Question 7 - Top CompTIA Pentest+ PT0-003 Real Exam Questions [Jan 2026 Update]

Q: 7

[Information Gathering and Vulnerability Scanning] During an assessment, a penetration tester plans to gather metadata from various online files, including pictures. Which of the following standards outlines the formats for pictures, audio, and additional tags that facilitate this type of reconnaissance?

Options

Correct Answer:

Explanation

The Exchangeable Image File Format (EXIF) is a standard that specifies the formats for images, sound, and ancillary tags used by digital cameras and other systems. This standard allows for the embedding of extensive metadata within image files. For a penetration tester, this metadata is a valuable source for reconnaissance, as it can include camera settings, software used, timestamps, and, most critically, GPS coordinates indicating where a photo was taken. Extracting this information from publicly available files helps build a profile of the target's activities, locations, and technology.

Why Incorrect

B. GIF: The Graphics Interchange Format is an image file format that supports basic animations and a limited color palette; it is not a comprehensive metadata standard like EXIF.

C. COFF: The Common Object File Format is an outdated format for executable and object code files, primarily used in older Unix-like operating systems, and is unrelated to image metadata.

D. ELF: The Executable and Linkable Format is the modern standard file format for executables, object code, and shared libraries on Linux and most Unix-like systems, not for image files.

References

1. Camera & Imaging Products Association (CIPA). (2019). CIPA DC-008-Translation-2019: Exchangeable image file format for digital still cameras: Exif Version 2.32. Section 1

"Scope

" defines the standard's applicability to image and sound files from digital cameras. Section 4.6.6

"GPS attribute information

" details the specific tags for storing geolocation data.

2. National Institute of Standards and Technology (NIST). (2014). NISTIR 8006: NIST Big Data Interoperability Framework: Volume 6

Security and Privacy. Section 4.2.2

"Data Confidentiality

" discusses how metadata

such as EXIF data in images

can inadvertently leak sensitive information like geolocation

which can be exploited.

3. Ayers

Brothers

& Jansen

W. (2014). Guidelines on Mobile Device Forensics (NIST Special Publication 800-101 Revision 1). Section 4.4.3

"Geotagging

" explicitly mentions how EXIF tags in photographs store GPS coordinates

making them a key source of location information for forensic analysis and

by extension

reconnaissance. (DOI: https://doi.org/10.6028/NIST.SP.800-101r1)

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE