Ethical Hacking Quiz and Answer
Ethical Hacking refers to the practice of intentionally probing and testing the security of computer systems, networks, or applications to identify vulnerabilities, weaknesses, and potential threats before malicious hackers can exploit them.
Ethical hackers, also called white hat hackers, use the same skills and techniques as malicious hackers but do so with the permission of the system's owner and with the goal of improving security.
The following are quizzes and answers related to Ethical Hacking. They are listed in no particular order.
- Ryan received a security audit that included a finding that the organization lacked sufficient physical controls in its security program. What action is Ryan most likely to take?
Upgrade an existing fence.
- Which command creates new directories in Linux?
Mkdir
- Which of the following is not considered one of the three types of controls used to mitigate risk?
Distribution
- Ron is building a system that he will use in a penetration test. He would like to choose a Linux distribution well suited to that purpose. Which of the following Linux distributions would be his best choice?
Kali Linux
- In a Linux shell, which command returns all files with a .log extension in the current working directory?
ls *.log
- Kaiden would like to find the list of physical disk drives that are connected to a Linux system. Which directory contains a subdirectory for each drive?
/dev
- Which command displays the current location of the user within the Linux directory structure?
Pwd
- Of the following, which description best describes the scanning step of hacking?
An attacker conducting a ping sweep of all of the victim's known Internet Protocol (IP) addresses
- In an organization protecting its IT infrastructure from risks, which control includes firewalls, intrusion prevention systems (IPSs), and biometric authentication?
Technical
- Which of the following statements is true regarding ethical hackers?
Ethical hackers engage in their activities only with the permission of the asset owner.
- True or False? Policies and procedures are forms of technical controls.
False
- True or False? The primary goal of a penetration test is to determine whether a specific resource can be compromised. A vulnerability assessment is a survey of a system to identify as many vulnerabilities as possible.
True
- True or False? In black-box penetration testing, advanced knowledge is provided to the testing team.
False
- What is a mechanism used to encrypt communication between two parties? Transport Layer Security (TLS)
- Which of the following is true of Internet Protocol version 6 (IPv6)? IPv6 addresses are 128-bit numbers.
- What common type of network is also referred to as IEEE 802.3? Ethernet
- ________ is designed to convert fully qualified domain names (FQDNs) into numeric Internet Protocol (IP) addresses or IP addresses into FQDNs. Domain Name System (DNS)
- Which protocol resolves an Internet Protocol v4 (IPv4) address to an unknown Media Access Control (MAC) address? Address Resolution Protocol (ARP)
- Which form of attack involves a malicious person altering Address Resolution Protocol (ARP) tables or intercepting a Neighbor Advertisement (NA) ICMPv6 message to insert their own addresses? Poisoning MAC address resolution
- Dhruv is a network engineer. He is investigating a series of denial of service (DoS) attacks against his company's servers. He has an intern shadowing him who asks at what layer on the OSI model such attacks take place. What does he tell her? Transport
- Carrie is examining a piece of malware. She determines that it was gathering information about the user of a system, but she has no other information. Which of the following terms should she use to describe this malware? Spyware
- Which two protocols are associated with the Host-to-Host Layer of the TCP/IP model? Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)
- Which protocol runs on Internet Protocol version 6 (IPv6) networks and provides services similar to Address Resolution Protocol (ARP)? Neighbor Discovery Protocol (NDP)
- __________ calls for blocking all ports by default and allowing only those ports that are needed. The deny-all principle
- Dori is a network engineer. She is using a particular protocol to discover network devices in an Internet Protocol version 6 (IPv6) environment. Which protocol is she using? Neighbor Discovery Protocol (NDP)
- Which term refers to the ability to have definite proof that a message originated from a specific party?
Nonrepudiation
- Which term refers to the ability to verify that information has not been altered and has remained in the form originally intended by the creator?
integrity
- What type of encryption uses the same key to encrypt and to decrypt information?
symmetric encryption
- What provides a framework through which two parties can establish a trusted relationship even if the parties have no prior knowledge of one another?
