Ethical Hacking Quiz and Answer

go back to home


Ethical Hacking refers to the practice of intentionally probing and testing the security of computer systems, networks, or applications to identify vulnerabilities, weaknesses, and potential threats before malicious hackers can exploit them.

Ethical hackers, also called white hat hackers, use the same skills and techniques as malicious hackers but do so with the permission of the system's owner and with the goal of improving security.

The following are quizzes and answers related to Ethical Hacking. They are listed in no particular order.


  1. Ryan received a security audit that included a finding that the organization lacked sufficient physical controls in its security program. What action is Ryan most likely to take?

    Upgrade an existing fence.

  2. Which command creates new directories in Linux?

    Mkdir

  3. Which of the following is not considered one of the three types of controls used to mitigate risk?

    Distribution

  4. Ron is building a system that he will use in a penetration test. He would like to choose a Linux distribution well suited to that purpose. Which of the following Linux distributions would be his best choice?

    Kali Linux

  5. In a Linux shell, which command returns all files with a .log extension in the current working directory?

    ls *.log

  6. Kaiden would like to find the list of physical disk drives that are connected to a Linux system. Which directory contains a subdirectory for each drive?

    /dev

  7. Which command displays the current location of the user within the Linux directory structure?

    Pwd

  8. Of the following, which description best describes the scanning step of hacking?

    An attacker conducting a ping sweep of all of the victim's known Internet Protocol (IP) addresses

  9. In an organization protecting its IT infrastructure from risks, which control includes firewalls, intrusion prevention systems (IPSs), and biometric authentication?

    Technical

  10. Which of the following statements is true regarding ethical hackers?

    Ethical hackers engage in their activities only with the permission of the asset owner.

  11. True or False? Policies and procedures are forms of technical controls.

    False

  12. True or False? The primary goal of a penetration test is to determine whether a specific resource can be compromised. A vulnerability assessment is a survey of a system to identify as many vulnerabilities as possible.

    True

  13. True or False? In black-box penetration testing, advanced knowledge is provided to the testing team.

    False

  14. What is a mechanism used to encrypt communication between two parties?  Transport Layer Security (TLS)
  15. Which of the following is true of Internet Protocol version 6 (IPv6)?  IPv6 addresses are 128-bit numbers.
  16. What common type of network is also referred to as IEEE 802.3?  Ethernet
  17. ________ is designed to convert fully qualified domain names (FQDNs) into numeric Internet Protocol (IP) addresses or IP addresses into FQDNs.  Domain Name System (DNS)
  18. Which protocol resolves an Internet Protocol v4 (IPv4) address to an unknown Media Access Control (MAC) address?  Address Resolution Protocol (ARP)
  19. Which form of attack involves a malicious person altering Address Resolution Protocol (ARP) tables or intercepting a Neighbor Advertisement (NA) ICMPv6 message to insert their own addresses?  Poisoning MAC address resolution
  20. Dhruv is a network engineer. He is investigating a series of denial of service (DoS) attacks against his company's servers. He has an intern shadowing him who asks at what layer on the OSI model such attacks take place. What does he tell her?  Transport
  21. Carrie is examining a piece of malware. She determines that it was gathering information about the user of a system, but she has no other information. Which of the following terms should she use to describe this malware?  Spyware
  22. Which two protocols are associated with the Host-to-Host Layer of the TCP/IP model?  Transmission Control Protocol (TCP) and User Datagram Protocol (UDP)
  23. Which protocol runs on Internet Protocol version 6 (IPv6) networks and provides services similar to Address Resolution Protocol (ARP)?  Neighbor Discovery Protocol (NDP)
  24. __________ calls for blocking all ports by default and allowing only those ports that are needed.  The deny-all principle
  25. Dori is a network engineer. She is using a particular protocol to discover network devices in an Internet Protocol version 6 (IPv6) environment. Which protocol is she using?  Neighbor Discovery Protocol (NDP)
  26. Which term refers to the ability to have definite proof that a message originated from a specific party?

    Nonrepudiation

  27. Which term refers to the ability to verify that information has not been altered and has remained in the form originally intended by the creator?

    integrity

  28. What type of encryption uses the same key to encrypt and to decrypt information?

    symmetric encryption

  29. What provides a framework through which two parties can establish a trusted relationship even if the parties have no prior knowledge of one another?

