GIAC Open Source Intelligence Certification GOSI (GOSI) Free Practice Test

Question 1

Scenario: An OSINT investigator finds a misconfigured cloud storage bucket containing business financial records.
What should they do?

A. Sell the data on dark web marketplaces

B. Download the files for personal use

C. Ignore the discovery and move on

D. Report the issue to the business security team

Correct Answer: D

Question 2

Which OSINT methods can help track a target's digital footprint? (Choose two)

A. Intercepting private emails

B. Monitoring social media activity

C. Extracting metadata from shared documents

D. Scanning internal corporate databases

Correct Answer: B,C

Question 3

You suspect a fake social media account is being used for phishing.
What is the best way to investigate?

A. Report the account without investigation

B. Hack into their IP address

C. Check account creation date and connections

D. Directly message the account and demand information

Correct Answer: C

Question 4

Which public databases are useful for checking historical website ownership records? (Choose two)

A. Maltego

B. DomainTools

C. Wayback Machine

D. Wireshark

Correct Answer: B,C

Question 5

Which OSINT tool is commonly used to passively enumerate subdomains of a target website?

A. Metasploit

B. Hashcat

C. Amass

D. Wireshark

Correct Answer: C

Question 6

What are best practices for processing large volumes of OSINT data? (Choose two)

A. Ensure encryption of sensitive information

B. Use data visualization tools for better analysis

C. Store all data in a public cloud for accessibility

D. Delete all collected data immediately after analysis

Correct Answer: A,B

Question 7

What type of public record is most useful for verifying an individual's past addresses?

A. Court and property records

B. Vehicle registration databases

C. VPN logs

D. Encrypted email archives

Correct Answer: A

Question 8

Scenario: A cybersecurity team is conducting OSINT research on a business and finds company-related leaked credentials on a dark web forum.
What should be the next step?

A. Notify the company and advise password resets

B. Publicly disclose the breach without company consent

C. Share the credentials with competitors

D. Use the credentials for further penetration testing

Correct Answer: A

Question 9

When performing OSINT on an individual, what online sources are commonly used to verify employment history? (Choose two)

A. WHOIS records

B. Breach databases

C. LinkedIn

D. Court filings

Correct Answer: C,D

Question 10

What is a primary risk of automating data collection in OSINT?

A. Improving search engine indexing

B. Accidentally violating terms of service of websites

C. Slowing down the browsing speed

D. Increasing the accuracy of results

Correct Answer: B

Welcome to TestSimulate

GIAC Open Source Intelligence Certification GOSI (GOSI) Free Practice Test