Ethical Hacking Practice Test Quiz: Trivia!

Approved & Edited by ProProfs Editorial Team

The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.

Learn about Our Editorial Process

| By Mohammed Abrarul

Mohammed Abrarul

Community Contributor

Quizzes Created: 1 | Total Attempts: 495

Questions: 50 | Attempts: 498 | Updated: Mar 21, 2023

Questions

Settings

Feedback

During the Quiz End of Quiz

Play as

Quiz Flashcard

Create your own Quiz

Ethical Hacking Practice Test Quiz: Trivia! - Quiz

Questions and Answers

1.

A security consultant decides to use multiple layers of anti-virus defense, such as end-user desktop anti-virus and E-mail gateway. This approach can be used to mitigate which kind of attack?
- A.
  
  Forensic attack
- B.
  
  ARP spoofing attack
- C.
  
  Social engineering attack
- D.
  
  Scanning attack
Correct Answer
C. Social engineering attack

Explanation
Using multiple layers of anti-virus defense, such as end-user desktop anti-virus and E-mail gateway, can help mitigate social engineering attacks. Social engineering attacks involve manipulating individuals to disclose sensitive information or perform certain actions. By having anti-virus protection at both the desktop level and the email gateway, it can help detect and block malicious emails or attachments that may be used in social engineering attacks. This multi-layered approach adds an extra layer of protection against these types of attacks.

Rate this question:
2.

A person who uses hacking skills for defensive purposes is called a:
- A.
  
  Hacktivist
- B.
  
  Grey hat Hacker
- C.
  
  Black hat Hacker
- D.
  
  White hat Hacker
Correct Answer
D. White hat Hacker

Explanation
A person who uses hacking skills for defensive purposes is called a White hat Hacker. White hat hackers are ethical hackers who use their skills to identify vulnerabilities in computer systems and networks in order to help organizations improve their security. They work with the consent of the system owner and follow strict ethical guidelines to ensure that they do not cause any harm. Unlike black hat hackers who exploit vulnerabilities for personal gain, white hat hackers aim to protect and secure systems from potential threats.

Rate this question:
3.

Which of the following refers to an attacker exploiting vulnerabilities before the vendor has a patch or mitigation for them?
- A.
  
  Day 1 attack
- B.
  
  Zero-day attack
- C.
  
  Exploit
- D.
  
  Category I attack
Correct Answer
B. Zero-day attack

Explanation
A zero-day attack refers to an attacker exploiting vulnerabilities in a system before the vendor has developed a patch or mitigation for them. This means that the attacker takes advantage of the vulnerability on the same day it is discovered, leaving the vendor with no time to release a fix. This type of attack can be highly dangerous as it gives the victim no opportunity to protect themselves or their systems.

Rate this question:
4.

What is the preparatory phase of hacking called?
- A.
  
  Scanning
- B.
  
  Reconnaissance
- C.
  
  Enumeration
- D.
  
  Footprinting
Correct Answer
B. Reconnaissance

Explanation
Reconnaissance is the preparatory phase of hacking where the attacker gathers information about the target system or network. This involves passive techniques such as searching for publicly available information, analyzing social media profiles, or conducting online research to identify potential vulnerabilities. The purpose of reconnaissance is to gather as much information as possible to plan the attack and identify the most effective method to exploit the target.

Rate this question:
5.

Which of the following is a weakness in a system, application, network, or process?
- A.
  
  Threat
- B.
  
  Exploit
- C.
  
  Vulnerability
- D.
  
  Attack
Correct Answer
C. Vulnerability

Explanation
A vulnerability refers to a weakness in a system, application, network, or process that can be exploited by a threat or attacker. It is a flaw or gap in security measures that can allow unauthorized access, data breaches, or other malicious activities. Identifying and addressing vulnerabilities is crucial in maintaining the security and integrity of a system or network.

Rate this question:
6.

Which of the following refers to an unskilled hacker that uses pre-made scripts and tools to hack into systems?
- A.
  
  Ethical Hacker
- B.
  
  Grey Hat Hacker
- C.
  
  Cyber Terrorist
- D.
  
  Script Kiddie
Correct Answer
D. Script Kiddie

Explanation
A script kiddie refers to an unskilled hacker who relies on pre-made scripts and tools to carry out hacking activities. Unlike ethical hackers who use their skills for legitimate purposes, script kiddies lack the technical knowledge and expertise to develop their own hacking techniques. Instead, they rely on readily available tools and scripts to exploit vulnerabilities in systems. This term is often used to describe individuals who engage in hacking activities without fully understanding the consequences or the ethical implications of their actions.

Rate this question:
7.

Gathering information about a target without direct contact is called:
- A.
  
  Social engineering
- B.
  
  Passive FootPrinting
- C.
  
  Active FootPrinting
- D.
  
