Quiz-summary
0 of 10 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
Information
Certified Ethical Hacker Exam Practice Questions
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 10 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- Answered
- Review
-
Question 1 of 10
1. Question
A rootkit is a collection of software put in place by an attacker that is designed to obscure system compromise. Which of the following statements best describes library level rootkits?
Correct
Library level rootkits are commonly a patch or hook, usually referred to as user-level hooks, which replace or modify the functionality of system calls to the operating system.
Incorrect
Library level rootkits are commonly a patch or hook, usually referred to as user-level hooks, which replace or modify the functionality of system calls to the operating system.
-
Question 2 of 10
2. Question
ECC outlined the steps for detecting rootkits. First, run the dir /s /b /ah command and the dir /s /b /a-h command in the infected operating system and save the results. Next, boot a clean CD version and run the same commands for the same drive again. Which of the following tool can you use to check any hidden malware on both results?
Correct
Steps for detecting rootkits as listed by ECC:
(1) Run the dir /s /b /ah command and the dir /s /b /a-h command in the infected operating system and save the results.
(2) Boot a clean CD version and run the same commands for the same drive again.
(3) Use the WinDiff tool (https://support.microsoft.com/enus/kb/159214) on both results to see any hidden malware.Incorrect
Steps for detecting rootkits as listed by ECC:
(1) Run the dir /s /b /ah command and the dir /s /b /a-h command in the infected operating system and save the results.
(2) Boot a clean CD version and run the same commands for the same drive again.
(3) Use the WinDiff tool (https://support.microsoft.com/enus/kb/159214) on both results to see any hidden malware. -
Question 3 of 10
3. Question
Web servers are computers that deliver web pages. There are three major players in web servers: Apache, Internet Information Services, and Nginx. Which of the following descriptions defines Internet Information Services?
Correct
Internet Information Services (IIS)is a Microsoft web server platform that provides a graphical user interface for managing websites and associated users.
Incorrect
Internet Information Services (IIS)is a Microsoft web server platform that provides a graphical user interface for managing websites and associated users.
-
Question 4 of 10
4. Question
Cloud computing is the delivery of computing services over the internet rather than having local servers or personal devices handle applications. There are three major types of cloud computing: Infrastructure as a Service, Platform as a Service, and Software as a Service. Which of the following statements best describes Platform as a Service (PaaS)?
Correct
Platform as a Service (PaaS) is a computing platform that is delivered as a service. It provides a software development platform that allows subscribers to develop applications without building the infrastructure it would take to develop and launch the software. PaaS doesn’t replace an organization’s infrastructure; instead, it offers key services the organization may not have onsite.
Incorrect
Platform as a Service (PaaS) is a computing platform that is delivered as a service. It provides a software development platform that allows subscribers to develop applications without building the infrastructure it would take to develop and launch the software. PaaS doesn’t replace an organization’s infrastructure; instead, it offers key services the organization may not have onsite.
-
Question 5 of 10
5. Question
The National Institutes of Standards and Technology (NIST) created the NIST Cloud Computing Reference Architecture to provide a fundamental reference point to describe an overall framework that can be used government-wide. Which of the following is not included in the NIST Cloud Computing Reference Architecture?
Correct
The NIST Cloud Computing Reference defines five major roles within a cloud architecture:
(1) Cloud carrier is the intermediary for connectivity and transport between subscribers and providers.
(2) Cloud consumer is the individual or organization that acquires and uses cloud products and services.
(3) Cloud provider is the purveyor of cloud products and services.
(4) Cloud broker acts as the intermediate between the consumer and provider and will help consumers through the complexity of cloud service offerings and may also create value-added cloud services as well.
(5) Cloud auditor is the independent assessor of cloud service and security controls.Incorrect
The NIST Cloud Computing Reference defines five major roles within a cloud architecture:
(1) Cloud carrier is the intermediary for connectivity and transport between subscribers and providers.
(2) Cloud consumer is the individual or organization that acquires and uses cloud products and services.
