[&] What is the primary purpose of using leaked password databases in cybersecurity?
- To generate new passwords for users
- To perform a DNS zone transfer
- To collect more email addresses
- To identify if an email address has been part of a data breach

[&] What is a potential risk of users reusing passwords across multiple sites?
- Only one site can be compromised
- New passwords will be automatically generated
- Their accounts will be more secure
- All sites registered with the same email and password may be compromised

[&] Which popular site aggregates data breaches and allows users to check if their email or phone number has been leaked?
- databreaches.net
- passwordleaks.com
- haveibeenpwned.com
- securepasswords.com

[&] Why is it important for penetration testers to check if employee emails have been part of a data breach?
- All of the above
- To find passwords for password spray attacks
- To determine compliance with the company's password security policy
- To ensure employees are using strong passwords

[&] What is 'password spray attack' in the context of cybersecurity?
- Scanning for open ports
- Trying leaked passwords on different accounts
- Resetting passwords automatically
- Generating new secure passwords

[&] During what phase of a penetration test would you use leaked password databases to gather information?
- Active information gathering
- Exploit phase
- Passive information gathering
- Reporting phase