Public Key Infrastructure (PKI)
- Hashing is involved with digital signatures. A hashing algorithm creates a hash to:
verify the integrity of the message
- Digital certificates:
provide a form of identification on the Internet and in other areas.
- What is a hybrid algorithm that uses asymmetric keys to encrypt the symmetric key, which is then used to encrypt the rest of a message?
El Gamal
- What is a form of cryptography that is a component of Internet Protocol version 6 (IPv6) but is optional in IPv4?
Internet Protocol Security (IPSec)
- Which term is synonymous with "algorithm" in describing a formula used to perform encryption?
ciper
- Bob would like to send a confidential, encrypted message to Alice using asymmetric cryptography. What key should Bob use to create the message?
Alice’s public key
- An attacker decrypts a deliberately chosen ciphertext into the corresponding plaintext. Essentially, the attacker can "feed" information into the decryption system and observe the output. What form of attack does this describe?
chosen ciphertext attack
- The main function or capability of a certificate authority (CA) is to:
generate key pairs and bind an authenticated user’s identity to the public key
- A one-way hashing function is designed to be:
relatively easy to compute one way but hard to reverse
- Alice sends a message to Bob. She uses cryptography to ensure that Bob will be able to prove to another person that the message in his possession actually came from Alice. What goal of cryptography is Alice attempting to achieve?
Nonrepudiation
- Larry is attempting to identify the path a data packet travels to reach a specific Internet Protocol (IP) address. What command can he use on a Windows system to identify the path?
tracert
- Which command instructs Google to search for a term within the title of a webpage document?
intitle
- _____ refers to a program to query Internet domain name servers.
Nslookup
- One of the reasons Twitter and other social media sites are such effective information-gathering tools is because
users do not typically activate the privacy features to keep their postings private.
- In Google hacking, the keyword ____________ instructs Google to return files with specific extensions
filetype
- Which website file can be altered by the owner to block areas where search engines look?
robots.txt
- Countermeasures to thwart footprinting of an organization's website include all of the following except
adding unnecessary information to the website to throw attackers off the trail
- The manual method of obtaining network range information requires the attacker to visit one or more of the regional Internet registries (RIRs), which are responsible for:
management, distribution, and registration of public Internet Protocol (IP) addresses within their respective assigned regions
- Which of the following is created for the sole purpose of posting unflattering content about a company?
sucks domain
- Zabasearch and Spokeo are examples of
aggregators, or sites that accumulate data from multiple sources
- Sunita is preparing to scan a Microsoft SQL Server database server for open ports. What port should she expect to find supporting the database service?
1433
- Harry is analyzing inbound network traffic. He notices a Transmission Control Protocol (TCP) packet that has the FIN, PSH, and URG flags set at the same time. Which type of scan is most likely occurring?
XMAS tree
- In determining a target network's Internet Protocol (IP) address range, which method requires a direct query?
Manual register query
- A packet with the ECE flag signals
the sender is Explicit Congestion Notification (ECN) capable
- Which method of preventing port scanning from returning useful information to an attacker uses the same tools as the attacker?
Port scanning
- Active fingerprinting has many advantages, but using this technique increases the chances of being detected. What is a benefit of active operating system (OS) fingerprinting?
It is an ideal mechanism for scanning a large number of hosts quickly
- The practice of identifying the operating system of a networked device through either passive or active techniques is called:
operating system (OS) fingerprinting.
- __________ are bits set in the header of a network packet, each describing a specific behavior.
Flags
- After running the command nmap -A with the Internet Protocol (IP) address of the host, the following is returned. (Output truncated for space.) What is the likely operating system of the scanned host?
Apple iOS
- What is a wireless network detector, sniffer, and intrusion detection system commonly found on Linux?
Kismet
- Attackers' attempts to stop their attacks from being detected are referred to as:
covering tracks
- Which of the following is included in Windows and is intended to assist in network troubleshooting and maintenance?
nbtstat
- Shoulder surfing, keyboard sniffing, and social engineering are considered what type of attack?