  Enumeration
Correct Answer
B. Passive FootPrinting

Explanation
Passive FootPrinting is the correct answer because it refers to the process of collecting information about a target without directly engaging or interacting with the target. This can involve gathering data from publicly available sources, such as websites, social media, or public records, to gain insights and knowledge about the target. It is a non-intrusive approach that focuses on observing and analyzing existing information rather than actively probing or interacting with the target system or network.

Rate this question:
8.

Which of the following ports is used by the Domain Name Service?
- A.
  
  53
- B.
  
  67
Correct Answer
A. 53

Explanation
Port 53 is used by the Domain Name Service (DNS). DNS is responsible for translating human-readable domain names into IP addresses that computers can understand. When a user enters a domain name into their web browser, the DNS server uses port 53 to query a database and retrieve the corresponding IP address for that domain name. This allows the user's computer to establish a connection with the correct server and load the requested website. Port 67, on the other hand, is used by the Dynamic Host Configuration Protocol (DHCP) server for assigning IP addresses to devices on a network.

Rate this question:
9.

Which type of password attack makes use of extensive wordlists to hash and run against a captured password hash?
- A.
  
  Character
- B.
  
  Brute Force
- C.
  
  Rainbow Tables
- D.
  
  Dictionary
Correct Answer
D. Dictionary

Explanation
Dictionary attack is a type of password attack that makes use of extensive wordlists to hash and run against a captured password hash. In this attack, the attacker uses a list of common words or commonly used passwords to guess the password. The attacker hashes each word in the list and compares it to the captured password hash to see if there is a match. This method is often successful because many users choose weak passwords that can be easily found in a dictionary or wordlist.

Rate this question:
10.

Where are password hashes stored on a Windows system?
- A.
  
  /etc/shadow
- B.
  
  SAM file
- C.
  
  PASSWORDS file
- D.
  
  C:\Windows\system32\shadow
Correct Answer
B. SAM file

Explanation
On a Windows system, password hashes are stored in the SAM (Security Accounts Manager) file. This file is located in the C:\Windows\system32 directory. The SAM file contains encrypted user account passwords and is an essential component of the Windows operating system's security mechanisms. It is used to authenticate user logins and protect the passwords from unauthorized access.

Rate this question:
11.

All of the following are considered clear text protocols EXCEPT:
- A.
  
  Telnet
- B.
  
  FTP
- C.
  
  SSH
- D.
  
  HTTP
Correct Answer
C. SSH

Explanation
Telnet, FTP, and HTTP are all examples of clear text protocols, meaning that the data transmitted over these protocols is not encrypted and can be easily intercepted and read by unauthorized individuals. However, SSH (Secure Shell) is not a clear text protocol. It is a secure network protocol that provides a secure channel over an unsecured network, encrypting the data transmitted between the client and the server, thus protecting it from eavesdropping and unauthorized access.

Rate this question:
12.

Which of the following open source tools would be the best choice to scan a network for potential targets?
- A.
  
  NMAP
- B.
  
  NIKTO
- C.
  
  CAIN ABEL
- D.
  
  John the Ripper
Correct Answer
A. NMAP

Explanation
NMAP would be the best choice to scan a network for potential targets. NMAP is a widely used open source tool that allows for network exploration and security auditing. It provides a comprehensive range of scanning techniques to identify open ports, services, and vulnerabilities on a network. With its extensive functionality and flexibility, NMAP is considered one of the most reliable and effective tools for network scanning and reconnaissance.

Rate this question:
13.

Which of the following is the successor of SSL?
- A.
  
  TLS
- B.
  
  RSA
- C.
  
  GRE
- D.
  
  IPSec
Correct Answer
A. TLS

Explanation
The successor of SSL is TLS (Transport Layer Security). TLS is a cryptographic protocol that provides secure communication over a network. It is an updated version of SSL and offers improved security features and stronger encryption algorithms. TLS is widely used to secure online transactions, email communication, and other sensitive data transfers on the internet. RSA, GRE, and IPSec are not successors of SSL, but rather different protocols or encryption algorithms used in networking and security.

Rate this question:
14.

As a Certified Ethical Hacker, you were contracted by a private firm to conduct an external security assessment through penetration testing. What document describes the specifics of the testing, the associated violations, and essentially protects both the organization's interest and your liabilities as a tester?
- A.
  
  Terms of Engagement
- B.
  
  Project Scope
- C.
  
  Non-Disclosure Agreement
- D.
  
  Service Level Agreement
Correct Answer
A. Terms of Engagement

Explanation
The Terms of Engagement document describes the specifics of the testing, including the scope of the project and any limitations or restrictions. It also outlines the responsibilities and expectations of both the organization and the tester, ensuring that both parties are protected and aware of their liabilities. This document serves as a legally binding agreement that protects the organization's interests and outlines the boundaries within which the tester can operate.

Rate this question:
15.

