Quiz-summary
0 of 30 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
Information
Certified Ethical Hacker Free Trial
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 30 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- Answered
- Review
-
Question 1 of 30
1. Question
Metasploit can also be used to enumerate users. Which of the following module would use to enumerate users?
Correct
The Metasploit tool is also used to enumerate users. For this purpose, you would use the smb_enumusers_domain module. By knowing one, we can use a username and password. Thee module is allowed to authenticate against the system in order to obtain additional users.
Incorrect
The Metasploit tool is also used to enumerate users. For this purpose, you would use the smb_enumusers_domain module. By knowing one, we can use a username and password. Thee module is allowed to authenticate against the system in order to obtain additional users.
-
Question 2 of 30
2. Question
An external entity to cause a program to fail in a way that allows the attacker to control the flow of the program’s execution is the definition for which of the following?
Correct
An exploit is defined as the means for an external entity to be a cause of a program to fail in a way which allows the attacker to control the program and its execution. Only causing the program to fail, though, It isn’t enough. You need to do some coding of your own for that particular program to execute on your behalf.
Incorrect
An exploit is defined as the means for an external entity to be a cause of a program to fail in a way which allows the attacker to control the program and its execution. Only causing the program to fail, though, It isn’t enough. You need to do some coding of your own for that particular program to execute on your behalf.
-
Question 3 of 30
3. Question
In Ethical hacking, which of the following are the stored precomputed hashes?
Correct
A rainbow table is defined as a precomputed table which is used for reversing cryptographic hash functions, commonly used for cracking password hashes. The Rainbow Tables, which are used for the hacking of a password (for example credit card numbers, etc.) up to a specified length which consists of a limited number of character.
Incorrect
A rainbow table is defined as a precomputed table which is used for reversing cryptographic hash functions, commonly used for cracking password hashes. The Rainbow Tables, which are used for the hacking of a password (for example credit card numbers, etc.) up to a specified length which consists of a limited number of character.
-
Question 4 of 30
4. Question
Which of the following is a program that encrypts a portion of a victim’s hard drive, where personal files are stored? Moreover, the attacker provides instructions for the victim to send money for decryption of the imported document.
Correct
Ransomware is another type of malware. As we know the purpose or the meaning of Ransome is a crime (especially kidnapping) for money. In the same sense, the goal of ransomware (in the computer language) is to extort money from a victim. Ransomware is a program that encrypts the personal and important files of victims. It may be important business documents, It may be important passwords. After encrypting the files the attacker wants money from the victim by using some instruction.
Incorrect
Ransomware is another type of malware. As we know the purpose or the meaning of Ransome is a crime (especially kidnapping) for money. In the same sense, the goal of ransomware (in the computer language) is to extort money from a victim. Ransomware is a program that encrypts the personal and important files of victims. It may be important business documents, It may be important passwords. After encrypting the files the attacker wants money from the victim by using some instruction.
-
Question 5 of 30
5. Question
Each layer of the Open Systems Interconnection (OSI) model has a different name for the chunk of data associated with it. This is called the protocol data unit (PDU). What do we call PDU in Layer 3?
Correct
The name for the bunch of data associated with each layer of the Open Systems Interconnection (OSI) model has a different name. It is the exact definition of the protocol data unit (PDU). At layer 3, the PDU is called a packet. Layer 3 is also called the IP layer.
Incorrect
The name for the bunch of data associated with each layer of the Open Systems Interconnection (OSI) model has a different name. It is the exact definition of the protocol data unit (PDU). At layer 3, the PDU is called a packet. Layer 3 is also called the IP layer.
-
Question 6 of 30
6. Question
Wireshark is a GUI-based packet capture program. Which of the following is an advantage of Wireshark over tshark and tcpdump?
Correct
Wireshark is a packet analyzer which is free and open-source and is used for software and communications protocol development. It is also used for network troubleshooting, analysis and education. It allows us to view the data packets easily, which are moving around and we can capture these packets completely.
