Formacraft
OSINT Exam - Get 80% to pass
Name
*
First Name
Last Name
Email
*
1 - Which tool is commonly used to create link analysis graphs in OSINT investigations?
FOCA
Maltego
Nmap
Wireshark
2 - What is the primary function of the tool 'Shodan'?
DNS resolution
Vulnerability scanning
Search engine for IoT and internet-connected devices
WHOIS lookups
3 - Which of the following is NOT a feature of SpiderFoot?
Passive DNS lookup
Automated reconnaissance
File system analysis
Integration with Tor
4 - What does the Harvester primarily help you find?
MAC addresses on a LAN
Leaked database credentials
Email addresses and domain-related information
Bitcoin wallet addresses
5 - Which OSINT tool specializes in metadata extraction from documents and images
Metagoofil
Osmedeus
Recon-ng
Sherlock
6 - What kind of data does Censys focus on?
Geolocation of IPs
SSL certificates and banners
Social media account matching
Web defacement tracking
7 - Which tool is widely used to search social media usernames across multiple platforms?
Twint
Sherlock
FOCA
Maltego
8 - What is Recon-ng primarily used for?
Port scanning
Email spoofing
Structured OSINT data gathering via modules
VPN tunneling
9 - Which of the following best describes Google Dorking?
Searching usernames in the dark web
Using advanced Google search operators to find sensitive data
Mapping subdomains using DNS
Creating fake profiles for engagement
10 - What is the purpose of passive DNS analysis in OSINT?
Mapping firewall rules
Determining open ports
Finding historical resolution data of domains
Tracking data exfiltration
11 - EXIF data in images can provide what information?
File hashes
Passwords
GPS coordinates, timestamp, and device info
Social media tags
12 - What is the use of WHOIS lookup in OSINT?
Checking image authenticity
Discovering domain registration and contact info
Decrypting encrypted files
Bypassing login screens
13 - Which technique is useful for identifying the technologies behind a website?
DNS tunneling
Social engineering
Fingerprinting
Cross-site scripting
14 - You're investigating a phishing campaign. The attacker used a suspicious domain. What’s your first step?
Brute-force their server
Perform a WHOIS lookup
Run an XSS attack
Flood the domain with traffic
15 - A journalist receives threats from an anonymous Twitter account. What’s a non-intrusive OSINT method to begin attribution?
DDOS the account
Use Twitter advanced search and analyze EXIF from profile images
Hack their phone
File a report with the government
16 - You find a leaked PDF online connected to your investigation. What's your next OSINT step?
Check its hash on VirusTotal
Extract metadata for authorship or source clues
Decompile it
Open it without sandboxing
17 - You're tracking a foreign hacking group’s online activity. What's a safe practice when browsing their content?
Use a personal device and login
Engage directly on forums
Use a sandboxed virtual machine and VPN
Use Tor only
18 - You’re investigating a website promoting fake news. How would you assess the credibility of its content?
Count likes
Take down the domain
Report on social media
Run a reverse image search and cross-check sources
19 - An email address is your only lead. What can you do to expand the investigation?
Social engineering
Send a payload
OSINT email lookup (Hunter, HaveIBeenPwned, social profile checks)
Port scan the domain
20 - You're asked to find the infrastructure behind a scammy-looking website. What's your best OSINT approach?
ARP scan
Login with fake credentials
Socially engineer their support team
Use Shodan, Censys, and DNS history tools
Total
Submit
Should be Empty: