Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

← Footprinting and Reconnaissance practice sets

CEH Footprinting and Reconnaissance • Complete Question Bank

CEH Footprinting and Reconnaissance — All Questions With Answers

Complete CEH Footprinting and Reconnaissance question bank — all 0 questions with answers and detailed explanations.

18
Questions
Free
No signup
Certifications/CEH/Practice Test/Footprinting and Reconnaissance/All Questions
Question 1easymultiple choice
Read the full Footprinting and Reconnaissance explanation →

A penetration tester is performing a footprinting exercise on a target company. The tester wants to identify the network range and ISP of the target. Which of the following tools or techniques is MOST appropriate for this purpose?

Question 2mediummultiple choice
Read the full Footprinting and Reconnaissance explanation →

During the reconnaissance phase, a tester discovers that the target company's email server is configured to automatically respond to delivery status notifications (DSNs). Which type of attack could this information facilitate?

Question 3hardmultiple choice
Read the full Footprinting and Reconnaissance explanation →

A security analyst is tasked with performing passive reconnaissance on a target organization. Which of the following is the BEST approach to gather information about the target's technology stack without directly interacting with the target's systems?

Question 4easymultiple choice
Read the full Footprinting and Reconnaissance explanation →

An ethical hacker wants to discover subdomains of a target domain using only public information. Which of the following techniques is MOST effective?

Question 5mediummultiple choice
Read the full DNS explanation →

During footprinting, a tester finds that the target's DNS server allows recursive queries from the internet. What is the MOST significant security implication of this finding?

Question 6mediummulti select
Read the full Footprinting and Reconnaissance explanation →

Which TWO of the following are examples of passive footprinting techniques? (Select exactly 2.)

Question 7hardmulti select
Read the full Footprinting and Reconnaissance explanation →

Which THREE of the following are valid pieces of information that can be gathered from a properly configured Netcraft site report? (Select exactly 3.)

Question 8mediummultiple choice
Read the full Footprinting and Reconnaissance explanation →

An ethical hacker runs the command shown in the exhibit. Which of the following conclusions can be drawn from the output?

Exhibit

Refer to the exhibit.

```
C:\Users\tester> nslookup -type=MX exampledomain.com
Server:  dns.example.com
Address:  192.168.1.1

exampledomain.com
        MX preference = 10, mail exchanger = mail1.exampledomain.com
        MX preference = 20, mail exchanger = mail2.exampledomain.com
```
Question 9hardmultiple choice
Read the full Footprinting and Reconnaissance explanation →

You are a penetration tester hired to perform a security assessment for a medium-sized e-commerce company, "ShopSmart". The company hosts its website on a shared hosting environment and uses a third-party payment gateway. Your goal is to gather as much information as possible without triggering any alarms. During the initial footprinting, you discover that the company's domain "shopsmart.com" was registered five years ago and the WHOIS record shows the registrant's name, address, phone number, and email. The email address is "admin@shopsmart.com". You also find a job posting on LinkedIn that mentions they are looking for a "Senior PHP Developer with experience in Laravel and MySQL". Additionally, by using the Wayback Machine, you find an old version of the site that includes a comment in the HTML source: "<!-- TODO: Remove debug page before launch: /dev/test.php -->". You attempt to access /dev/test.php but receive a 404 error. What should you do NEXT to maximize information gain while remaining passive?

Question 10mediummultiple choice
Read the full Footprinting and Reconnaissance explanation →

During a penetration test, you are tasked with performing footprinting on a target organization. You have identified the target's IP range 192.168.1.0/24. Which of the following techniques would provide the most comprehensive information about the target's network topology and potential entry points?

Question 11hardmulti select
Read the full Footprinting and Reconnaissance explanation →

Which TWO of the following tools are specifically designed for footprinting and reconnaissance tasks? (Select two.)

Question 12easymultiple choice
Read the full Footprinting and Reconnaissance explanation →

What can be inferred from the output?

