Q: 7
[Information Gathering and Vulnerability Scanning]
During an assessment, a penetration tester plans to gather metadata from various online files,
including pictures. Which of the following standards outlines the formats for pictures, audio, and
additional tags that facilitate this type of reconnaissance?
Options
Discussion
B
A
Honestly, I'd pick B for this one. GIF is a super common image file type and you see them all over online, so I figured it must cover most of what pentesters grab. Not 100% sure if it handles the metadata part as fully as EXIF though, feel free to correct me.
A is the way to go here. EXIF handles the metadata like camera, timestamps, and GPS in image files, not just the picture itself. I think B (GIF) is a trap since it's just a format, not a standard for tagging info. Open to correction if I've missed something.
A for sure. EXIF is what holds the metadata like geotags and device details in image files. GIF is just an image format, doesn't really do metadata. Pretty confident unless I'm missing something subtle.
Its A. EXIF only applies if they care about the actual metadata standard, not just the file type.
B or A here. I first thought about B since GIFs are everywhere and it is an image format, pretty common online. Not fully sure if it supports rich metadata though. Anyone else think it's possible CompTIA is being tricky with this wording?
A is right but only if they're actually asking about embedded metadata standards, not just file formats. EXIF specifically stores stuff like camera and GPS info, GIF doesn't do that. Similar question tripped me up in another practice set, so I double-checked.
Oh come on, CompTIA always loves throwing in ELF/COFF as distractors here just to mess with us. For metadata, EXIF is the standard I keep seeing in similar questions, but not gonna lie, sometimes I second guess and overthink GIF. Sticking with A though.
Probably A here, since EXIF is specifically for storing metadata like GPS and device info in image files. B (GIF) is just an image format, not a metadata standard. Easy to mix those up, but pretty sure it's A.
Be respectful. No spam.
