Quiz-summary
0 of 10 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
Information
Certified Ethical Hacker Exam Practice Questions
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 10 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- Answered
- Review
-
Question 1 of 10
1. Question
A three-way handshake process is a method used in a TCP/IP network to create a connection between a local host and server. What is this step in the three-way handshake process, wherein the client acknowledges the response server, and they both establish a reliable connection with which they will start the actual data transfer?
Correct
The three-way handshake is a process that requires both the client and server to exchange synchronization and acknowledgment packets before the real data communication process starts.
Step 1 (SYN)
Step 2 (SYN + ACK)
Step 3 (ACK)Incorrect
The three-way handshake is a process that requires both the client and server to exchange synchronization and acknowledgment packets before the real data communication process starts.
Step 1 (SYN)
Step 2 (SYN + ACK)
Step 3 (ACK) -
Question 2 of 10
2. Question
A network security zone is a segmented section of a network that contains systems and components with limited access to the internal network. What is this type of network security zone, which is defined as a private network that has implemented services for internal use only?
Correct
An intranet zone is a controlled zone that has little-to-no heavy restrictions. Not everything is allowed in the intranet zone, but communications require fewer controls internally.
Incorrect
An intranet zone is a controlled zone that has little-to-no heavy restrictions. Not everything is allowed in the intranet zone, but communications require fewer controls internally.
-
Question 3 of 10
3. Question
The main task of a penetration tester is to keep systems safe and to point out the weaknesses in security design. What is defined as a weakness that can be exploited by an attacker to perform illegal actions within a network system?
Correct
A penetration tester must be up to date on active vulnerabilities. ECC lists vulnerabilities into a series of categories: misconfiguration, default installations, buffer overflows, missing patches, design flaws, operating system flaws, application flaws, etc.
Incorrect
A penetration tester must be up to date on active vulnerabilities. ECC lists vulnerabilities into a series of categories: misconfiguration, default installations, buffer overflows, missing patches, design flaws, operating system flaws, application flaws, etc.
-
Question 4 of 10
4. Question
What is defined as a collection of requirements and processes that help determine how an organization’s information systems are built and how they work?
Correct
The Enterprise Information Security Architecture (EISA) offers a framework upon which business security requirements, the risks, and the threats are analyzed, and a portfolio of the integrated enterprise security solutions are put together.
Incorrect
The Enterprise Information Security Architecture (EISA) offers a framework upon which business security requirements, the risks, and the threats are analyzed, and a portfolio of the integrated enterprise security solutions are put together.
-
Question 5 of 10
5. Question
Preventative, detective, and corrective controls are put into place to prevent incidents from occurring, and some were designed for after the event to control the extent of damage and aid quick recovery. What are the three types of security controls?
Correct
Security controls are categorized as physical, technical, and administrative.
(1) Examples of physical control include guards, lights, and cameras.
(2) Examples of technical control include encryption, smartcards, and access control lists.
(3) Examples of administrative control include training, awareness, and policy efforts.Incorrect
Security controls are categorized as physical, technical, and administrative.
(1) Examples of physical control include guards, lights, and cameras.
(2) Examples of technical control include encryption, smartcards, and access control lists.
(3) Examples of administrative control include training, awareness, and policy efforts. -
Question 6 of 10
6. Question
During an integrity attack, a file is accessed without authorization and altered to reflect malicious information other than what authorized users intend. What is this type of integrity attack wherein the attacker can change a specific field in the ciphertext without description, and the attack is done on the encrypted message by modifying one byte of the ciphertext?
Correct
Bit flipping attack is a type of integrity attack, wherein the attacker isn’t interested in learning the totality of the plain-text message. Rather, bits are controlled in the cipher text to create an expected outcome in the plain text once it is decrypted.
Incorrect
Bit flipping attack is a type of integrity attack, wherein the attacker isn’t interested in learning the totality of the plain-text message. Rather, bits are controlled in the cipher text to create an expected outcome in the plain text once it is decrypted.
-
Question 7 of 10
7. Question
What tool will you use if you want to get a host of information about where the email travels and how it gets there, when it was opened and how long they spend reading the email?
Correct
An email tracking tool helps to monitor the delivery of email messages to the intended recipient. Most tracking tools use some form of digitally time-stamped record to reveal the exact time and date that an email was received or opened, as well as the IP address of the recipient.
Examples of tools for email tracking include GetNotify, ContactMonkey, Yesware, Read Notify, WhoReadMe, MSGTAG, Trace Email, and Zendio.Incorrect
An email tracking tool helps to monitor the delivery of email messages to the intended recipient. Most tracking tools use some form of digitally time-stamped record to reveal the exact time and date that an email was received or opened, as well as the IP address of the recipient.
Examples of tools for email tracking include GetNotify, ContactMonkey, Yesware, Read Notify, WhoReadMe, MSGTAG, Trace Email, and Zendio. -
Question 8 of 10
8. Question
A broadcast address is a special Internet Protocol (IP) address used to transmit messages and data packets to network systems. What is this type of broadcast addressing, wherein the destination address is a valid broadcast address for some subnet but which emerges from a node that is not part of the destination subnet?
Correct
If the directed broadcast is allowed for an interface, incoming packets whose addresses identify them as directed broadcasts intended for the subnet to which the interface is attached are broadcast on the subnet.
Incorrect
If the directed broadcast is allowed for an interface, incoming packets whose addresses identify them as directed broadcasts intended for the subnet to which the interface is attached are broadcast on the subnet.
-
Question 9 of 10
9. Question
Scanning and enumeration is the second phase in ethical hacking, wherein security professionals take the information they gathered in recon and actively apply tools and techniques to gather more in-depth information on the targets. What is this tool, which can perform many different types of scans (from recognizing active machines to port scanning and registration), and can also be configured to control the speed at which a scan operates?
Correct
Network mapper (NMAP) is a free, open-source tool used for vulnerability scanning and network discovery. Network administrators use this tool to recognize what devices are running on their systems, discovering available hosts and the services they provide, detecting open ports, and locating security risks.
Incorrect
Network mapper (NMAP) is a free, open-source tool used for vulnerability scanning and network discovery. Network administrators use this tool to recognize what devices are running on their systems, discovering available hosts and the services they provide, detecting open ports, and locating security risks.
-
Question 10 of 10
10. Question
The enumeration in ethical hacking simply means listing the items we find within a specific target. What is this type of enumeration technique, which involves sending an unsought request to an open port to see what default message is returned?
Correct
Banner grabbing is one of the most fundamental enumerating methods, which is defined as a technique to discover network services by simply querying the service port. Many services will respond with a simple text message indicating the technology in use.
Incorrect
Banner grabbing is one of the most fundamental enumerating methods, which is defined as a technique to discover network services by simply querying the service port. Many services will respond with a simple text message indicating the technology in use.