The establishment of a TCP connection involves a negotiation called 3 way handshake. What type of message sends the client to the server in order to begin this negotiation?
- A.
  
  RST
- B.
  
  SYN
- C.
  
  SYN-ACK
- D.
  
  ACK
Correct Answer
B. SYN

Explanation
The correct answer is SYN. In the TCP 3-way handshake, the client initiates the connection by sending a SYN (synchronize) message to the server. This message indicates the client's desire to establish a connection. The server then responds with a SYN-ACK (synchronize-acknowledge) message, indicating its willingness to establish the connection. Finally, the client sends an ACK (acknowledge) message to acknowledge the server's response and complete the handshake process. Therefore, the client sends the SYN message to begin the negotiation.

Rate this question:
16.

A company recently hired your team of Ethical Hackers to test the security of their network systems. The company wants to have the attack be as realistic as possible. They did not provide any information besides the name of their company. What phase of security testing would your team jump in right away?
- A.
  
  Scanning
- B.
  
  Reconnaissance
- C.
  
  Escalation
- D.
  
  Enumeration
Correct Answer
B. Reconnaissance

Explanation
In this scenario, the team of Ethical Hackers would jump right into the Reconnaissance phase of security testing. This phase involves gathering information about the target company, such as its infrastructure, systems, and potential vulnerabilities. Since the company did not provide any information besides its name, the team would need to conduct initial research and intelligence gathering to understand the company's network systems and identify potential entry points for attacks. This phase helps the team to simulate a realistic attack by understanding the target's environment and preparing for further steps in the testing process.

Rate this question:

1
0
17.

Which method can provide a better return on IT security investment and provide a thorough and comprehensive assessment of organizational security covering policy, procedure design and implementation?
- A.
  
  Penetration testing
- B.
  
  Social engineering
- C.
  
  Vulnerability scanning
- D.
  
  Access control list reviews
Correct Answer
A. Penetration testing

Explanation
Penetration testing is the method that can provide a better return on IT security investment and a thorough assessment of organizational security. It involves simulating real-world attacks to identify vulnerabilities in the system, policies, and procedures. By actively exploiting these vulnerabilities, organizations can understand the potential impact and prioritize remediation efforts. This comprehensive approach helps to identify weaknesses in policy, procedure design, and implementation, ensuring a more robust security posture.

Rate this question:
18.

Which of the following tools will scan a network to perform vulnerability checks and compliance auditing?
- A.
  
  NMAP
- B.
  
  Nessus
- C.
  
  Metasploit
- D.
  
  Cain
Correct Answer
B. Nessus

Explanation
Nessus is the correct answer because it is a widely used network scanning tool that can perform vulnerability checks and compliance auditing. It scans networks to identify potential vulnerabilities in systems and provides detailed reports on the security posture of the network. Nessus can also check for compliance with various industry standards and regulations, making it a comprehensive tool for assessing network security.

Rate this question:
19.

Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.
- A.
  
  SQL injection attack
- B.
  
  Cross-Site Scripting (XSS)
- C.
  
  LDAP Injection attack
- D.
  
  Cross-Site Request Forgery (CSRF)
Correct Answer
B. Cross-Site Scripting (XSS)

Explanation
Cross-Site Scripting (XSS) is the correct answer because it refers to the web application attack where attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users. This allows the attackers to execute malicious scripts on the victim's browser, potentially stealing sensitive information or performing unauthorized actions on behalf of the user. SQL injection, LDAP injection, and Cross-Site Request Forgery (CSRF) are different types of web application attacks that do not specifically involve injecting client-side scripts into web pages.

Rate this question:
20.

Which Nmap option would you use if you were not concerned about being detected and wanted to perform a very fast scan?
- A.
  
  -T0
- B.
  
  -T5
- C.
  
  -O
- D.
  
  -A
Correct Answer
B. -T5

Explanation
The -T5 option in Nmap is used for setting the timing template to the highest speed, allowing for a very fast scan. This option is suitable when the user is not concerned about being detected and wants to quickly scan the target. The higher the timing template, the faster the scan will be. Therefore, -T5 is the correct option for performing a very fast scan without worrying about being detected.

Rate this question:
21.

Which is the first step followed by Vulnerability Scanners for scanning a network?
- A.
  
  TCP/UDP Port scanning
- B.
  
  Firewall detection
- C.
  
  OS Detection
- D.
  
  Checking if the remote host is alive
Correct Answer
D. Checking if the remote host is alive

Explanation
The first step followed by Vulnerability Scanners for scanning a network is checking if the remote host is alive. This step is crucial as it ensures that the host is active and reachable before proceeding with further scanning. By checking if the remote host is alive, the scanner can determine if the target system is online and responsive, allowing for a successful and accurate vulnerability assessment.

Rate this question:
22.

The "gray box testing" methodology enforces what kind of restriction?
- A.
  
  The internal operation of a system is only partly accessible to the tester.
- B.
  
  The internal operation of a system is completely known to the tester.
- C.
  
  Only the external operation of a system is accessible to the tester.
- D.
  
  Only the internal operation of a system is known to the tester.
Correct Answer
A. The internal operation of a system is only partly accessible to the tester.

Explanation
Gray box testing is a methodology that combines elements of both black box testing (where the internal workings of a system are unknown to the tester) and white box testing (where the internal workings of a system are fully known to the tester). In gray box testing, the tester has partial knowledge of the internal operation of the system. This means that while the tester may have some understanding of the internal workings, there are still certain aspects that are inaccessible or unknown. Therefore, the correct answer is "The internal operation of a system is only partly accessible to the tester."

Rate this question:
23.

Seth is starting a penetration test from inside the network. He hasn't been given any information about the network. What type of test is he conducting?
- A.
  
  Internal Whitebox
- B.
  
  External, Whitebox
- C.
  
  Internal, Blackbox
- D.
  
  External, Blackbox
Correct Answer
C. Internal, Blackbox

Explanation
Seth is conducting an internal blackbox test. In this type of test, the tester has no prior knowledge about the internal network and is simulating an attack from within the network to identify vulnerabilities and weaknesses. The term "blackbox" refers to the lack of knowledge about the internal network, while "internal" indicates that the test is being performed from within the network rather than externally.

Rate this question:
24.

Which of the following is a low-tech way of gaining unauthorized access to systems?
- A.
  
  Social Engineering
- B.
  
  Sniffing
- C.
  
  Eavesdropping
- D.
  
  Scanning
Correct Answer
A. Social Engineering

Explanation
Social Engineering is a low-tech way of gaining unauthorized access to systems by manipulating and deceiving individuals to obtain sensitive information or perform actions that compromise security. It involves exploiting human psychology and trust to trick people into revealing passwords, granting access, or providing confidential information. Unlike the other options listed, Social Engineering does not rely on technical methods like network scanning or sniffing data packets, but instead exploits human vulnerabilities to gain unauthorized access.

Rate this question:

2
0
25.

In order to have an anonymous Internet surf, which of the following is best choice?
- A.
  
  Use SSL sites when entering personal information
- B.
  
  Use Tor network with multi-node
- C.
  
  Use shared WiFi
- D.
  
  Use public VPN
Correct Answer
B. Use Tor network with multi-node

Explanation
Using the Tor network with multi-node is the best choice for having an anonymous internet surf. Tor is a free and open-source network that helps in protecting the user's privacy by routing their internet traffic through a series of relays, making it difficult to trace the origin of the traffic. By using multiple nodes in the Tor network, the user's online activities become even more anonymous, as it becomes harder to track their internet traffic across different nodes. This ensures a higher level of privacy and anonymity while browsing the internet.

Rate this question:
26.

Which of the following is an example of IP spoofing?
- A.
  
  SQL injections
- B.
  
  Man-in-the-middle
- C.
  
  Cross-site scripting
- D.
  
  ARP poisoning
Correct Answer
B. Man-in-the-middle

Explanation
Man-in-the-middle is an example of IP spoofing. In this attack, an attacker intercepts communication between two parties and impersonates each party to the other, making them believe that they are communicating directly with each other. By doing so, the attacker can intercept and manipulate the data being exchanged, potentially gaining unauthorized access to sensitive information. This type of attack is often used to steal login credentials, financial information, or other valuable data.

Rate this question:
27.

A certified ethical hacker (CEH) is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof so she can take him to court. What is the ethical response?
- A.
  
  Say no; the friend is not the owner of the account.
- B.
  
  Say yes; the friend needs help to gather evidence.
- C.
  
  Say yes; do the job for free.
- D.
  
  Say no; make sure that the friend knows the risk she's asking the CEH to take.
Correct Answer
A. Say no; the friend is not the owner of the account.

Explanation
The ethical response is to say no because the friend is not the owner of the account. As a certified ethical hacker, it is important to adhere to ethical guidelines and laws. Breaking into someone's email account without their permission is a violation of privacy and potentially illegal. The CEH should advise the friend to seek legal means to address her concerns and should not engage in any activities that compromise the privacy and security of others.

Rate this question:
28.

In an internal security audit, the white hat hacker gains control over a user account and attempts to acquire access to another account's confidential files and information. How can he achieve this?
- A.
  
  Port Scanning
- B.
  
  Hacking Active Directory
- C.
  
  Privilege Escalation
- D.
  
  Shoulder-Surfing
Correct Answer
C. Privilege Escalation

Explanation
Privilege escalation refers to the act of gaining higher levels of access or privileges within a system or network. In this scenario, the white hat hacker, who already has control over a user account, can exploit vulnerabilities or weaknesses in the system to elevate their privileges and gain access to another account's confidential files and information. This can be achieved through various techniques such as exploiting software vulnerabilities, misconfigurations, or leveraging administrative privileges. By escalating their privileges, the hacker can bypass security measures and gain unauthorized access to sensitive data.

Rate this question:
29.

Which one of the following Google advanced search operators allows an attacker to restrict the results to those websites in the given domain?
- A.
  
  [cache:]
- B.
  
  [site:]
- C.
  
  [inurl:]
- D.
  
  [link:]
Correct Answer
B. [site:]

Explanation
The [site:] operator in Google advanced search allows an attacker to restrict the search results to websites within a specific domain. By using this operator, an attacker can focus their search on a particular domain, making it easier to find vulnerabilities or sensitive information within that specific website. This operator is commonly used by attackers to target a specific organization or website during reconnaissance or information gathering phases of an attack.

Rate this question:
30.

Which of the following is the most important phase of ethical hacking wherein you need to spend considerable amount of time?
- A.
  
  Gaining access
- B.
  
  Escalating privileges
- C.
  
  Network mapping
- D.
  
  Footprinting
Correct Answer
D. Footprinting

Explanation
Footprinting is the most important phase of ethical hacking wherein you need to spend a considerable amount of time. Footprinting involves gathering information about the target system or network, such as IP addresses, domain names, employee details, system architecture, and vulnerabilities. This phase helps in understanding the target's infrastructure and identifying potential entry points. It lays the foundation for the subsequent phases of ethical hacking, including network mapping, gaining access, and escalating privileges. By thoroughly footprinting the target, ethical hackers can gather crucial information to plan and execute their attacks effectively.

Rate this question:
31.

Which of the following is considered as one of the most reliable forms of TCP scanning?
- A.
  
  TCP Connect/Full Open Scan
- B.
  
  Half-open Scan
- C.
  
  NULL Scan
- D.
  
  Xmas Scan
Correct Answer
A. TCP Connect/Full Open Scan

Explanation
TCP Connect/Full Open Scan is considered as one of the most reliable forms of TCP scanning because it establishes a full TCP connection with the target host. This means that the scanning device completes the TCP handshake process, including the SYN, SYN-ACK, and ACK packets. By successfully establishing a connection, it confirms the availability of the port and the service running on it. This method is less likely to be detected by intrusion detection systems (IDS) compared to other scanning techniques like Half-open Scan, NULL Scan, and Xmas Scan.

Rate this question:
32.

Nation-state threat actors often discover vulnerabilities and hold on to them until they want to launch a sophisticated attack. The Stuxnet attack was an unprecedented style of attack because it used four types of vulnerability. What is this style of attack called?
- A.
  
  Zero-day
- B.
  
  Zero-hour
- C.
  
  Zero-sum
- D.
  
  No-day
Correct Answer
A. Zero-day

Explanation
A zero-day attack refers to a type of cyber attack where threat actors exploit vulnerabilities that are unknown to the software vendor or have not yet been patched. In the case of the Stuxnet attack, it was considered unprecedented because it utilized four different types of previously unknown vulnerabilities, making it a zero-day attack. This term is commonly used in the cybersecurity field to describe attacks that take advantage of undisclosed vulnerabilities.

Rate this question:
33.

Which tool allows analysts and pen testers to examine links between data using graphs and link analysis?
- A.
  
  Maltego
- B.
  
  Cain & Abel
- C.
  
  Metasploit
- D.
  
  Wireshark
Correct Answer
A. Maltego

Explanation
Maltego is a tool that allows analysts and pen testers to examine links between data using graphs and link analysis. It provides a visual representation of relationships and connections within the data, making it easier to identify patterns, trends, and potential vulnerabilities. Cain & Abel, Metasploit, and Wireshark are all useful tools in their own right, but they do not specifically offer the same graph and link analysis capabilities as Maltego.

Rate this question:
34.

An enterprise recently moved to a new office and the new neighborhood is a little risky. The CEO wants to monitor the physical perimeter and the entrance doors 24 hours. What is the best option to do this job?
- A.
  
  Use fences in the entrance doors.
- B.
  
  Install a CCTV with cameras pointing to the entrance doors and the street.
- C.
  
  Use an IDS in the entrance doors and install some of them near the corners.
- D.
  
  Use lights in all the entrance doors and along the company's perimeter.
Correct Answer
B. Install a CCTV with cameras pointing to the entrance doors and the street.

Explanation
Installing a CCTV with cameras pointing to the entrance doors and the street is the best option to monitor the physical perimeter and entrance doors 24 hours. This option allows for continuous surveillance and provides visual evidence in case of any security incidents. It covers both the entrance doors and the surrounding area, ensuring comprehensive monitoring of the new neighborhood, which is considered risky. The CCTV system will help deter potential criminals and provide a sense of security for the enterprise and its employees.