Incorrect
Wireshark is a packet analyzer which is free and open-source and is used for software and communications protocol development. It is also used for network troubleshooting, analysis and education. It allows us to view the data packets easily, which are moving around and we can capture these packets completely.
-
Question 7 of 30
7. Question
Which of the following is the condition the scanner has not identified a vulnerability and later turns out that there was a vulnerability that the scanner missed?
Correct
If the scanner has not identified a vulnerability, At a later stage, it was found that there was actually a vulnerability which the scanner missed. This is called a false negative. An example of a false negative is a test indicating that a woman is not pregnant whereas she is actually pregnant.
Incorrect
If the scanner has not identified a vulnerability, At a later stage, it was found that there was actually a vulnerability which the scanner missed. This is called a false negative. An example of a false negative is a test indicating that a woman is not pregnant whereas she is actually pregnant.
-
Question 8 of 30
8. Question
Keeping in view of ethical hacking, which of the following idea to be kept in mind while running a scan in OpenVAS?
Correct
One important idea to keep in mind is that once you run a scan, the focus should be identifying a remediation plan for any vulnerability found. It is important to note that, if running a scan, getting a number of results, after getting the vulnerabilities results ignoring them is a worse state. Ignoring vulnerabilities is the worse thing for a vulnerability scan as both man-hours and energy wasted but we do nothing to the results.
Incorrect
One important idea to keep in mind is that once you run a scan, the focus should be identifying a remediation plan for any vulnerability found. It is important to note that, if running a scan, getting a number of results, after getting the vulnerabilities results ignoring them is a worse state. Ignoring vulnerabilities is the worse thing for a vulnerability scan as both man-hours and energy wasted but we do nothing to the results.
-
Question 9 of 30
9. Question
In the result screen of the OpenVAS, Which of the following severity levels are shown in the severity index?
Correct
In the result screen of the OpenVAS, The severity values would include High, Medium, and Low. On the left side of the severity button is the solution type text box. This additional information is very useful for our analysis and identification of vulnerability and its solution.
Incorrect
In the result screen of the OpenVAS, The severity values would include High, Medium, and Low. On the left side of the severity button is the solution type text box. This additional information is very useful for our analysis and identification of vulnerability and its solution.
-
Question 10 of 30
10. Question
When using TCP, you can overlap sequence numbers. This is essentially the byte count that has been sent. You may send two TCP segments that appear to occupy the same space in the puzzle being put back together is which of the following evasion technique?
Correct
When using TCP, you can overlap sequence numbers. This is a type of the byte count which has been transmitted. By transmitting two TCP segments which look like to occupy the same space in the puzzle being put back together. The Intrusion Detection System (IDS) and the target Operating System (OS) may also decide where to put the puzzle back to its original place.
Incorrect
When using TCP, you can overlap sequence numbers. This is a type of the byte count which has been transmitted. By transmitting two TCP segments which look like to occupy the same space in the puzzle being put back together. The Intrusion Detection System (IDS) and the target Operating System (OS) may also decide where to put the puzzle back to its original place.
-
Question 11 of 30
11. Question
Which of the following is an implementation of RPC that was also associated with Sun?
Correct
Network File System (NFS) is a file system which was developed in 1984 by Sun Microsystems. The portmapper is an implementation of Remote Procedure Call (RPC) that was also is a practical application of Sun Microsystem. It is sometimes referred to as SunRPC. In the same case as with a scanner in Metasploit that may also be used for identification of the ports allotted to the programs using the portmapper.
Incorrect
Network File System (NFS) is a file system which was developed in 1984 by Sun Microsystems. The portmapper is an implementation of Remote Procedure Call (RPC) that was also is a practical application of Sun Microsystem. It is sometimes referred to as SunRPC. In the same case as with a scanner in Metasploit that may also be used for identification of the ports allotted to the programs using the portmapper.
-
Question 12 of 30
12. Question
Which of the following is the term that describes identifying information about your target using freely available sources?
Correct
There are many places for an ethical hacker from where he can get information about the target organizations or target equipment. Open-source intelligence is the term which can be defined as to describe identifying information about target using freely available sources.
