CEH v13 Domain 2.1 Practice Test 003

This practice test covers Domain 2 (Reconnaissance Techniques) Subdomain 1 (Footprinting and Reconnaissance) from the CEH v13 (312-50v13) exam blueprint (v5).

These questions are inspired by the EC-Council CEH exam and are designed to help you test your knowledge of ethical hacking tools, techniques, and methodologies. Some questions require multiple correct answers.

These are not official exam questions or brain dumps. They are original scenario-based questions created to reflect the skills and knowledge tested in the CEH exam.

Note: CEH and Certified Ethical Hacker are registered trademarks of EC-Council. This content is not affiliated with or endorsed by EC-Council.

To choose CEH practice tests based on specific domains and subdomains, click that link.

CEH v13 Domain 2.1 Practice Test 003

10 questions • 8 single-answer, 2 multi-select

Question 1

Clark is targeting a financial services firm and uses Google search operators to discover exposed documents on the firm's public web server. He crafts the query `filetype:pdf site:targetfirm.com confidential` to locate sensitive PDF files indexed by Google. Which footprinting technique is Clark leveraging?

A. Google Hacking / Google Dorking B. DNS Zone Transfer C. WHOIS Enumeration D. Wayback Machine Analysis

Question 2

A security analyst performing active reconnaissance attempts to retrieve the complete DNS record set for a target domain by querying its authoritative DNS server directly. The operation succeeds because the DNS server is misconfigured to respond to queries from unauthorized external hosts. Which DNS footprinting technique was used?

A. DNS Zone Transfer B. Reverse DNS Lookup C. DNS Cache Snooping D. DNSSEC Enumeration

Question 3

An attacker performing reconnaissance on a target multinational corporation queries ARIN's WHOIS database to map out the IP address blocks registered to the organization. This network range information is used to define the scope for subsequent active scanning phases. Which type of WHOIS lookup was performed?

A. Network WHOIS Lookup B. Domain WHOIS Lookup C. DNS SOA Record Query D. Passive DNS Analysis

Question 4

Kevin sends a specially crafted HTML email to an employee at the target organization that contains a hidden 1x1 pixel image hosted on a server he controls. When the recipient opens the email, Kevin's server logs the recipient's IP address, email client version, and read timestamp. Which email footprinting technique did Kevin use?

A. Email Tracking B. SMTP Enumeration C. Email Bounce Analysis D. SPF Record Lookup

Question 5

Select all that apply

An enterprise security team is conducting authorized open-source intelligence gathering on a target organization as part of a pre-engagement passive footprinting phase. They need tools that can map entity relationships across public data sources and also discover internet-exposed infrastructure such as open databases and misconfigured services. Which two tools are best suited for this purpose? (Choose two)

A. Maltego B. Metasploit C. Shodan D. Hashcat E. Burp Suite

Question 6

Jane is tasked with performing website footprinting on a target e-commerce platform and needs to download a complete offline copy of the site to analyze its directory structure, embedded metadata, hidden links, and scripting technologies. She wants a tool that mirrors the entire website recursively without requiring active interaction with live pages. Which tool is most appropriate for Jane's task?

A. HTTrack B. Nmap C. Aircrack-ng D. Wireshark

Question 7

During reconnaissance of a cloud-deployed web application, an attacker uses a specialized search engine that crawls the internet and indexes devices based on their open ports and service banners. The attacker discovers an unprotected Elasticsearch instance belonging to the target by searching for the default port and service banner string. Which footprinting tool was used?

A. Shodan B. Maltego C. Recon-ng D. theHarvester

Question 8

Elijah is mapping the network path from his machine to a target organization's web server by transmitting packets with incrementally increasing TTL values, causing each intermediate router to return an ICMP Time Exceeded message when the TTL reaches zero. This reveals the IP address and response time of each hop along the route. Which network footprinting technique is Elijah using?

A. Traceroute Analysis B. Port Scanning C. ARP Poisoning D. SNMP Walking

Question 9

An attacker systematically harvests employee data from LinkedIn profiles belonging to a target organization, collecting job titles, reported technical skills, current project names, and the organizational reporting hierarchy. This compiled dataset is used to identify high-value targets and craft convincing spear-phishing pretexts. Which footprinting technique is being performed?

A. Social Networking Footprinting B. Email Footprinting C. Social Engineering Attack D. Competitive Intelligence Gathering

Question 10

Select all that apply

An enterprise security team is hardening their organization's external posture to minimize information exposure during the footprinting phase of a potential attack. The team is reviewing both DNS server configurations and domain registration policies to reduce data available to unauthenticated external parties. Which two measures are effective countermeasures against footprinting? (Choose two)

A. WHOIS Data Redaction B. Enabling Open SMTP Relay C. Restricting DNS Zone Transfers D. Allowing Public SNMP Community Strings E. Disabling Firewall Logging

Related Posts

Leave a Comment Cancel Reply