    Public Key Infrastructure (PKI)

  30. Hashing is involved with digital signatures. A hashing algorithm creates a hash to:

    verify the integrity of the message

  31. Digital certificates:

    provide a form of identification on the Internet and in other areas.

  32. What is a hybrid algorithm that uses asymmetric keys to encrypt the symmetric key, which is then used to encrypt the rest of a message?

    El Gamal

  33. What is a form of cryptography that is a component of Internet Protocol version 6 (IPv6) but is optional in IPv4?

    Internet Protocol Security (IPSec)

  34. Which term is synonymous with "algorithm" in describing a formula used to perform encryption?

    ciper

  35. Bob would like to send a confidential, encrypted message to Alice using asymmetric cryptography. What key should Bob use to create the message?

    Alice’s public key

  36. An attacker decrypts a deliberately chosen ciphertext into the corresponding plaintext. Essentially, the attacker can "feed" information into the decryption system and observe the output. What form of attack does this describe?

    chosen ciphertext attack

  37. The main function or capability of a certificate authority (CA) is to:

    generate key pairs and bind an authenticated user’s identity to the public key

  38. A one-way hashing function is designed to be:

    relatively easy to compute one way but hard to reverse

  39. Alice sends a message to Bob. She uses cryptography to ensure that Bob will be able to prove to another person that the message in his possession actually came from Alice. What goal of cryptography is Alice attempting to achieve?

    Nonrepudiation

  40. Larry is attempting to identify the path a data packet travels to reach a specific Internet Protocol (IP) address. What command can he use on a Windows system to identify the path?

    tracert

  41. Which command instructs Google to search for a term within the title of a webpage document?

    intitle

  42. _____ refers to a program to query Internet domain name servers.

    Nslookup

  43. One of the reasons Twitter and other social media sites are such effective information-gathering tools is because

    users do not typically activate the privacy features to keep their postings private.

  44. In Google hacking, the keyword ____________ instructs Google to return files with specific extensions

    filetype

  45. Which website file can be altered by the owner to block areas where search engines look?

    robots.txt

  46. Countermeasures to thwart footprinting of an organization's website include all of the following except

    adding unnecessary information to the website to throw attackers off the trail

  47. The manual method of obtaining network range information requires the attacker to visit one or more of the regional Internet registries (RIRs), which are responsible for:

    management, distribution, and registration of public Internet Protocol (IP) addresses within their respective assigned regions

  48. Which of the following is created for the sole purpose of posting unflattering content about a company?

    sucks domain

  49. Zabasearch and Spokeo are examples of

    aggregators, or sites that accumulate data from multiple sources

  50. Sunita is preparing to scan a Microsoft SQL Server database server for open ports. What port should she expect to find supporting the database service?

    1433

  51. Harry is analyzing inbound network traffic. He notices a Transmission Control Protocol (TCP) packet that has the FIN, PSH, and URG flags set at the same time. Which type of scan is most likely occurring?

    XMAS tree

  52. In determining a target network's Internet Protocol (IP) address range, which method requires a direct query?

    Manual register query

  53. A packet with the ECE flag signals

    the sender is Explicit Congestion Notification (ECN) capable

  54. Which method of preventing port scanning from returning useful information to an attacker uses the same tools as the attacker?

    Port scanning

  55. Active fingerprinting has many advantages, but using this technique increases the chances of being detected. What is a benefit of active operating system (OS) fingerprinting?

    It is an ideal mechanism for scanning a large number of hosts quickly

  56. The practice of identifying the operating system of a networked device through either passive or active techniques is called:

    operating system (OS) fingerprinting.

  57. __________ are bits set in the header of a network packet, each describing a specific behavior.

    Flags

  58. After running the command nmap -A with the Internet Protocol (IP) address of the host, the following is returned. (Output truncated for space.) What is the likely operating system of the scanned host?