(3) Cloud provider is the purveyor of cloud products and services.
(4) Cloud broker acts as the intermediate between the consumer and provider and will help consumers through the complexity of cloud service offerings and may also create value-added cloud services as well.
(5) Cloud auditor is the independent assessor of cloud service and security controls. -
Question 6 of 10
6. Question
There are a few regulatory bodies and compliance efforts surrounding cloud computing. What is this regulation in cloud computing, which is defined as the leading professional organization devoted to promoting cloud security best practices and organizing cloud security professionals?
Correct
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment.
Incorrect
The Cloud Security Alliance (CSA) is the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment.
-
Question 7 of 10
7. Question
A trojan is a software that appears to perform a useful function for the user before installing it but instead performs a function without the user’s knowledge, that steals information and harms the system. Which of the following statements best describes a neverquest trojan?
Correct
The neverquest trojan targets banking websites. It is designed to steal credentials and sensitive information and to set up Virtual Network Computing (VNC) remote access to target systems.
Incorrect
The neverquest trojan targets banking websites. It is designed to steal credentials and sensitive information and to set up Virtual Network Computing (VNC) remote access to target systems.
-
Question 8 of 10
8. Question
A virus is a self-replicating program that reproduces its code by attaching copies into other executable codes. Which of the following descriptions defines a macro virus?
Correct
Macro viruses are most commonly found embedded in documents or inserted as malicious code into word-processing programs. This virus type infects template files created by Microsoft Office. It is usually written with Visual Basic for Applications (VBA), and it one of the most common malware types you’ll see in today’s world.
Incorrect
Macro viruses are most commonly found embedded in documents or inserted as malicious code into word-processing programs. This virus type infects template files created by Microsoft Office. It is usually written with Visual Basic for Applications (VBA), and it one of the most common malware types you’ll see in today’s world.
-
Question 9 of 10
9. Question
A worm is a self-replicating malware computer program that uses a computer network to send copies of itself to other systems without human intervention. Which of the following statements best describes a Nimda worm?
Correct
Nimda’s name comes from the word admin spelled backward. It is a successful file infection virus that modified and touched nearly all web content on a machine. Nimda can spread through email, open network shares, websites, and it also took advantage of backdoors left on machines infected by the code red worm. It became the most widespread worm in history within about 22 minutes of its first sighting.
Incorrect
Nimda’s name comes from the word admin spelled backward. It is a successful file infection virus that modified and touched nearly all web content on a machine. Nimda can spread through email, open network shares, websites, and it also took advantage of backdoors left on machines infected by the code red worm. It became the most widespread worm in history within about 22 minutes of its first sighting.
-
Question 10 of 10
10. Question
Mobile social engineering attacks take advantage of mobile devices, their applications, and services to carry out their end goal. Which of the following statements best describes the publishing malicious apps attack?
Correct
The four categories of mobile-based social engineering attacks as listed by ECC:
(1) Publishing malicious apps wherein the attacker creates an app that looks like, acts like, and is named similarly to a legitimate application.
(2) Repackaging legitimate apps wherein the attacker takes a legitimate app from an app store and modifies it to contain malware, posting it on a third-party app store to download.
(3) Fake security applications wherein the attacker infects a PC with malware and then uploads a malicious app to an app store.
(4) SMS wherein the attacker sends SMS text messages crafted to appear as legitimate security notifications, with a phone number provided.Incorrect
The four categories of mobile-based social engineering attacks as listed by ECC:
(1) Publishing malicious apps wherein the attacker creates an app that looks like, acts like, and is named similarly to a legitimate application.
(2) Repackaging legitimate apps wherein the attacker takes a legitimate app from an app store and modifies it to contain malware, posting it on a third-party app store to download.
(3) Fake security applications wherein the attacker infects a PC with malware and then uploads a malicious app to an app store.
(4) SMS wherein the attacker sends SMS text messages crafted to appear as legitimate security notifications, with a phone number provided.