Exhibit

Refer to the exhibit.
```
C:\Users\test>nslookup -type=MX example.com
Server:  dns.company.com
Address:  192.168.1.1

example.com     MX preference = 10, mail exchanger = mail1.example.com
example.com     MX preference = 20, mail exchanger = mail2.example.com
```
Question 13mediummultiple choice
Read the full Footprinting and Reconnaissance explanation →

You are a penetration tester for a security firm. Your client, Acme Corp, has requested an external reconnaissance assessment. They have provided their primary domain 'acme.com'. You begin by performing passive footprinting using public sources. After gathering initial information, you want to identify their email servers, subdomains, and any exposed services. You also want to map their network infrastructure without directly interacting with their systems to avoid detection. Which course of action should you take next?

Question 14hardmultiple choice
Read the full Footprinting and Reconnaissance explanation →

During a penetration test, you discover that the target organization uses a cloud-based email service. Which technique would allow you to gather employee email addresses and potentially infer internal organizational structure?

Question 15mediummulti select
Read the full Footprinting and Reconnaissance explanation →

Which TWO of the following tools are commonly used for passive reconnaissance?

Question 16easymultiple choice
Read the full Footprinting and Reconnaissance explanation →

Refer to the exhibit. An attacker runs the nslookup command shown. What information has been gathered?

Exhibit

Refer to the exhibit.

C:\>nslookup -type=MX example.com
Server:  dns.example.com
Address:  192.0.2.10

example.com     MX preference = 10, mail exchanger = mail1.example.com
example.com     MX preference = 20, mail exchanger = mail2.example.com
Question 17mediumdrag order
Read the full VPN explanation →

Drag and drop the steps to set up a VPN using IPsec in tunnel mode into the correct order.

Drag steps to the numbered slots on the right, or tap a step then tap a slot.

Steps
Order
1Step 1
2Step 2
3Step 3
4Step 4
5Step 5
Question 18mediummatching
Read the full Footprinting and Reconnaissance explanation →

Match each CEH phase to its key activity.

Drag a concept onto its matching description — or click a concept then click the description.

Concepts
Matches

Gathering information about the target

Identifying live hosts, open ports, and services

Exploiting vulnerabilities to enter the system

Installing backdoors for persistent access

Clearing logs and hiding evidence

Practice tests

Scored 10-question sessions with instant feedback and explanations.

CEH Practice Test 1 — 10 Questions→CEH Practice Test 2 — 10 Questions→CEH Practice Test 3 — 10 Questions→CEH Practice Test 4 — 10 Questions→CEH Practice Test 5 — 10 Questions→CEH Practice Exam 1 — 20 Questions→CEH Practice Exam 2 — 20 Questions→CEH Practice Exam 3 — 20 Questions→CEH Practice Exam 4 — 20 Questions→Free CEH Practice Test 1 — 30 Questions→Free CEH Practice Test 2 — 30 Questions→Free CEH Practice Test 3 — 30 Questions→CEH Practice Questions 1 — 50 Questions→CEH Practice Questions 2 — 50 Questions→CEH Exam Simulation 1 — 100 Questions→

Practice by domain

Each domain maps to a weighted exam section. Focus on the domain where you are weakest.

Footprinting, Reconnaissance and ScanningEnumeration and System HackingMalware, Social Engineering and Network AttacksWeb Application and Injection AttacksIntroduction to Ethical HackingScanning Networks and EnumerationVulnerability Analysis and System HackingAdvanced Topics: Wireless, Cloud, IoT, CryptographyFootprinting and ReconnaissanceNetwork and Web Application AttacksWireless, IoT and Cloud SecurityCryptography and Malware AnalysisSocial Engineering and Physical Security

Practice by scenario

Filter questions by type — troubleshooting, exhibit, drag-and-drop, PBQ, ACLs, OSPF, and more.

Browse scenarios→

Continue studying

All Footprinting and Reconnaissance setsAll Footprinting and Reconnaissance questionsCEH Practice Hub