Rate this question:

1
0
35.

The company ABC recently discovered that their new product was released by the opposition before their premiere. They contract an investigator who discovered that the maid threw away papers with confidential information about the new product and the opposition found it in the garbage. What is the name of the technique used by the opposition?
- A.
  
  Hack attack
- B.
  
  Sniffing
- C.
  
  Dumpster diving
- D.
  
  Spying
Correct Answer
C. Dumpster diving

Explanation
The technique used by the opposition in this scenario is called "dumpster diving." This involves searching through someone's trash or garbage to find valuable or confidential information. In this case, the maid unknowingly discarded papers with confidential information about the new product, which the opposition found and used to their advantage.

Rate this question:
36.

What would you enter, if you wanted to perform a stealth scan using Nmap?
- A.
  
  Nmap -sU
- B.
  
  Nmap -sS
- C.
  
  Nmap -sM
- D.
  
  Nmap -sT
Correct Answer
B. Nmap -sS

Explanation
The correct answer is "nmap -sS". This is because the "-sS" flag in Nmap stands for "TCP SYN scan", which is a type of stealth scan. In a TCP SYN scan, Nmap sends SYN packets to the target host and analyzes the response to determine open ports. This scan is considered stealthy because it does not complete the full TCP handshake, making it harder for the target host to detect the scan.

Rate this question:
37.

Which of the following parameters enables NMAP's operating system detection feature?
- A.
  
  NMAP -sV
- B.
  
  NMAP -oS
- C.
  
  NMAP -sR
- D.
  
  NMAP -O
Correct Answer
D. NMAP -O

Explanation
The correct answer is "NMAP -O." The "-O" parameter in NMAP enables the operating system detection feature. This feature allows NMAP to identify the operating system running on the target host by analyzing various network packets and responses. By using this parameter, NMAP sends specific probes and analyzes the responses to determine the operating system type. This can be useful for network administrators to identify potential vulnerabilities and ensure the security of their systems.

Rate this question:
38.

If there is an Intrusion Detection System (IDS) in intranet, which port scanning technique cannot be used?
- A.
  
  Spoof Scan
- B.
  
  TCP Connect scan
- C.
  
  TCP SYN
- D.
  
  Idle Scan
Correct Answer
C. TCP SYN

Explanation
TCP SYN scanning cannot be used if there is an Intrusion Detection System (IDS) in the intranet. This scanning technique involves sending a SYN packet to the target host and waiting for a response. If the IDS is in place, it can detect this SYN packet and potentially block or alert the network administrator, making it ineffective for the attacker. Therefore, TCP SYN scanning is not a viable option when an IDS is present.

Rate this question:
39.

When you are collecting information to perform a data analysis, Google commands are very useful to find sensitive information and files. These files may contain information about passwords, system functions, or documentation. What command will help you to search files using Google as a search engine?
- A.
  
  Site: target.com filetype:xls username password email
- B.
  
  Inurl: target.com filename:xls username password email
- C.
  
  Domain: target.com archive:xls username password email
- D.
  
  Site: target.com file:xls username password email
Correct Answer
A. Site: target.com filetype:xls username password email

Explanation
The correct answer is "site: target.com filetype:xls username password email". This command allows you to search for files with the extension ".xls" on the website "target.com" that may contain sensitive information such as usernames, passwords, and emails. By using the "site:" operator, you restrict the search to a specific site, and the "filetype:" operator specifies the file extension to search for.

Rate this question:
40.

Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?
- A.
  
  Msfpayload
- B.
  
  Msfcli
- C.
  
  Msfd
- D.
  
  Msfvenom
Correct Answer
D. Msfvenom

Explanation
Msfvenom is a Metasploit Framework tool that can help penetration testers evade Anti-virus Systems. It allows for the generation of custom payloads that can bypass antivirus detection by encoding the payload and creating new variations of it. This tool provides options for payload encoding, obfuscation, and encryption, making it an effective tool for evading antivirus systems during penetration testing.

Rate this question:
41.

Risks = Threats x Vulnerabilities is referred to as the:
- A.
  
  Risk equation
- B.
  
  Threat assessment
- C.
  
  BIA equation
- D.
  
  Disaster recovery formula
Correct Answer
A. Risk equation

Explanation
The equation Risks = Threats x Vulnerabilities is commonly known as the risk equation. This equation represents the relationship between threats and vulnerabilities in determining the level of risk. By multiplying the threats and vulnerabilities together, organizations can assess and quantify the potential risks they face. This equation is widely used in risk management and helps organizations identify and prioritize their efforts to mitigate potential risks.

Rate this question:

1
0
42.

Within the context of Computer Security, which of the following statements describes Social Engineering best?
- A.
  
  Social Engineering is the act of publicly disclosing information
- B.
  
  Social Engineering is the means put in place by human resource to perform time accounting
- C.
  
