All Practice Exams
100+ Free PORP Practice Questions
TCM Security Practical OSINT Research Professional practice questions are available now; exam metadata is being verified.
✓ No registration✓ No credit card✓ No hidden fees✓ Start practicing immediately
100+ Questions
100% Free
1 / 100
Question 1
Score: 0/0
What does the `filetype:` Google dork operator allow an OSINT investigator to search for?
A
B
C
D
to track
Same family resources
Explore More TCM Security Practical Certifications
Continue into nearby exams from the same family. Each card keeps practice questions, study guides, flashcards, videos, and articles in one place.
2026 Statistics
Key Facts: PORP Exam
$399
Exam Cost (includes retake + training)
TCM Security
72 hours
Practical Engagement Window
TCM Security
80/100
Passing Score
TCM Security
No MCQ
Fully Practical — Report-Based
TCM Security
No expiry
Certification Does Not Expire
TCM Security
1 free
Retake Included
TCM Security
The PORP from TCM Security is a practical OSINT certification covering 6 domains: OSINT Methodology (15%), SOCMINT & Account Pivoting (20%), People & Identity Investigation (20%), Domain & Website OSINT (20%), GEOINT & Business Intelligence (15%), and Reporting & Source Triangulation (10%). The exam gives 72 hours to complete a real-world OSINT engagement and submit a professional report. Passing score is 80/100. Cost is $399 with one free retake and 12 months of TCM Academy course access. Primary prep: TCM Security OSINT Fundamentals course. This practice exam covers conceptual knowledge; actual PORP requires hands-on OSINT research.
Sample PORP Practice Questions
Try these sample questions to test your PORP exam readiness. Each question includes a detailed explanation. Start the interactive quiz above for the full 100+ question experience with AI tutoring.
1Which of the following best describes the core purpose of Open-Source Intelligence (OSINT)?
A.Collecting and analyzing information from publicly available sources to produce actionable intelligence
B.Intercepting encrypted network traffic using passive sniffers
C.Performing social engineering calls to extract credentials
D.Exploiting vulnerabilities in publicly exposed web services
Explanation: OSINT is the practice of gathering, analyzing, and synthesizing information from publicly available, legally accessible sources — such as websites, social media, public records, and databases — to produce actionable intelligence. It does not involve unauthorized access, interception, or active exploitation.
2In the OSINT intelligence cycle, which phase involves transforming raw collected data into a usable intelligence product?
A.Planning and direction
B.Processing and analysis
C.Dissemination
D.Collection
Explanation: The processing and analysis phase transforms raw collected data — URLs, screenshots, usernames, phone numbers — into organized, evaluated intelligence. Collection gathers the raw data; planning sets objectives; dissemination delivers the finished product to stakeholders.
3A PORP investigator wants to search for a specific phrase across indexed web pages. Which Google search operator limits results to pages containing the exact phrase?
A.intitle:target phrase
B.phrase:target phrase
C."target phrase"
D.exact:target phrase
Explanation: Enclosing a phrase in double quotes instructs Google to return only pages containing that exact sequence of words. The `intitle:` operator searches within page titles only; there is no `phrase:` or `exact:` Google operator.
4Which Google dork would an investigator use to find all indexed pages on the domain example.com that contain the word 'password'?
A.domain:example.com password
B.host:example.com "password"
C.site:example.com AND password
D.site:example.com intext:password
Explanation: The `site:` operator restricts results to a specific domain, and `intext:` searches the body text of pages. Combining `site:example.com intext:password` returns only pages on example.com that contain the word 'password' in their body text — a standard Google dorking pattern.
5What is a 'sock puppet' account in the context of OSINT investigations?
A.A fabricated online persona created to conduct covert research without revealing the investigator's identity
B.A compromised account used by threat actors to exfiltrate data
C.A secondary backup account required by some platforms for two-factor authentication
D.An automated bot account used to flood social media with disinformation
Explanation: A sock puppet is a fictitious online persona created by an investigator to conduct covert OSINT research — for example, to view social media profiles that require account login without alerting the subject. Proper sock puppet hygiene includes using a VPN, separate device, and fictitious email and profile photo.
6An investigator retrieves EXIF metadata from a JPEG photo posted online. Which piece of metadata is most useful for geolocation?
A.ColorSpace value
B.GPS coordinates embedded in the GPSLatitude and GPSLongitude tags
C.Camera model stored in the Make and Model tags
D.Image resolution in the XResolution and YResolution tags
Explanation: EXIF GPS tags (GPSLatitude, GPSLongitude, GPSLatitudeRef, GPSLongitudeRef) store precise geographic coordinates captured by GPS-enabled cameras and smartphones. Tools like ExifTool parse these tags to reveal where a photo was taken. Most major social platforms strip GPS EXIF data on upload, but investigator-obtained originals often retain it.
7Which tool is specifically designed for reverse image searching to identify where a photo has appeared online?
A.Shodan
B.theHarvester
C.Google Lens (or TinEye / Yandex Images)
D.Maltego
Explanation: Reverse image search engines such as Google Lens, TinEye, and Yandex Images allow investigators to upload or paste an image URL to find where it has appeared online — useful for identifying subjects, verifying profile photos, and detecting sock puppet reuse. Shodan scans internet-connected devices; theHarvester gathers emails/subdomains; Maltego builds relationship graphs.
8What does SOCMINT stand for, and what is its primary data source?
A.Source Code Management Intelligence; version control repositories
B.Social Commerce Intelligence; e-commerce transaction data
C.Security Operations Center Management Intelligence; corporate SIEM logs
D.Social Media Intelligence; publicly accessible social media platforms and user-generated content
Explanation: SOCMINT (Social Media Intelligence) is the collection and analysis of information derived from social media platforms — Twitter/X, Facebook, Instagram, LinkedIn, Reddit, TikTok, etc. — and other user-generated content. It is a critical sub-discipline of OSINT for people profiling, event monitoring, and network mapping.
9When investigating a Twitter/X account, which URL format allows an investigator to view all tweets from a specific user mentioning a keyword using the advanced search?
A.twitter.com/search?q=from:username keyword
B.twitter.com/username/search/keyword
C.twitter.com/advanced?user=username&q=keyword
D.twitter.com/lookup?handle=username&term=keyword
Explanation: Twitter/X advanced search supports the `from:username keyword` query syntax to return all tweets from a specified account that contain the keyword. This can be entered in the search bar or as URL parameters. The other URL formats do not exist in the Twitter/X platform.
10An investigator needs to find cached versions of a now-deleted Instagram profile. Which tool or service is best suited for this?
A.Shodan
B.The Wayback Machine (web.archive.org)
C.Censys
D.SpiderFoot HX
Explanation: The Wayback Machine (archive.org) crawls and archives web pages, including social media profiles. An investigator can enter a deleted Instagram profile URL to find historical snapshots. However, Instagram profiles are inconsistently archived — Google's cache and specialized social OSINT tools may also help. Shodan and Censys focus on internet-connected infrastructure, not social profiles.
About the PORP Practice Questions
Verified exam format metadata for TCM Security Practical OSINT Research Professional is pending. The practice questions above remain available while official exam length, timing, passing score, fee, and administrator details are reviewed.