CISSP Question #607: Real Exam Question with Answer & Explanation

The correct answer is A: Information gathering. A penetration test is a simulated attack on a system or network to evaluate its security posture and identify any vulnerabilities or weaknesses. A penetration test typically consists of four phases: information gathering, vulnerability analysis, exploitation, and reporting. The i

Submitted by luis.pe· Mar 5, 2026Security Assessment and Testing

Question

Which of the following phases involves researching a target's configuration from public sources when performing a penetration test?

Options

AInformation gathering
BSocial engineering
CTarget selection
DTraffic enumeration

Explanation

A penetration test is a simulated attack on a system or network to evaluate its security posture and identify any vulnerabilities or weaknesses. A penetration test typically consists of four phases: information gathering, vulnerability analysis, exploitation, and reporting. The information gathering phase involves researching a target's configuration from public sources, such as websites, social media, domain name servers, or network scanning tools. The information gathered in this phase can help to determine the attack surface, the potential entry points, and the best strategies for the penetration test.

Topics

#penetration testing#information gathering#reconnaissance

Community Discussion

No community discussion yet for this question.

Full CISSP Practice Browse All CISSP Questions