GOSI 시험 - GIAC실제시험문제와 답 - 97문항

Question No : 1

What is a primary risk of automating data collection in OSINT?

A.Accidentally violating terms of service of websites
B.Increasing the accuracy of results
C.Improving search engine indexing
D.Slowing down the browsing speed

정답:

Question No : 2

Why is it important to analyze metadata in OSINT investigations?

A.It reveals hidden details like author, location, and timestamps
B.It enables investigators to decrypt files automatically
C.It manipulates search engine rankings
D.It replaces manual research processes

정답:

Question No : 3

Which tools are commonly used for automating OSINT data collection? (Choose two)

A.Maltego
B.SpiderFoot
C.Notepad
D.Microsoft Excel

정답:

Question No : 4

A researcher wants to find publicly available images of an individual using AI-powered facial recognition.
Which tool is most suitable?

A.PimEyes
B.Wireshark
C.Maltego
D.Tor Browser

정답:

Question No : 5

Which tool is commonly used for automating OSINT collection?

A.SpiderFoot
B.Metasploit
C.John the Ripper
D.Burp Suite

정답:

Question No : 6

Scenario: A cybersecurity team is conducting OSINT research on a business and finds company-related leaked credentials on a dark web forum.
What should be the next step?

A.Notify the company and advise password resets
B.Publicly disclose the breach without company consent
C.Share the credentials with competitors
D.Use the credentials for further penetration testing

정답:

Question No : 7

What free service allows OSINT analysts to check historical screenshots of websites?

A.VirusTotal
B.Wayback Machine
C.Nmap
D.Nikto

정답:

Question No : 8

Which of the following is a widely used certificate transparency monitoring tool for discovering newly issued or suspicious SSL/TLS certificates?

A.crt.sh
B.FOCA
C.Wireshark
D.Maltego

정답:

Question No : 9

What techniques can OSINT investigators use to map out an organization’s infrastructure? (Choose two)

A.WHOIS lookups
B.Reverse IP lookups
C.Exploiting zero-day vulnerabilities
D.Installing backdoors on company servers

정답:

Question No : 10

What is a major privacy risk for individuals sharing their phone number online?

A.They might receive excessive marketing emails
B.Their number can be used to track their location
C.Phone numbers are never linked to other accounts
D.Mobile carriers block all OSINT-based searches

정답:

Question No : 11

A company suspects one of its subdomains was taken over by an attacker.
How can an OSINT professional verify this?

A.Check subdomain DNS records for anomalies
B.Perform a brute-force attack on the admin panel
C.Run SQL injection tests
D.Decrypt SSL/TLS certificates

정답:

Question No : 12

When performing OSINT on an individual, what online sources are commonly used to verify employment history? (Choose two)

A.LinkedIn
B.Breach databases
C.WHOIS records
D.Court filings

정답:

Question No : 13

When investigating a target’s email address, which of the following OSINT techniques can reveal linked online accounts?

A.Reverse email lookup tools
B.Brute-force password attacks
C.Intercepting network traffic
D.Downloading metadata from private emails

정답:

Question No : 14

You are conducting OSINT research on a company's online exposure.
What should be your first step?

A.Use Google Dorking to identify indexed company files
B.Launch penetration tests on the company's servers
C.Engage in social engineering tactics
D.Exploit known security vulnerabilities

정답:

Question No : 15

Why is sandboxing recommended when analyzing potentially malicious files?

A.To prevent malware from infecting the analyst’s system
B.To extract hidden EXIF metadata from documents
C.To speed up the investigation process
D.To automatically decrypt encrypted files

정답:

GIAC GOSI 시험