    Apple iOS

  59. What is a wireless network detector, sniffer, and intrusion detection system commonly found on Linux?

    Kismet

  60. Attackers' attempts to stop their attacks from being detected are referred to as:

    covering tracks

  61. Which of the following is included in Windows and is intended to assist in network troubleshooting and maintenance?

    nbtstat

  62. Shoulder surfing, keyboard sniffing, and social engineering are considered what type of attack?

    Nontechnical password attack

  63. What is the unique ID assigned to each user account in Windows that identifies the account or group?

    Security identifier (SID)

  64. Diego is concerned about attackers targeting his Windows servers using the NetBIOS protocol. He wants to block use of that protocol at the firewall. Which of the following ports does Diego not need to block to prevent NetBIOS access?

    140/TCP

  65. What are alternate data streams (ADSs) associated with?

    Data hiding

  66. What is salting?

    Adding extra characters to a password prior to hashing

  67. ___________ means that an account should possess only the minimum privileges necessary to carry out required job functions.

    The principle of least privilege

  68. ________ refers to software designed to alter system files and utilities on a victim's system with the intention of changing the way a system behaves.

    Rootkit

  69. Which of the following best describes the capabilities that privilege escalation gives to an attacker?

    Enables actions to be performed on a system with fewer restrictions and to perform tasks that are potentially more damaging

  70. An attacker can __________ to deprive a system owner of the ability to detect activities that have been carried out

    disable auditing

  71. Which of the following is a type of passive online attack?

    Replay attack

  72. The attacker's primary goal during enumeration is to:

    uncover specific information about each target system

  73. What method can thwart a brute-force password attack?

    a policy that locks user accounts after the password is entered incorrectly a certain number of times

  74. Dean believes that a Trojan may have infected his system. Which command can he use to query for open connections to help determine if a Trojan is using a specific port?

    netstat

  75. What is a form of backdoor used by an attacker who wants to stay undetected for as long as possible?

    process-hiding backdoor

  76. What is a piece of code or software designed to lie in wait on a system until a specified event occurs?

    logic bomb

  77. What is malware that looks legitimate but hides a payload that does something unwanted?

    Trojan

  78. Which law expanded on a previous law and covers damage to foreign computers involved in U.S. interstate commerce?

    The Patriot Act

  79. Maria recently discovered that an attacker placed malware on a system used by her company's chief financial officer. The malware is designed to track and report activity on the system. The attacker has been able to capture passwords, confidential data, and other corporate information. What software has Maria discovered?

    keystroke logger

  80. __________ is a process where communications are redirected to different ports than they would normally be destined for.

    port redirection

  81. What is a malware program designed to replicate without attaching to or infecting other files on a host system?

    Worm

  82. Which of the following is a type of malware designed to hold your data hostage?

    Ransomware

  83. Jane's organization recently experienced a security incident. Malware was triggered on the chief executive officer's birthday, deleting all of the company's customer records. What type of malware was used in this attack?

    logic bomb

  84. Which of the following is a general term for software that is inherently hostile, intrusive, or annoying in its operation?

    malware

  85. A PC is exhibiting unusual behavior. The CD/DVD drawer spontaneously opens and closes, the Windows color settings change, and the mouse pointer disappears. What sort of infection do these symptoms indicate?

    Trojan

  86. What is a software development kit specifically designed to facilitate the development of Trojans?

    a trojan construction kit

  87. A web application form prompts the user to enter a phone number into an input box, but any form of data is accepted. Entering the wrong data could cause the site to crash. What is this situation related to?

    Input validation

  88. Which of the following can easily be configured incorrectly on a web server, potentially allowing users access to locations on the server that should not be accessible?

    Permissions

  89. Which category of risk inherent with web servers includes an attacker capturing network traffic between the client (web browser) and the server?

    Browser- and network-based risks

  90. Which of the following database protection methods provides extra protection against catastrophic failure of a system by ensuring that one process crashing will not take others with it?

    Process isolation

  91. Which of the following is directly associated with encryption using short keys or keys that are poorly designed and implemented?

    Weak ciphers or encoding algorithms

  92. Which of the following best describes Infrastructure as a Service (IaaS)?

    A virtual environment in the cloud, in which a business or individual obtains, or provisions, hardware services as needed

  93. What type of attack relies on a variation of the input validation attack but has the goal of going after a user instead of the application or data?

    Cross-site scripting (XSS)

  94. Which of the following is a web application attack method in which masses of files are posted to a server with the goal of filling up the hard drive on the server? Once the hard drive of the server is filled, the application will cease to function and then crash.

    Upload bombing

  95. Which attack requires an attacker to use advanced knowledge of the Transmission Control Protocol/Internet Protocol (TCP/IP) suite to break up packets into pieces that can bypass most intrusion detection systems (IDSs)

    Internet Protocol (IP) fragmentation/fragmentation attack

  96. What are NCC SQuirreL and AppDetectivePro examples of?

    Software tools for performing audits on databases

  97. Carmen is a network administrator. She is performing a penetration test and would like to exploit the limited amount of memory in some switches. Which of the following attacks would be most helpful to Carmen in meeting her goal?

    Media Access Control (MAC) flooding

  98. Yolanda discovered that a botnet infected several systems on her network. Which of the following activities is not a likely use of the botnet?

    Social engineering

  99. Which of the following statements is not true regarding Address Resolution Protocol (ARP) poisoning?

    It cannot be used to alter data in transmission or tap Voice over IP (VoIP) phone calls

  100. Barry is investigating unauthorized access to his chief executive officer's (CEO's) email account. Barry discovers the Burp Suite set of tools on a nearby workstation. Which of the following attacks is the most likely cause of the breach?

    session hijacking

  101. Which of the following is a denial of service (DoS) attack in which the attacker exploits the Internet Control Message Protocol (ICMP) and spoofs packets to the broadcast address of a network, generating a torrent of traffic from the sheer number of systems that may reply?

    Smurf attacks

  102. Which of the following statements is not true regarding passive session hijacking?

    in passive session hijacking, the attacker assumes the role of the party he or she has displaced

  103. Botnets are used to perform all of the following except:

    passive session hijacking

  104. Consider a network that uses Transmission Control Protocol (TCP). When a client transmits a SYN packet (a TCP packet with the SYN flag set to true in the packet header) to a server, the response will be a SYN/ACK (SYN and ACK flags set to true). The client then responds to this SYN/ACK with an ACK (ACK flag set to true). What is this process called?

    a three-way handshake

  105. Sam is a network administrator. He is concerned that attackers might engage in sniffing attacks against traffic on his network. Which of the following protocols is least susceptible to sniffing attacks?

    Transport Layer Security (TLS)

  106. Helen is a network administrator. She would like to sniff network traffic for troubleshooting purposes and is looking for a command-line utility that will allow her to analyze network traffic. Which of the following tools best meets her need?

    tcpdump

  107. Which of the following is not true of the Internet of Things (IoT)?

    Most IoT devices use wired network connections to join the local network

  108. Which of the following is most likely to be used for locating 802.11 wireless networks?

    Homedale

  109. Which of the following can be used to make calls or send text messages from the targeted device?

    Bluebugging

  110. Which of the following is present in wireless networks but not on wired networks?

    the access point

  111. Which of the following can be thought of as a peer-to-peer network in which each client can attach to any other client to send and receive information, can be created very quickly and easily, and no access point is required?

    Ad hoc network

  112. Vincent is performing a wireless environment analysis. He wishes to identify factors that affect signal propagation. Which factor is least likely to impact wireless signals?

    Time of day

  113. Which technology is specifically designed to deliver Internet access over the "last mile" to homes or businesses that may not otherwise be able to get access?

    WiMax

  114. Which of the following is not a countermeasure to threats against wireless local area networks (WLANs)?

    Promiscuous clients

  115. Which technology was originally designed to be a short-range networking technology (up to 10 meters) that could connect different devices together?

    Bluetooth

  116. Which of the following is entered ahead of time for both the access point (AP) and client so they can authenticate and associate securely?

    Preshared keys

  117. What are Intellius and People Search?

    Websites that contain personal information about people.

  118. Which of the following statements is true regarding social networking in a corporate setting?

    Company policies may discuss proper usage of social media and networking sites at work.

  119. Which of the following is described as an attacker using a combination of friendliness, trust, impersonation, and empathy to get a victim to do what they want him or her to do?

    persuasion/coercion

  120. Which of the following is not considered a safe computing practice?

    If guests use your personal computer, have them use your account as long as it is not an administrator account.

  121. What is the best way to ensure that Facebook privacy settings are well managed?

    Disable all options and enable them one by one.