Nontechnical password attack
- What is the unique ID assigned to each user account in Windows that identifies the account or group?
Security identifier (SID)
- Diego is concerned about attackers targeting his Windows servers using the NetBIOS protocol. He wants to block use of that protocol at the firewall. Which of the following ports does Diego not need to block to prevent NetBIOS access?
140/TCP
- What are alternate data streams (ADSs) associated with?
Data hiding
- What is salting?
Adding extra characters to a password prior to hashing
- ___________ means that an account should possess only the minimum privileges necessary to carry out required job functions.
The principle of least privilege
- ________ refers to software designed to alter system files and utilities on a victim's system with the intention of changing the way a system behaves.
Rootkit
- Which of the following best describes the capabilities that privilege escalation gives to an attacker?
Enables actions to be performed on a system with fewer restrictions and to perform tasks that are potentially more damaging
- An attacker can __________ to deprive a system owner of the ability to detect activities that have been carried out
disable auditing
- Which of the following is a type of passive online attack?
Replay attack
- The attacker's primary goal during enumeration is to:
uncover specific information about each target system
- What method can thwart a brute-force password attack?
a policy that locks user accounts after the password is entered incorrectly a certain number of times
- Dean believes that a Trojan may have infected his system. Which command can he use to query for open connections to help determine if a Trojan is using a specific port?
netstat
- What is a form of backdoor used by an attacker who wants to stay undetected for as long as possible?
process-hiding backdoor
- What is a piece of code or software designed to lie in wait on a system until a specified event occurs?
logic bomb
- What is malware that looks legitimate but hides a payload that does something unwanted?
Trojan
- Which law expanded on a previous law and covers damage to foreign computers involved in U.S. interstate commerce?
The Patriot Act
- Maria recently discovered that an attacker placed malware on a system used by her company's chief financial officer. The malware is designed to track and report activity on the system. The attacker has been able to capture passwords, confidential data, and other corporate information. What software has Maria discovered?
keystroke logger
- __________ is a process where communications are redirected to different ports than they would normally be destined for.
port redirection
- What is a malware program designed to replicate without attaching to or infecting other files on a host system?
Worm
- Which of the following is a type of malware designed to hold your data hostage?
Ransomware
- Jane's organization recently experienced a security incident. Malware was triggered on the chief executive officer's birthday, deleting all of the company's customer records. What type of malware was used in this attack?
logic bomb
- Which of the following is a general term for software that is inherently hostile, intrusive, or annoying in its operation?
malware
- A PC is exhibiting unusual behavior. The CD/DVD drawer spontaneously opens and closes, the Windows color settings change, and the mouse pointer disappears. What sort of infection do these symptoms indicate?
Trojan
- What is a software development kit specifically designed to facilitate the development of Trojans?
a trojan construction kit
- A web application form prompts the user to enter a phone number into an input box, but any form of data is accepted. Entering the wrong data could cause the site to crash. What is this situation related to?
Input validation
- Which of the following can easily be configured incorrectly on a web server, potentially allowing users access to locations on the server that should not be accessible?
Permissions
- Which category of risk inherent with web servers includes an attacker capturing network traffic between the client (web browser) and the server?
Browser- and network-based risks
- Which of the following database protection methods provides extra protection against catastrophic failure of a system by ensuring that one process crashing will not take others with it?
Process isolation
- Which of the following is directly associated with encryption using short keys or keys that are poorly designed and implemented?
Weak ciphers or encoding algorithms
- Which of the following best describes Infrastructure as a Service (IaaS)?
A virtual environment in the cloud, in which a business or individual obtains, or provisions, hardware services as needed
- What type of attack relies on a variation of the input validation attack but has the goal of going after a user instead of the application or data?
Cross-site scripting (XSS)
- Which of the following is a web application attack method in which masses of files are posted to a server with the goal of filling up the hard drive on the server? Once the hard drive of the server is filled, the application will cease to function and then crash.
