Quiz-summary
0 of 10 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
Information
Certified Ethical Hacker Exam Practice Questions
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 10 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- Answered
- Review
-
Question 1 of 10
1. Question
A network security zone is a segmented section of a network that contains systems and components with limited access to the internal network. What is this type of network security zone, wherein access is tightly controlled and available to only a small number of authorized users, and access to one area of the zone does not necessarily apply to another area of the zone?
Correct
A management network zone is a highly secured zone that has very strict policies and is designed specifically for a certain organization.
Incorrect
A management network zone is a highly secured zone that has very strict policies and is designed specifically for a certain organization.
-
Question 2 of 10
2. Question
A three-way handshake process is a method used in a TCP/IP network to create a connection between a local host/client and server. What is this part of the 3-way handshake process, wherein the client node sends an SYN data packet over an IP network to a server on the same or an external network?
Correct
A 3-way handshake is a method used in a TCP/IP network to create a connection between a local host and server. The 3-way handshake is a three-step process that requires both the client and server to exchange synchronization and acknowledgment packets before the real data communication process starts.
Step 1 (SYN)
Step 2 (SYN + ACK)
Step 3 (ACK)Incorrect
A 3-way handshake is a method used in a TCP/IP network to create a connection between a local host and server. The 3-way handshake is a three-step process that requires both the client and server to exchange synchronization and acknowledgment packets before the real data communication process starts.
Step 1 (SYN)
Step 2 (SYN + ACK)
Step 3 (ACK) -
Question 3 of 10
3. Question
A hacker is defined as a person who can gain unauthorized access to other computers. What is this type of hacker, which is described as persons illegally infiltrating a computer system using their skills either for personal gain or for malicious intent?
Correct
A black hat hacker is a person who attempts to find computer security vulnerability and exploit them for personal financial gain or other malicious reasons. Black hat hackers can inflict major damage on individual computer users and organizations by stealing financial information, compromising the security of major systems, or shutting down or altering functions of websites.
Incorrect
A black hat hacker is a person who attempts to find computer security vulnerability and exploit them for personal financial gain or other malicious reasons. Black hat hackers can inflict major damage on individual computer users and organizations by stealing financial information, compromising the security of major systems, or shutting down or altering functions of websites.
-
Question 4 of 10
4. Question
A penetration test is a full-scale test of the security controls of a system or network to identify security risks and vulnerabilities. In which phase of the penetration test is the actual contract hammered out?
Correct
The penetration test has three main phases: preparation, assessment, and conclusion.
During the preparation phase, the scope of the test, the types of attacks allowed, and the individuals assigned to perform the activity are all agreed upon.Incorrect
The penetration test has three main phases: preparation, assessment, and conclusion.
During the preparation phase, the scope of the test, the types of attacks allowed, and the individuals assigned to perform the activity are all agreed upon. -
Question 5 of 10
5. Question
A security policy is a document describing the security controls implemented in a business to reach a goal. What is this type of security policy, which defines information sensitivity levels and who has access to those levels; it also addresses how data is stored, transmitted, and destroyed?
Correct
The information protection policy provides guidelines to users on the processing, storage, and transmission of sensitive information. The main objective is to ensure that information is protected from modification or disclosure.
Incorrect
The information protection policy provides guidelines to users on the processing, storage, and transmission of sensitive information. The main objective is to ensure that information is protected from modification or disclosure.
-
Question 6 of 10
6. Question
Footprinting refers to the work that hackers do behind the scenes. It involves looking at what operating system hardware set up uses, or pinging the system to determine design properties. Which of the following is not an advantage of footprinting for an ethical hacker?
Correct
ECC outlines four main advantages of footprinting for an ethical hacker:
(1) To know the security position
(2) To reduce the focus area
(3) To identify vulnerabilities
(4) To draw a network mapIncorrect
ECC outlines four main advantages of footprinting for an ethical hacker:
(1) To know the security position
(2) To reduce the focus area
(3) To identify vulnerabilities
(4) To draw a network map -
Question 7 of 10
7. Question
Footprinting is the process of collecting information about the target system to find ways to penetrate the computer system. Attempting to gain access to sensitive information through social engineering is an example of what type of footprinting?
Correct
Active footprinting is the process of gathering information that requires the hacker to interact with the organization.
Examples of active footprinting include the following:
(1) Sending urgent voice mails to convince victims that they need to act quickly to protect themselves from arrest or other risks.
(2) Sending a phishing email to an employee in an attempt to collect proprietary information.Incorrect
Active footprinting is the process of gathering information that requires the hacker to interact with the organization.
Examples of active footprinting include the following:
(1) Sending urgent voice mails to convince victims that they need to act quickly to protect themselves from arrest or other risks.
(2) Sending a phishing email to an employee in an attempt to collect proprietary information. -
Question 8 of 10
8. Question
Website footprinting is a technique wherein information about the target is collected by monitoring the target’s website. What tool will you use if you want to check snapshots of a site from an earlier period to verify deleted information?
Correct
The Internet Archive is a non-profit, digital library of internet sites and other cultural artifacts in digital form. This tool allows you to go back in time to search for lost or deleted information.
Incorrect
The Internet Archive is a non-profit, digital library of internet sites and other cultural artifacts in digital form. This tool allows you to go back in time to search for lost or deleted information.
-
Question 9 of 10
9. Question
DNS is the internet’s system for converting alphabetic names into numeric IP addresses. What is this DNS record type, which defines the hostname and port number of servers providing specific services?
Correct
An SRV is a DNS record type, which is used to established connections between a service and a hostname. When an application needs to find the location of a specific service, it will search for a related SRV record.
Incorrect
An SRV is a DNS record type, which is used to established connections between a service and a hostname. When an application needs to find the location of a specific service, it will search for a related SRV record.
-
Question 10 of 10
10. Question
What tool will you use if you want to inquire about registries and return information, including domain ownership, addresses, locations, and phone numbers?
Correct
Whois is a widely used internet recording listing that recognizes who owns a domain and how to contact them. The Internet Corporation for Assigned Names and Numbers (ICANN) regulates domain name registration and ownership.
Incorrect
Whois is a widely used internet recording listing that recognizes who owns a domain and how to contact them. The Internet Corporation for Assigned Names and Numbers (ICANN) regulates domain name registration and ownership.