Log in Start practising free
CompTIA PenTest+

Information Gathering & Vulnerability Scanning

46 free practice questions with explanations

Practise all 46 questions free →

PassNova has 46 free CompTIA PenTest+ practice questions on Information Gathering & Vulnerability Scanning, each with a clear explanation. Practise them in the browser with instant feedback — 100% free, no sign-up, on any device. Updated for 2026.

Sample questions

Information Gathering & Vulnerability Scanning: example questions & answers

Here are 6 example questions from this topic. Practise the full set of 46 free in the browser.

  1. Which Nmap option performs a TCP SYN (half-open) scan?

    • A -sn
    • B -sV
    • C -sS
    • D -sU

    Answer: The -sS flag triggers a SYN scan, which sends SYN packets and analyses responses without completing the TCP handshake, making it fast and relatively stealthy.

  2. A tester wants to identify the service versions running on open ports during an Nmap scan. Which flag should be used?

    • A -sn
    • B -Pn
    • C -sV
    • D -F

    Answer: The -sV flag enables service and version detection, probing open ports to determine the application and version listening, which aids vulnerability mapping.

  3. Which technique gathers information about a target using only publicly available sources without sending packets directly to the target's systems?

    • A Exploitation
    • B Privilege escalation
    • C Active scanning
    • D Passive reconnaissance (OSINT)

    Answer: Passive reconnaissance, or open-source intelligence (OSINT), collects data from public sources such as search engines, WHOIS, and social media without interacting with the target directly, leaving no footprint on its systems.

  4. A tester runs theHarvester against a target domain. What type of information is this tool PRIMARILY used to collect?

    • A Kernel memory dumps
    • B Database table schemas
    • C Email addresses, subdomains, and host names from public sources
    • D Firewall rule sets

    Answer: theHarvester aggregates OSINT such as email addresses, employee names, subdomains, and hosts from public search engines and data sources, supporting reconnaissance and phishing target development.

  5. During a vulnerability scan, a finding is reported that does not actually exist on the target system. What is this called?

    • A Zero-day
    • B True positive
    • C False positive
    • D True negative

    Answer: A false positive is a reported vulnerability that is not actually present; testers must validate scanner output to filter these out before reporting.

  6. Which command-line tool is commonly used to perform DNS enumeration, including zone transfer attempts?

    • A ping
    • B traceroute
    • C netstat
    • D dig

    Answer: The dig utility queries DNS records and can attempt zone transfers (AXFR), helping enumerate host names and infrastructure within a domain.

Start practising Information Gathering & Vulnerability Scanning →
More CompTIA PenTest+ topics

Practise another topic

Attacks & Exploits52 questions Tools & Code Analysis38 questions Planning & Scoping36 questions Reporting & Communication28 questions
← Back to CompTIA PenTest+