Upload bombing
- Which attack requires an attacker to use advanced knowledge of the Transmission Control Protocol/Internet Protocol (TCP/IP) suite to break up packets into pieces that can bypass most intrusion detection systems (IDSs)
Internet Protocol (IP) fragmentation/fragmentation attack
- What are NCC SQuirreL and AppDetectivePro examples of?
Software tools for performing audits on databases
- Carmen is a network administrator. She is performing a penetration test and would like to exploit the limited amount of memory in some switches. Which of the following attacks would be most helpful to Carmen in meeting her goal?
Media Access Control (MAC) flooding
- Yolanda discovered that a botnet infected several systems on her network. Which of the following activities is not a likely use of the botnet?
Social engineering
- Which of the following statements is not true regarding Address Resolution Protocol (ARP) poisoning?
It cannot be used to alter data in transmission or tap Voice over IP (VoIP) phone calls
- Barry is investigating unauthorized access to his chief executive officer's (CEO's) email account. Barry discovers the Burp Suite set of tools on a nearby workstation. Which of the following attacks is the most likely cause of the breach?
session hijacking
- Which of the following is a denial of service (DoS) attack in which the attacker exploits the Internet Control Message Protocol (ICMP) and spoofs packets to the broadcast address of a network, generating a torrent of traffic from the sheer number of systems that may reply?
Smurf attacks
- Which of the following statements is not true regarding passive session hijacking?
in passive session hijacking, the attacker assumes the role of the party he or she has displaced
- Botnets are used to perform all of the following except:
passive session hijacking
- Consider a network that uses Transmission Control Protocol (TCP). When a client transmits a SYN packet (a TCP packet with the SYN flag set to true in the packet header) to a server, the response will be a SYN/ACK (SYN and ACK flags set to true). The client then responds to this SYN/ACK with an ACK (ACK flag set to true). What is this process called?
a three-way handshake
- Sam is a network administrator. He is concerned that attackers might engage in sniffing attacks against traffic on his network. Which of the following protocols is least susceptible to sniffing attacks?
Transport Layer Security (TLS)
- Helen is a network administrator. She would like to sniff network traffic for troubleshooting purposes and is looking for a command-line utility that will allow her to analyze network traffic. Which of the following tools best meets her need?
tcpdump
- Which of the following is not true of the Internet of Things (IoT)?
Most IoT devices use wired network connections to join the local network
- Which of the following is most likely to be used for locating 802.11 wireless networks?
Homedale
- Which of the following can be used to make calls or send text messages from the targeted device?
Bluebugging
- Which of the following is present in wireless networks but not on wired networks?
the access point
- Which of the following can be thought of as a peer-to-peer network in which each client can attach to any other client to send and receive information, can be created very quickly and easily, and no access point is required?
Ad hoc network
- Vincent is performing a wireless environment analysis. He wishes to identify factors that affect signal propagation. Which factor is least likely to impact wireless signals?
Time of day
- Which technology is specifically designed to deliver Internet access over the "last mile" to homes or businesses that may not otherwise be able to get access?
WiMax
- Which of the following is not a countermeasure to threats against wireless local area networks (WLANs)?
Promiscuous clients
- Which technology was originally designed to be a short-range networking technology (up to 10 meters) that could connect different devices together?
Bluetooth
- Which of the following is entered ahead of time for both the access point (AP) and client so they can authenticate and associate securely?
Preshared keys
- What are Intellius and People Search?
Websites that contain personal information about people.
- Which of the following statements is true regarding social networking in a corporate setting?
Company policies may discuss proper usage of social media and networking sites at work.
- Which of the following is described as an attacker using a combination of friendliness, trust, impersonation, and empathy to get a victim to do what they want him or her to do?
persuasion/coercion
- Which of the following is not considered a safe computing practice?
If guests use your personal computer, have them use your account as long as it is not an administrator account.
- What is the best way to ensure that Facebook privacy settings are well managed?
Disable all options and enable them one by one.
- An attacker observes a potential victim entering codes at a cash machine. What is the attacker participating in?