  122. An attacker observes a potential victim entering codes at a cash machine. What is the attacker participating in?

    Shoulder surfing

  123. Which of the following is described as an attacker who sets up a realistic persona from which the victim seeks assistance?

    Reverse social engineering

  124. Which of the following is not considered a sensible guideline to follow when using social networking sites?

    Set up an email account that uses your real name

  125. Which of the following is not true regarding accounts and account passwords?

    Do not use any type of password manager software

  126. ________ is an immediate, angry response to something a person disagrees with online

    Tweet rage

  127. What is the name of the principle in which individuals will be given only the level of access that is appropriate for their specific job role or function?

    Least privilege

  128. Devaki is a network administrator. She would like to use a firewall that stores the attributes of each connection. These attributes describe the state of the connection and typically contain details such as the Internet Protocol (IP) addresses and ports involved in the connection and the sequence numbers of packets crossing the firewall. Devaki understands that recording all of these attributes will require additional processing and extra load on the firewall or system CPU. What type of firewall does she want?

    Stateful inspection

  129. Christine investigated an alert generated by her intrusion detection system (IDS). She determined that the reported activity did actually take place. How should she classify this alert?

    True positive

  130. Which of the following statements is not true about firewalls?

    If one network segment has a higher level of trust than another, a firewall cannot be placed between them

  131. Which of the following intrusion detection system (IDS) responses does not generate an alert because no suspicious activity was detected but such activity actually did occur?

    False negative

  132. Which of the following statements is not true about firewall policies?

    The practice of implicit allow decreases the risk of attack and reduces the volume of traffic carried on an organization's networks.

  133. The term ________ is defined as an unauthorized use or access of a system by an individual, a party, or a service.

    Intrusion

  134. Which of the following applies techniques such as hashing to look for changes in files that may indicate an attack or unauthorized behavior? This technology is a primary technique used to detect ransomware attacks in progress.

    File integrity checker

  135. Which of the following is an intrusion detection system (IDS) with additional capabilities that make it possible to protect systems from attack by using different methods of access control?

    Intrusion prevention system

  136. The term ________ is defined as the improper use of privileges or resources within an organization.

    misuse

  137. Greg is a manager. He wants to ensure that no employee can complete a critical or sensitive task alone. That is, if one individual can evaluate, purchase, or deploy a critical or sensitive task, there must be a check or control in place, such as another person signing off on the completed task. What type of administrative control does Greg want to apply?

    Separation of duties

  138. Which of the following is a detection method that uses a known model of activity in an environment and reports deviations from established normal behavior?

    Anomaly detection

  139. Xavier is a network administrator. He is developing a system that uses labels to determine the type and extent of access to a resource and the permission or clearance level granted to each user. Which of the following is Xavier using?

    Mandatory Access Control

  140. Which of the following is best described as a hardware appliance or software that provides the ability to monitor a network, host, or application, and generate an alert when it detects suspicious activity? It executes on a general-purpose computer, and it gathers and analyzes information generated by a computer or network.

    Intrusion detection system (IDS).

  141. Sanna is designing a physical security program for a store she manages. She would like to prevent vehicles from driving through the front doors of the store but not restrict pedestrian access. What is the most appropriate control?

    Bollard

  142. What is the name of a mechanical or electronic device designed to secure, hold, or close items operated by a key, combination, or keycard?

    Lock

  143. Which biometric system analyzes the user's speed and pattern of typing?

    Keyboard dynamics

  144. Aditya is responsible for sanitizing hard drives that contain sensitive information before they may be reused. Which of the following provides the strongest level of protection?

    Degaussing

  145. When considering closed-circuit TV as a security measure, the focal length must be considered. What is focal length?

    The camera’s effectiveness in viewing objects from a horizontal and vertical view

  146. If a networked printer is discovered during an assessment, which of the following is of the least concern?

    The printer is at least three years old

  147. Which of the following is a measurement of the percentage of individuals who have gained access to a system via biometrics but should not have been granted such access?

    False acceptance rate (FAR)

  148. Which of the following types of authentication is based on a behavioral or physiological characteristic that is unique to an individual?

    Biometrics

  149. Which of the following describes alarms and physical intrusion detection systems?

    Detective only

  150. Which of the following is associated with active sniffing?

    Packet injection