uses the browser's developer tools to examine the HTML source code, JavaScript files, and embedded metadata. He also runs the site through HTTrack to create a local mirror for offline analysis. Which footprinting methodology is Clark primarily using?
      Question 3
      During a footprinting exercise, a security analyst uses the Maltego tool to map relationships between a target company's employees, email addresses, domain names, IP addresses, and social media profiles. The analyst is able to visualize a comprehensive link graph showing how these entities are connected. What category of footprinting does this activity best represent?
        Question 4
        Select all that apply
        Jane is conducting footprinting against a target organization during a sanctioned red team engagement. She wants to gather email addresses and employee names associated with the target domain without directly contacting the organization's systems. (Choose TWO tools that are most appropriate for this goal.)
          Question 5
          Elijah, a threat actor, wants to discover the IP address ranges, ASN (Autonomous System Number), and network blocks owned by a target organization before launching an attack. He queries the ARIN database and also uses tools like Whois and traceroute to map the target's internet-facing infrastructure. Which footprinting technique is Elijah performing?
            Question 6
            A penetration tester performs a WHOIS lookup against a target domain and retrieves the following key pieces of information: registrar name, registration and expiration dates, name servers, and the administrative contact's email address. The tester then uses this email address to pivot into additional OSINT research. Which of the following is the MOST significant risk that WHOIS footprinting poses to an organization that does NOT use domain privacy services?
              Question 7
              During a footprinting engagement, Kevin uses Recon-ng with the `recon/domains-hosts/google_site_web` module to discover subdomains associated with a target organization. He then queries Shodan to identify internet-exposed services and device banners on the discovered hosts. This activity is BEST classified as which combination of footprinting techniques?
                Question 8
                Select all that apply
                An ethical hacker is performing DNS footprinting against a target organization to gather intelligence about their mail infrastructure and zone configuration. (Choose TWO actions that are valid DNS footprinting techniques within the CEH methodology.)
                  Question 9
                  A security team is reviewing their organization's exposure to footprinting attacks. They discover that their corporate website's metadata reveals the software versions used, internal file paths, and author names of published documents. An attacker could extract this information using a tool like FOCA (Fingerprinting Organizations with Collected Archives). Which footprinting countermeasure BEST addresses this specific risk?
                    Question 10
                    Jane is conducting reconnaissance against a technology company as part of a red team engagement. She visits the company's LinkedIn page, Facebook profile, and Twitter/X feed to identify employee names, job titles, technologies used, recent projects, and organizational structure. She also monitors job postings to infer what technologies and security tools the organization currently uses. This footprinting technique is BEST described as:
                      Answered: 0/10

                      Related Posts

                      Leave a Comment

                      Your email address will not be published. Required fields are marked *

                      Scroll to Top