Shoulder surfing
- Which of the following is described as an attacker who sets up a realistic persona from which the victim seeks assistance?
Reverse social engineering
- Which of the following is not considered a sensible guideline to follow when using social networking sites?
Set up an email account that uses your real name
- Which of the following is not true regarding accounts and account passwords?
Do not use any type of password manager software
- ________ is an immediate, angry response to something a person disagrees with online
Tweet rage
- What is the name of the principle in which individuals will be given only the level of access that is appropriate for their specific job role or function?
Least privilege
- Devaki is a network administrator. She would like to use a firewall that stores the attributes of each connection. These attributes describe the state of the connection and typically contain details such as the Internet Protocol (IP) addresses and ports involved in the connection and the sequence numbers of packets crossing the firewall. Devaki understands that recording all of these attributes will require additional processing and extra load on the firewall or system CPU. What type of firewall does she want?
Stateful inspection
- Christine investigated an alert generated by her intrusion detection system (IDS). She determined that the reported activity did actually take place. How should she classify this alert?
True positive
- Which of the following statements is not true about firewalls?
If one network segment has a higher level of trust than another, a firewall cannot be placed between them
- Which of the following intrusion detection system (IDS) responses does not generate an alert because no suspicious activity was detected but such activity actually did occur?
False negative
- Which of the following statements is not true about firewall policies?
The practice of implicit allow decreases the risk of attack and reduces the volume of traffic carried on an organization's networks.
- The term ________ is defined as an unauthorized use or access of a system by an individual, a party, or a service.
Intrusion
- Which of the following applies techniques such as hashing to look for changes in files that may indicate an attack or unauthorized behavior? This technology is a primary technique used to detect ransomware attacks in progress.
File integrity checker
- Which of the following is an intrusion detection system (IDS) with additional capabilities that make it possible to protect systems from attack by using different methods of access control?
Intrusion prevention system
- The term ________ is defined as the improper use of privileges or resources within an organization.
misuse
- Greg is a manager. He wants to ensure that no employee can complete a critical or sensitive task alone. That is, if one individual can evaluate, purchase, or deploy a critical or sensitive task, there must be a check or control in place, such as another person signing off on the completed task. What type of administrative control does Greg want to apply?
Separation of duties
- Which of the following is a detection method that uses a known model of activity in an environment and reports deviations from established normal behavior?
Anomaly detection
- Xavier is a network administrator. He is developing a system that uses labels to determine the type and extent of access to a resource and the permission or clearance level granted to each user. Which of the following is Xavier using?
Mandatory Access Control
- Which of the following is best described as a hardware appliance or software that provides the ability to monitor a network, host, or application, and generate an alert when it detects suspicious activity? It executes on a general-purpose computer, and it gathers and analyzes information generated by a computer or network.
Intrusion detection system (IDS).
- Sanna is designing a physical security program for a store she manages. She would like to prevent vehicles from driving through the front doors of the store but not restrict pedestrian access. What is the most appropriate control?
Bollard
- What is the name of a mechanical or electronic device designed to secure, hold, or close items operated by a key, combination, or keycard?
Lock
- Which biometric system analyzes the user's speed and pattern of typing?
Keyboard dynamics
- Aditya is responsible for sanitizing hard drives that contain sensitive information before they may be reused. Which of the following provides the strongest level of protection?
Degaussing
- When considering closed-circuit TV as a security measure, the focal length must be considered. What is focal length?
The camera’s effectiveness in viewing objects from a horizontal and vertical view
- If a networked printer is discovered during an assessment, which of the following is of the least concern?
The printer is at least three years old
- Which of the following is a measurement of the percentage of individuals who have gained access to a system via biometrics but should not have been granted such access?
False acceptance rate (FAR)
- Which of the following types of authentication is based on a behavioral or physiological characteristic that is unique to an individual?
Biometrics
- Which of the following describes alarms and physical intrusion detection systems?
Detective only
- Which of the following is associated with active sniffing?
Packet injection