  Social Engineering is the act of getting needed information from a person rather than breaking into a system
- D.
  
  Social Engineering is a training program within sociology studies
Correct Answer
C. Social Engineering is the act of getting needed information from a person rather than breaking into a system

Explanation
Social Engineering is the act of manipulating or deceiving individuals to gain unauthorized access to sensitive information or systems. It involves exploiting human psychology and trust to trick people into revealing confidential data or performing actions that could compromise security. This method is often used by attackers as it can be easier and more effective than attempting to bypass technical security measures.

Rate this question:
43.

Shellshock had the potential for an unauthorized user to gain access to a server. It affected many internet-facing services, which OS did it not directly affect?
- A.
  
  Windows
- B.
  
  Unix
- C.
  
  Linux
- D.
  
  OS X
Correct Answer
A. Windows

Explanation
Shellshock is a vulnerability in the Bash shell, which is commonly used in Unix-based operating systems like Linux and OS X. It allows unauthorized users to execute arbitrary commands, potentially gaining access to a server. However, Windows does not use the Bash shell as its default command-line interface, so it was not directly affected by the Shellshock vulnerability.

Rate this question:
44.

Which is the best type of defense for social engineering attacks?
- A.
  
  Strong passwords
- B.
  
  Permissions
- C.
  
  Encryption
- D.
  
  Education
Correct Answer
D. Education

Explanation
Education is the best type of defense for social engineering attacks because it helps individuals recognize and understand the tactics used by attackers. By being educated on the various social engineering techniques, such as phishing or pretexting, individuals can learn to identify suspicious emails, phone calls, or requests for personal information. They can also learn how to respond appropriately and report any potential attacks. While strong passwords, permissions, and encryption can provide some level of protection, education is crucial in preventing social engineering attacks as it empowers individuals to make informed decisions and avoid falling victim to manipulation.

Rate this question:
45.

An attack that allows database commands to be appended to invalid form input is known as:
- A.
  
  Cross-site request forgery
- B.
  
  Parameter tampering
- C.
  
  SQL injection
- D.
  
  XML injection
Correct Answer
C. SQL injection

Explanation
SQL injection is an attack that allows an attacker to insert malicious SQL commands into a database query through invalid form input. By exploiting vulnerabilities in the application's code, the attacker can manipulate the SQL statements and gain unauthorized access to the database or perform unauthorized actions. This type of attack can lead to data theft, data manipulation, or even complete compromise of the affected system.

Rate this question:
46.

Which type of test actually exploits weaknesses found in a system?
- A.
  
  White box test
- B.
  
  Black box test
- C.
  
  Vulnerability assessment
- D.
  
  Penetration test
Correct Answer
D. Penetration test

Explanation
A penetration test is a type of test that identifies and exploits weaknesses in a system. This test simulates real-world attacks to assess the security of a system by attempting to bypass its defenses. It involves actively probing the system to find vulnerabilities and then exploiting them to gain unauthorized access or control. This test is often performed by ethical hackers to identify potential security risks and help organizations strengthen their defenses.

Rate this question:
47.

Which type of computer-based social- engineering attack attempts to persuade users to click on links in an email?
- A.
  
  Spam
- B.
  
  Phishing
- C.
  
  Pop-ups
- D.
  
  Fake Antivirus
Correct Answer
B. Phishing

Explanation
Phishing is a type of computer-based social engineering attack that aims to deceive and manipulate users into clicking on links in emails. The attackers typically impersonate a trustworthy entity, such as a bank or a popular website, and send out emails that appear legitimate. These emails often contain urgent or enticing messages, tricking users into revealing sensitive information or downloading malicious software. By pretending to be a trustworthy source, the attackers aim to gain unauthorized access to personal data, financial information, or login credentials.

Rate this question:
48.

Which of the following social engineering techniques is used to get an individual’s password as it is entered on the keyboard?
- A.
  
  Eavesdropping
- B.
  
  Dumpster Diving
- C.
  
  Shoulder Surfing
- D.
  
  Tailgating
Correct Answer
C. Shoulder Surfing

Explanation
Shoulder surfing is a social engineering technique where an individual observes another person's actions, specifically their keyboard inputs, in order to obtain their password. This can be done by physically looking over someone's shoulder while they enter their password or by using surveillance technology to monitor their keystrokes from a distance. By obtaining someone's password through shoulder surfing, an attacker can gain unauthorized access to their accounts and potentially exploit sensitive information.

Rate this question:
49.

All of the following are susceptible to sniffing EXCEPT:
- A.
  
  Plaintext Passwords
- B.
  
  FTP file transfers
- C.
  
  Encrypted communications sessions
- D.
  
