Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertificationsCEHTopicsFootprinting and Reconnaissance
Free · No Signup RequiredEC-Council · CEH

CEH Footprinting and Reconnaissance Practice Questions

18+ practice questions focused on Footprinting and Reconnaissance — one of the most tested topics on the Certified Ethical Hacker CEH exam. Each question includes a detailed explanation so you learn why the right answer is correct.

Start Footprinting and Reconnaissance Practice

Exam Domains

Footprinting, Reconnaissance and ScanningEnumeration and System HackingMalware, Social Engineering and Network AttacksWeb Application and Injection AttacksIntroduction to Ethical HackingScanning Networks and EnumerationVulnerability Analysis and System HackingAll domains →

Study Tools

Practice TestMock ExamFlashcardsAll Topics

Sample Footprinting and Reconnaissance Questions

Practice all 18+ →
1.

A penetration tester is performing a footprinting exercise on a target company. The tester wants to identify the network range and ISP of the target. Which of the following tools or techniques is MOST appropriate for this purpose?

A.Query the Netcraft site for the domain
B.Perform a WHOIS lookup against the domain
C.Use nslookup to query the authoritative name servers
D.Run a traceroute to the target web server

Explanation: A WHOIS lookup against the target domain returns registration details that include the organization's network range (via the 'NetRange' or 'CIDR' fields) and the ISP (via the 'OrgName' or 'descr' fields). This directly maps to the footprinting goal of identifying the target's IP address block and upstream provider, as defined in RFC 3912 and common WHOIS database schemas.

2.

During the reconnaissance phase, a tester discovers that the target company's email server is configured to automatically respond to delivery status notifications (DSNs). Which type of attack could this information facilitate?

A.DNS cache poisoning
B.Email enumeration
C.Man-in-the-middle attack
D.Phishing attack

Explanation: Email servers that automatically respond to Delivery Status Notifications (DSNs) as defined in RFC 1891/3464 can be exploited for email enumeration. By sending a message to a non-existent address, the DSN response will indicate the address is invalid, while a valid address may generate no DSN or a different response. This allows an attacker to systematically verify valid email addresses on the target domain without triggering a full bounce-back to the original sender.

3.

A security analyst is tasked with performing passive reconnaissance on a target organization. Which of the following is the BEST approach to gather information about the target's technology stack without directly interacting with the target's systems?

A.Engage in social engineering via phone calls
B.Use Shodan to search for target infrastructure
C.Initiate a DNS zone transfer request
D.Perform a port scan with Nmap

Explanation: Shodan is a search engine that indexes banners from internet-connected devices, allowing an analyst to discover a target's exposed services, open ports, and technology stack (e.g., web servers, SSH versions, IoT devices) without sending any packets to the target's systems. This makes it a purely passive reconnaissance technique, as it relies on Shodan's pre-collected data rather than direct interaction.

4.

An ethical hacker wants to discover subdomains of a target domain using only public information. Which of the following techniques is MOST effective?

A.Run a traceroute to the main domain
B.Check the WHOIS record for the domain
C.Use the site: operator in search engines
D.Perform a reverse DNS lookup on the target IP range

Explanation: The `site:` operator in search engines (e.g., Google) allows an ethical hacker to enumerate publicly indexed subdomains of a target domain by querying `site:*.targetdomain.com`. This technique leverages the search engine's crawl data to discover subdomains that are publicly accessible but may not be linked from the main site, making it the most effective method for passive, public-information-only reconnaissance.

5.

During footprinting, a tester finds that the target's DNS server allows recursive queries from the internet. What is the MOST significant security implication of this finding?

A.Unauthorized zone transfers are possible
B.The DNS server can be used for denial of service (amplification)
C.The DNS cache can be poisoned easily
D.The DNS server can be used for denial of service

Explanation: Option D is correct because a DNS server that allows recursive queries from the internet can be exploited in a DNS amplification attack, a type of denial-of-service (DoS) attack. The attacker sends a small query with a spoofed source IP (the victim's IP) to the open recursive resolver, which responds with a much larger response (e.g., using the ANY record type), amplifying traffic up to 50-100 times. This floods the victim's network, making the DNS server an unwitting participant in the attack.

+13 more Footprinting and Reconnaissance questions available

Practice all Footprinting and Reconnaissance questions

How to master Footprinting and Reconnaissance for CEH

1. Baseline your knowledge

Start with 10 questions to gauge your current understanding of Footprinting and Reconnaissance. This tells you whether you need a concept refresher or just practice.

2. Review every explanation

For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.

3. Focus on exam traps

Footprinting and Reconnaissance questions on the CEH frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.

4. Reach 80% consistently

Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.

Frequently asked questions

How many CEH Footprinting and Reconnaissance questions are on the real exam?

The exact number varies per candidate. Footprinting and Reconnaissance is tested as part of the Certified Ethical Hacker CEH blueprint. Practicing with targeted Footprinting and Reconnaissance questions ensures you can handle any format or difficulty that appears.

Are these CEH Footprinting and Reconnaissance practice questions free?

Yes. Courseiva provides free CEH practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.

Is Footprinting and Reconnaissance one of the harder CEH topics?

Difficulty is subjective, but Footprinting and Reconnaissance is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.

Ready to practice?

Launch a full Footprinting and Reconnaissance practice session with instant scoring and detailed explanations.

Start Footprinting and Reconnaissance Practice →

Topic Info

Topic

Footprinting and Reconnaissance

Exam

CEH

Questions available

18+