Incorrect
There are many places for an ethical hacker from where he can get information about the target organizations or target equipment. Open-source intelligence is the term which can be defined as to describe identifying information about target using freely available sources.
-
Question 13 of 30
13. Question
Why do we use nslookup tool?
Correct
nslookup is a network administration command-line tool/program which is available in many computers operating systems (Window, Linux etc) for querying the Domain Name System (DNS) to get domain name or IP address mapping, or other DNS records.
Incorrect
nslookup is a network administration command-line tool/program which is available in many computers operating systems (Window, Linux etc) for querying the Domain Name System (DNS) to get domain name or IP address mapping, or other DNS records.
-
Question 14 of 30
14. Question
In Brute force, The CNAME refers to which of the following?
Correct
CNAME stands for canonical name, and in the output, these show up as canonical name (CNAME) responses. The canonical name (CNAME) refers to another user, computer system or hostname and it is then resolved until there is an IP address of the system.
Incorrect
CNAME stands for canonical name, and in the output, these show up as canonical name (CNAME) responses. The canonical name (CNAME) refers to another user, computer system or hostname and it is then resolved until there is an IP address of the system.
-
Question 15 of 30
15. Question
Which of the following is not categorized as Internet of thing?
Correct
If a device that has a keyboard and a screen and also can run general applications, for example, a computer, tablet, or smartphone is not categorised as part of the IoT. Many other devices which have operating system for operation connected with the network, for example, network-connected thermostats, tube light, electric fans, smart refrigerators, and a number of other essentially single-purpose devices, are IoT devices.
Incorrect
If a device that has a keyboard and a screen and also can run general applications, for example, a computer, tablet, or smartphone is not categorised as part of the IoT. Many other devices which have operating system for operation connected with the network, for example, network-connected thermostats, tube light, electric fans, smart refrigerators, and a number of other essentially single-purpose devices, are IoT devices.
-
Question 16 of 30
16. Question
Which of the following is a search engine specifically for IoT devices?
Correct
A search engine which is developed specifically for IoT devices is called Shodan and its web address is http://www.shodan.io. Shodan the search engine keeps a record of a large number of IoT devices along with vendors, device types, device model and device capabilities.
Incorrect
A search engine which is developed specifically for IoT devices is called Shodan and its web address is http://www.shodan.io. Shodan the search engine keeps a record of a large number of IoT devices along with vendors, device types, device model and device capabilities.
-
Question 17 of 30
17. Question
Keeping in view TCP, How many ways TCP uses handshake to initiate connections?
Correct
TCP uses a three-way handshake for connections initiation. To complete the handshake, TCP requires to use of flag settings meaning there is a set of bits that are enabled or disabled to set or unset the flags.
Incorrect
TCP uses a three-way handshake for connections initiation. To complete the handshake, TCP requires to use of flag settings meaning there is a set of bits that are enabled or disabled to set or unset the flags.
-
Question 18 of 30
18. Question
Which of the following has remained GUI version of nmap for years?
Correct
There were many attempts made by developers to create GUIs to overlay on top of nmap, and then one year of struggling, under Google’s Summer of Code project, finally a GUI called Zenmap was developed and it has served the GUI version of nmap for years. It is, as already described, an overlay for nmap.
Incorrect
There were many attempts made by developers to create GUIs to overlay on top of nmap, and then one year of struggling, under Google’s Summer of Code project, finally a GUI called Zenmap was developed and it has served the GUI version of nmap for years. It is, as already described, an overlay for nmap.
-
Question 19 of 30
19. Question
it’s a communication channel (a single network cable) that allows the communication between multiple computers is the definition of Which of the following topology?
Correct
In a Local Area Network (LAN), a bus topology can be defined as a topology in which all the nodes, hosts or computers are connected to a single cable. The cable to which the nodes, hosts or computers connect is called a “backbone”. If this backbone is broken, the communication in the entire segment fails, it means that no host is able to communicate.
Incorrect
In a Local Area Network (LAN), a bus topology can be defined as a topology in which all the nodes, hosts or computers are connected to a single cable. The cable to which the nodes, hosts or computers connect is called a “backbone”. If this backbone is broken, the communication in the entire segment fails, it means that no host is able to communicate.
-
Question 20 of 30
20. Question
It is an interconnection of two or more basic network topologies, each of which contains its own nodes is called which of the following?
Correct
When an interconnection of two or more basic network topologies (for example star and mesh), a hybrid network topology is created. The resulting topology will show properties of all the topologies which are include in hybrid topology, thereby decrease the limitation of the inherent weaknesses of each topology.
Incorrect
When an interconnection of two or more basic network topologies (for example star and mesh), a hybrid network topology is created. The resulting topology will show properties of all the topologies which are include in hybrid topology, thereby decrease the limitation of the inherent weaknesses of each topology.
-
Question 21 of 30
21. Question
In the IP header, Which of the following indicates how long a message can live on the network before it is considered to be expired?
Correct
The time to live (TTL) field shows the time period of a message can live on the network before it is supposed to be discarded. The properties of TTL are given below:-
(A) It is to be calculated in seconds
(B) The packet may pass through many devices or network infrastructure in a second, the initial definition of TTL may not relevant anymore
(C) TTL actually shows the number of network devices the message can pass through.
(D) The message is expired as soon as this field hits 0
(E) An error message is sent back to the sender
(F) This field is 8 bits long.Incorrect
The time to live (TTL) field shows the time period of a message can live on the network before it is supposed to be discarded. The properties of TTL are given below:-
(A) It is to be calculated in seconds
(B) The packet may pass through many devices or network infrastructure in a second, the initial definition of TTL may not relevant anymore
(C) TTL actually shows the number of network devices the message can pass through.
(D) The message is expired as soon as this field hits 0
(E) An error message is sent back to the sender
(F) This field is 8 bits long. -
Question 22 of 30
22. Question
Which of the following is a network whose nodes are more than 10 or so miles apart?
Correct
A Wide Area Network is defined as a network whose nodes (computers or hosts) are more than 10 or so miles apart from each other. Any Internet service provider on backbone of the internet would have a WAN. Additionally, businesses like banks may have WANs where they have network connections that make connections between their offices located at different places.
Incorrect
A Wide Area Network is defined as a network whose nodes (computers or hosts) are more than 10 or so miles apart from each other. Any Internet service provider on backbone of the internet would have a WAN. Additionally, businesses like banks may have WANs where they have network connections that make connections between their offices located at different places.
-
Question 23 of 30
23. Question
Which of the following protocols ensure Confidentiality and encryption of data for web-based communication?
Correct
Using encryption for web-based communication, the most common security protocol i.e. Secure Sockets Layer/Transport Layer (SSL/TLS) are used. It is a set of mechanisms, policies and procedure for encrypting important data. SSL and TLS both protocols specify how to create encryption keys from important data that is well known, as well as some partial data that is sent from one side to the other.
Incorrect
Using encryption for web-based communication, the most common security protocol i.e. Secure Sockets Layer/Transport Layer (SSL/TLS) are used. It is a set of mechanisms, policies and procedure for encrypting important data. SSL and TLS both protocols specify how to create encryption keys from important data that is well known, as well as some partial data that is sent from one side to the other.
-
Question 24 of 30
24. Question
Who is an entity, like a person or group, that can instantiate a threat?
Correct
The term Threat Agent is used to indicate an individual person or group of people that can plan, manifest and execute a threat. It is necessary to recognise who would want to exploit the assets or secrets of an organization, and how this information might be used by them against the organization.
Incorrect
The term Threat Agent is used to indicate an individual person or group of people that can plan, manifest and execute a threat. It is necessary to recognise who would want to exploit the assets or secrets of an organization, and how this information might be used by them against the organization.
-
Question 25 of 30
25. Question
Which of the following is an attack in which attacker overwrite the memory of an application?
Correct
Attackers or hackers can exploit buffer overflow issues by overwriting or modifying the memory of an application on the victim’s computer. What will This do, it simply changes the execution path of the application, triggering a response that ultimately crashes the files or exposes private or personal information.
Incorrect
Attackers or hackers can exploit buffer overflow issues by overwriting or modifying the memory of an application on the victim’s computer. What will This do, it simply changes the execution path of the application, triggering a response that ultimately crashes the files or exposes private or personal information.
-
Question 26 of 30
26. Question
One of the problems with DES is that it only uses a 56-bit key. With Triple DES (3DES), there are three keys that revises the effective key length which of the following?
Correct
With Triple DES (3DES), there are three DES symmetric keys, which enhances the effective key length to 168 bits. However, it’s not a single 168-bit key. It’s three keys applied one at a time. One key is used to encrypt the message. The other key is specifically used to decrypt already received message.
Incorrect
With Triple DES (3DES), there are three DES symmetric keys, which enhances the effective key length to 168 bits. However, it’s not a single 168-bit key. It’s three keys applied one at a time. One key is used to encrypt the message. The other key is specifically used to decrypt already received message.
-
Question 27 of 30
27. Question
Which of the following is the advantage of symmetric key encryption over asymmetric key encryption?
Correct
The main advantage or benefit of symmetric encryption with respect to asymmetric encryption is that it is very efficient and fast for large amounts of data. The main disadvantage of symmetric encryption is the need to keep the key secret. In other words, this can be very challenging where decryption and encryption take place in different areas or locations, requiring the encryption key to be moved.
Incorrect
The main advantage or benefit of symmetric encryption with respect to asymmetric encryption is that it is very efficient and fast for large amounts of data. The main disadvantage of symmetric encryption is the need to keep the key secret. In other words, this can be very challenging where decryption and encryption take place in different areas or locations, requiring the encryption key to be moved.
-
Question 28 of 30
28. Question
Regarding Governmental data classifications, which of the following information can be viewed by everyone?
Correct
Everyone can view the information which is categorised as unclassified. It may also include declassified data or information that was once considered a higher classification, but the threat posed by its loss has normalised. Unclassified is assigned to official data or information that does not bear any security grading but theses information does not publish or publically available without proper permission from the authorities.
Incorrect
Everyone can view the information which is categorised as unclassified. It may also include declassified data or information that was once considered a higher classification, but the threat posed by its loss has normalised. Unclassified is assigned to official data or information that does not bear any security grading but theses information does not publish or publically available without proper permission from the authorities.
-
Question 29 of 30
29. Question
The Biba Model is a security model which defines three sets of rules. Which of the following is not a rule defined by the Biba Model?
Correct
The Biba Model is a security model which defines three sets of rules which included the following:-
(A) The Simple Identity Property says a subject at one level of integrity may not read a data object at a lower integrity level
(B) The * (star) Identity Property says a subject at one level of integrity may not write to data objects at a higher level of integrity
(C) The Invocation Property says a process from below may not request access at a higher level.Incorrect
The Biba Model is a security model which defines three sets of rules which included the following:-
(A) The Simple Identity Property says a subject at one level of integrity may not read a data object at a lower integrity level
(B) The * (star) Identity Property says a subject at one level of integrity may not write to data objects at a higher level of integrity
(C) The Invocation Property says a process from below may not request access at a higher level. -
Question 30 of 30
30. Question
Regarding security at a business level, there are five functions refer to risks to the business. Which of the following is about protecting business assets overall, which means there should be capabilities for maintaining software or appliances?
Correct
The protect function is a function which is explained below:-
(A) It is about protecting the overall assets of the organization or business
(B) It means it has the capabilities for maintaining software, applications, equipment or computer system.
(c) It also includes ensuring all assets must be kept up to date with the help of a plan.
(D) It makes sure there are an identity and access management functions or mechanism to ensure that only authorized users have access to the resources of the organization.Incorrect
The protect function is a function which is explained below:-
(A) It is about protecting the overall assets of the organization or business
(B) It means it has the capabilities for maintaining software, applications, equipment or computer system.
(c) It also includes ensuring all assets must be kept up to date with the help of a plan.
(D) It makes sure there are an identity and access management functions or mechanism to ensure that only authorized users have access to the resources of the organization.