  Telnet sessions
Correct Answer
C. Encrypted communications sessions

Explanation
Encrypted communications sessions are not susceptible to sniffing because the data being transmitted is encrypted, making it difficult for an attacker to intercept and understand the information. Sniffing refers to the act of capturing and analyzing network traffic, usually done by attackers to gain unauthorized access to sensitive data. However, with encrypted communications sessions, the data is protected and cannot be easily deciphered, ensuring the security and privacy of the transmitted information.

Rate this question:
50.

All of the following human traits contribute to the success of social engineering attacks EXCEPT:
- A.
  
  Suspicion
- B.
  
  Trust
- C.
  
  Social Obligation
- D.
  
  Ignorance
Correct Answer
A. Suspicion

Explanation
Suspicion is not a trait that contributes to the success of social engineering attacks. In fact, suspicion is a defense mechanism that can help individuals identify and avoid potential scams or manipulations. On the other hand, trust, social obligation, and ignorance are traits that can be exploited by social engineers to manipulate individuals into divulging sensitive information or performing actions that they wouldn't normally do.

Rate this question:

Ethical Hacking Practice Test Quiz: Trivia!

A security consultant decides to use multiple layers of anti-virus defense, such as end-user desktop anti-virus and E-mail gateway. This approach can be used to mitigate which kind of attack?

A person who uses hacking skills for defensive purposes is called a:

Which of the following refers to an attacker exploiting vulnerabilities before the vendor has a patch or mitigation for them?

What is the preparatory phase of hacking called?

Which of the following is a weakness in a system, application, network, or process?

Which of the following refers to an unskilled hacker that uses pre-made scripts and tools to hack into systems?

Gathering information about a target without direct contact is called:

Which of the following ports is used by the Domain Name Service?

Which type of password attack makes use of extensive wordlists to hash and run against a captured password hash?

Where are password hashes stored on a Windows system?

All of the following are considered clear text protocols EXCEPT:

Which of the following open source tools would be the best choice to scan a network for potential targets?

Which of the following is the successor of SSL?

The establishment of a TCP connection involves a negotiation called 3 way handshake. What type of message sends the client to the server in order to begin this negotiation?

Which method can provide a better return on IT security investment and provide a thorough and comprehensive assessment of organizational security covering policy, procedure design and implementation?

Which of the following tools will scan a network to perform vulnerability checks and compliance auditing?

Identify the web application attack where the attackers exploit vulnerabilities in dynamically generated web pages to inject client-side script into web pages viewed by other users.

Which Nmap option would you use if you were not concerned about being detected and wanted to perform a very fast scan?

Which is the first step followed by Vulnerability Scanners for scanning a network?

The "gray box testing" methodology enforces what kind of restriction?

Seth is starting a penetration test from inside the network. He hasn't been given any information about the network. What type of test is he conducting?

Which of the following is a low-tech way of gaining unauthorized access to systems?

In order to have an anonymous Internet surf, which of the following is best choice?

Which of the following is an example of IP spoofing?

A certified ethical hacker (CEH) is approached by a friend who believes her husband is cheating. She offers to pay to break into her husband's email account in order to find proof so she can take him to court. What is the ethical response?

In an internal security audit, the white hat hacker gains control over a user account and attempts to acquire access to another account's confidential files and information. How can he achieve this?

Which one of the following Google advanced search operators allows an attacker to restrict the results to those websites in the given domain?

Which of the following is the most important phase of ethical hacking wherein you need to spend considerable amount of time?

Which of the following is considered as one of the most reliable forms of TCP scanning?

Nation-state threat actors often discover vulnerabilities and hold on to them until they want to launch a sophisticated attack. The Stuxnet attack was an unprecedented style of attack because it used four types of vulnerability. What is this style of attack called?

Which tool allows analysts and pen testers to examine links between data using graphs and link analysis?

An enterprise recently moved to a new office and the new neighborhood is a little risky. The CEO wants to monitor the physical perimeter and the entrance doors 24 hours. What is the best option to do this job?

What would you enter, if you wanted to perform a stealth scan using Nmap?

Which of the following parameters enables NMAP's operating system detection feature?

If there is an Intrusion Detection System (IDS) in intranet, which port scanning technique cannot be used?

Which Metasploit Framework tool can help penetration tester for evading Anti-virus Systems?

Risks = Threats x Vulnerabilities is referred to as the:

Within the context of Computer Security, which of the following statements describes Social Engineering best?

Shellshock had the potential for an unauthorized user to gain access to a server. It affected many internet-facing services, which OS did it not directly affect?

Which is the best type of defense for social engineering attacks?

An attack that allows database commands to be appended to invalid form input is known as:

Which type of test actually exploits weaknesses found in a system?

Which type of computer-based social- engineering attack attempts to persuade users to click on links in an email?

Which of the following social engineering techniques is used to get an individual’s password as it is entered on the keyboard?

All of the following are susceptible to sniffing EXCEPT:

All of the following human traits contribute to the success of social engineering attacks EXCEPT: