Quiz-summary
0 of 30 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
Information
Certified Ethical Hacker Exam Practice Questions
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 30 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- Answered
- Review
-
Question 1 of 30
1. Question
Which of the following attacks use a false promise to pique a victim’s greed or curiosity?
Correct
Baiting attacks is usually used as a false or fake promise to pique a victim’s greed or curiosity. They tempt users into a trap that steals their personal and private information or infects their systems with malware or virus. The baiting attack mostly uses physical media to disperse malware or virus and get private information.
Incorrect
Baiting attacks is usually used as a false or fake promise to pique a victim’s greed or curiosity. They tempt users into a trap that steals their personal and private information or infects their systems with malware or virus. The baiting attack mostly uses physical media to disperse malware or virus and get private information.
-
Question 2 of 30
2. Question
Which of the following is a rogue access point configured to look just like a legitimate access point, meaning it advertises a known SSID?
Correct
An evil twin can be defined:-
(A) It is a rogue access point created to find just like a legitimate access point, meaning it shows itself a known SSID
(B) It is a fraudulent Wi-Fi access point that appears to be legitimate but is set up to eavesdrop on wireless communicationsIncorrect
An evil twin can be defined:-
(A) It is a rogue access point created to find just like a legitimate access point, meaning it shows itself a known SSID
(B) It is a fraudulent Wi-Fi access point that appears to be legitimate but is set up to eavesdrop on wireless communications -
Question 3 of 30
3. Question
Which of the following is a hacking method that allows an individual to send anonymous messages to Bluetooth-enabled devices within a certain radius?
Correct
Bluejacking is a term which can be defined as:-
(A) When an attacker sends data to a Bluetooth device without having to get through the pairing process, or perhaps the pairing happens without the receiver knowing about it
(B) Bluejacking attack to transmit an unsolicited message to a victim. This might be a picture or a text message.
(C) This could be a spoof attack, where you send a message that appears to be from someone else in order to get the recipient to do something.Incorrect
Bluejacking is a term which can be defined as:-
(A) When an attacker sends data to a Bluetooth device without having to get through the pairing process, or perhaps the pairing happens without the receiver knowing about it
(B) Bluejacking attack to transmit an unsolicited message to a victim. This might be a picture or a text message.
(C) This could be a spoof attack, where you send a message that appears to be from someone else in order to get the recipient to do something. -
Question 4 of 30
4. Question
Which of the following is a hacking method that allows an individual to receive data from Bluetooth-enabled devices within a certain radius?
Correct
Bluesnarfing can be defined as follows:-
(A) It is more dangerous than bluejacking
(B) Bluejacking is sending data to a device, bluesnarfing is getting data from a device
(C) Bluetooth devices have to be exposed to a certain degree to allow other devices to begin a pairing process
(D) The possibility of another device taking advantage of that little time window
(E) It’s been possible to gain access to a device over Bluetooth without having gone through the pairing processIncorrect
Bluesnarfing can be defined as follows:-
(A) It is more dangerous than bluejacking
(B) Bluejacking is sending data to a device, bluesnarfing is getting data from a device
(C) Bluetooth devices have to be exposed to a certain degree to allow other devices to begin a pairing process
(D) The possibility of another device taking advantage of that little time window
(E) It’s been possible to gain access to a device over Bluetooth without having gone through the pairing process -
Question 5 of 30
5. Question
In Web Application Attacks, which of the following is an attack against the database server?
Correct
In cybersecurity, An SQL attack is defined as an attack against the database server by the hackers, ultimately, though it gets benefits of programming flaws in the application code. Moreover, just like an injection attack, it occurs when a hacker transmit malicious (injects) unexpected data through a web request.
Incorrect
In cybersecurity, An SQL attack is defined as an attack against the database server by the hackers, ultimately, though it gets benefits of programming flaws in the application code. Moreover, just like an injection attack, it occurs when a hacker transmit malicious (injects) unexpected data through a web request.
-
Question 6 of 30
6. Question
In Denial of Service Attacks, which of the following attack is used to generate a lot of traffic that overwhelms the network connection a service is using?
Correct
A bandwidth attack is generally used to create a lot of data traffic that overcrowds the network connection service is being used. A problem with bandwidth attacks, these days, is that target computer will likely have a lot more bandwidth capacity allotted than bandwidth attack. In this case, One computer can’t possibly create enough data traffic to take a website down.
Incorrect
A bandwidth attack is generally used to create a lot of data traffic that overcrowds the network connection service is being used. A problem with bandwidth attacks, these days, is that target computer will likely have a lot more bandwidth capacity allotted than bandwidth attack. In this case, One computer can’t possibly create enough data traffic to take a website down.
-
Question 7 of 30
7. Question
Which of the following is a type of Denial of Service attack that relies on a small stream of very slow traffic which can target application or server resources?
Correct
A low and slow attack is a type of Denial of service or Distributed denial of service attack that based on a small stream of very slow traffic on the internet which can target application or server resources. Slow HTTP attacks are often very effective and efficient without doing a lot of effort from the hacker or attacker.
Incorrect
A low and slow attack is a type of Denial of service or Distributed denial of service attack that based on a small stream of very slow traffic on the internet which can target application or server resources. Slow HTTP attacks are often very effective and efficient without doing a lot of effort from the hacker or attacker.
-
Question 8 of 30
8. Question
In Denial of Service attack, A Fraggle attack is similar to the Smurf attack mentioned earlier. Which of the following message send by Fraggle attack?
Correct
A Fraggle attack is defined as follows-
(A) It is similar to the Smurf attack
(B) In a Smurf attack, spoofed ICMP messages are sent to a broadcast address while a Fraggle attack uses the same approach, but instead of ICMP, UDP messages are sent
(C) UDP, like ICMP, doesn’t validate the source address and is connectionless, which means it can be spoofed
(D) The attacker sends a UDP request to the broadcast address of a network with the target address set as the sourceIncorrect
A Fraggle attack is defined as follows-
(A) It is similar to the Smurf attack
(B) In a Smurf attack, spoofed ICMP messages are sent to a broadcast address while a Fraggle attack uses the same approach, but instead of ICMP, UDP messages are sent
(C) UDP, like ICMP, doesn’t validate the source address and is connectionless, which means it can be spoofed
(D) The attacker sends a UDP request to the broadcast address of a network with the target address set as the source -
Question 9 of 30
9. Question
In Denial of Service attack, which of the following attack can crash a system?
Correct
Local Area Network Denial (LAND) can be explained as follows:-
(A) The system of the victim can crash by this attack
(B) In the LAND attack, source and destination information of a TCP segment set to be the same
(C) This sends the segment into a loop in the operating system, as it is processed as an outbound, then an inbound, and so forth
(D) This loop would lock up the system.Incorrect
Local Area Network Denial (LAND) can be explained as follows:-
(A) The system of the victim can crash by this attack
(B) In the LAND attack, source and destination information of a TCP segment set to be the same
(C) This sends the segment into a loop in the operating system, as it is processed as an outbound, then an inbound, and so forth
(D) This loop would lock up the system. -
Question 10 of 30
10. Question
Which of the following is an attack in which attacker overwrite the memory of an application?
Correct
Attackers or hackers can exploit buffer overflow issues by overwriting or modifying the memory of an application on the victim’s computer. What will This do, it simply changes the execution path of the application, triggering a response that ultimately crashes the files or exposes private or personal information.
Incorrect
Attackers or hackers can exploit buffer overflow issues by overwriting or modifying the memory of an application on the victim’s computer. What will This do, it simply changes the execution path of the application, triggering a response that ultimately crashes the files or exposes private or personal information.
-
Question 11 of 30
11. Question
Which of the following is something that happens that is detectable and this could be anything, such as a user logging in or a network connection failing?
Correct
An event can be explained as follows:-
(A) It is something when happens, that is detectable
(B) This could be anything, such as a user logging in or a network connection fails
(C) An incident is usually defined by an organization based on its own requirements, but generally, it’s an event that violates policy.
(D) This could be unauthorized use of a system, for instance.Incorrect
An event can be explained as follows:-
(A) It is something when happens, that is detectable
(B) This could be anything, such as a user logging in or a network connection fails
(C) An incident is usually defined by an organization based on its own requirements, but generally, it’s an event that violates policy.
(D) This could be unauthorized use of a system, for instance. -
Question 12 of 30
12. Question
Which of the following is a method of securely exchanging cryptographic keys over a public channel?
Correct
Diffie–Hellman key exchange is a method in which securely exchanging cryptographic keys or encryption keys over a public channel and was categorized as one of the first public-key protocols as proposed by Ralph Merkle. It was named after Whitfield Diffie and Martin Hellman.
Incorrect
Diffie–Hellman key exchange is a method in which securely exchanging cryptographic keys or encryption keys over a public channel and was categorized as one of the first public-key protocols as proposed by Ralph Merkle. It was named after Whitfield Diffie and Martin Hellman.
-
Question 13 of 30
13. Question
The Data Encryption Standard (DES) is a block cipher uses which of the following key algorithm?
Correct
The Data Encryption Standard (DES) can be explained as follows:-
(A) It is a block cypher that uses symmetric key
(B) This is a long-deprecated encryption standard, but it raises an important element about cryptography
(C) One of the problems with DES is that it only uses a 56-bit key.Incorrect
The Data Encryption Standard (DES) can be explained as follows:-
(A) It is a block cypher that uses symmetric key
(B) This is a long-deprecated encryption standard, but it raises an important element about cryptography
(C) One of the problems with DES is that it only uses a 56-bit key. -
Question 14 of 30
14. Question
One of the problems with DES is that it only uses a 56-bit key. With Triple DES (3DES), there are three keys that revises the effective key length which of the following?
Correct
With Triple DES (3DES), there are three DES symmetric keys, which enhances the effective key length to 168 bits. However, it’s not a single 168-bit key. It’s three keys applied one at a time. One key is used to encrypt the message. The other key is specifically used to decrypt already received message.
Incorrect
With Triple DES (3DES), there are three DES symmetric keys, which enhances the effective key length to 168 bits. However, it’s not a single 168-bit key. It’s three keys applied one at a time. One key is used to encrypt the message. The other key is specifically used to decrypt already received message.
-
Question 15 of 30
15. Question
Which of the following is sometimes called public-key cryptography?
Correct
Symmetric key cryptography uses a single key for both encryption and decryption at both side i.e. transmitter and receiver side, whereas asymmetric key cryptography uses two keys for encryption and decryption. This is the basic reason for asymmetric key cryptography is sometimes known as public-key cryptography. One key is called the private key and the other one is the public key.
Incorrect
Symmetric key cryptography uses a single key for both encryption and decryption at both side i.e. transmitter and receiver side, whereas asymmetric key cryptography uses two keys for encryption and decryption. This is the basic reason for asymmetric key cryptography is sometimes known as public-key cryptography. One key is called the private key and the other one is the public key.
-
Question 16 of 30
16. Question
Which of the following cryptosystem combines the convenience of a public-key cryptosystem with the efficiency of a symmetric-key cryptosystem?
Correct
In cryptography, a hybrid cryptosystem is explained as follows:-
(A) A cryptosystem that unites the easiness of a public-key cryptosystem with the effectiveness and efficiency of a symmetric-key cryptosystem
(B) Public-key cryptosystems are more comfortable in that they do not require the transmitter and receiver to share a common secret to communicate safely and securelyIncorrect
In cryptography, a hybrid cryptosystem is explained as follows:-
(A) A cryptosystem that unites the easiness of a public-key cryptosystem with the effectiveness and efficiency of a symmetric-key cryptosystem
(B) Public-key cryptosystems are more comfortable in that they do not require the transmitter and receiver to share a common secret to communicate safely and securely -
Question 17 of 30
17. Question
In cryptography, which of the following is an entity that issues digital certificates?
Correct
In cryptography, a certificate authority or certification authority is an entity or body that issues or regularizes digital certificates. Furthermore, a digital certificate which is issued by this authority certifies the ownership of a public key by the named subject of the certificate.
Incorrect
In cryptography, a certificate authority or certification authority is an entity or body that issues or regularizes digital certificates. Furthermore, a digital certificate which is issued by this authority certifies the ownership of a public key by the named subject of the certificate.
-
Question 18 of 30
18. Question
Which of the following is the advantage of symmetric key encryption over asymmetric key encryption?
Correct
The main advantage or benefit of symmetric encryption with respect to asymmetric encryption is that it is very efficient and fast for large amounts of data. The main disadvantage of symmetric encryption is the need to keep the key secret. In other words, this can be very challenging where decryption and encryption take place in different areas or locations, requiring the encryption key to be moved.
Incorrect
The main advantage or benefit of symmetric encryption with respect to asymmetric encryption is that it is very efficient and fast for large amounts of data. The main disadvantage of symmetric encryption is the need to keep the key secret. In other words, this can be very challenging where decryption and encryption take place in different areas or locations, requiring the encryption key to be moved.
-
Question 19 of 30
19. Question
Regarding Governmental data classifications, It is the highest level of data classification and only a very limited number of people will be able to look at data is categorized which of the following?
Correct
The highest level of data classification, according to Governmental data classifications, is categorised as top secret. A very limited number of people are authorised to view or read information categorised as top-secret. Moreover, it is categorised as the highest level of classified information.
Incorrect
The highest level of data classification, according to Governmental data classifications, is categorised as top secret. A very limited number of people are authorised to view or read information categorised as top-secret. Moreover, it is categorised as the highest level of classified information.
-
Question 20 of 30
20. Question
Regarding Governmental data classifications, the exposure of information causing serious damage to national security is the definition for which of the following?
Correct
According to Governmental data classifications, the exposure or intentionally loss of secret information would cause grave concern and serious damage to national security. Access to secret data or information is restricted by law, rule or regulation to particular groups of people with the necessary security clearance and need to know, and mishandling of the information or data can incur criminal penalties.
Incorrect
According to Governmental data classifications, the exposure or intentionally loss of secret information would cause grave concern and serious damage to national security. Access to secret data or information is restricted by law, rule or regulation to particular groups of people with the necessary security clearance and need to know, and mishandling of the information or data can incur criminal penalties.
-
Question 21 of 30
21. Question
Regarding Governmental data classifications, which of the following information can be viewed by everyone?
Correct
Everyone can view the information which is categorised as unclassified. It may also include declassified data or information that was once considered a higher classification, but the threat posed by its loss has normalised. Unclassified is assigned to official data or information that does not bear any security grading but theses information does not publish or publically available without proper permission from the authorities.
Incorrect
Everyone can view the information which is categorised as unclassified. It may also include declassified data or information that was once considered a higher classification, but the threat posed by its loss has normalised. Unclassified is assigned to official data or information that does not bear any security grading but theses information does not publish or publically available without proper permission from the authorities.
-
Question 22 of 30
22. Question
There are three types of data classification in Simple data classification of an organization. Which of the following is not a data class in Simple data classification?
Correct
There are three types of data classification in Simple data classification of an organization. Which includes the following:-
(A) Restricted
(B) Private
(C) PublicIncorrect
There are three types of data classification in Simple data classification of an organization. Which includes the following:-
(A) Restricted
(B) Private
(C) Public -
Question 23 of 30
23. Question
In Simple data classification, data that may also be internal or sensitive, but the loss or disclosure of this data causing only moderate damage to an organization is the definition for which of the following?
Correct
Private Data that may also be sensitive or internal, but the disclosure or loss of this information or data would cause only moderate damage to a company or an organization. For example, the loss of quotations data which are old and not in use, but still can damage the organization.
Incorrect
Private Data that may also be sensitive or internal, but the disclosure or loss of this information or data would cause only moderate damage to a company or an organization. For example, the loss of quotations data which are old and not in use, but still can damage the organization.
-
Question 24 of 30
24. Question
Authorized parties cannot modify data without specific authorization is the objective of which of the following security model?
Correct
The Biba model is developed in 1975 and is named after its developer, Kenneth Biba. There are mainly three objectives for ensuring data integrity:-
(A) Unauthorized parties cannot modify data
(B) Authorized parties cannot modify data without specific authorization
(C) Data should be true and accurate, meaning it has both internal and external consistencyIncorrect
The Biba model is developed in 1975 and is named after its developer, Kenneth Biba. There are mainly three objectives for ensuring data integrity:-
(A) Unauthorized parties cannot modify data
(B) Authorized parties cannot modify data without specific authorization
(C) Data should be true and accurate, meaning it has both internal and external consistency -
Question 25 of 30
25. Question
The Biba Model is a security model which defines three sets of rules. Which of the following is not a rule defined by the Biba Model?
Correct
The Biba Model is a security model which defines three sets of rules which included the following:-
(A) The Simple Identity Property says a subject at one level of integrity may not read a data object at a lower integrity level
(B) The * (star) Identity Property says a subject at one level of integrity may not write to data objects at a higher level of integrity
(C) The Invocation Property says a process from below may not request access at a higher level.Incorrect
The Biba Model is a security model which defines three sets of rules which included the following:-
(A) The Simple Identity Property says a subject at one level of integrity may not read a data object at a lower integrity level
(B) The * (star) Identity Property says a subject at one level of integrity may not write to data objects at a higher level of integrity
(C) The Invocation Property says a process from below may not request access at a higher level. -
Question 26 of 30
26. Question
Bell-LaPadula (a security model) is focused on confidentiality rather than integrity. Which of the following is not a property of The Bell-LaPadula model?
Correct
Bell-LaPadula is focused on confidentiality rather than integrity. As a result, the model defines properties that are different from those that were defined in the Biba model. The Bell-LaPadula properties are defined as follows:-
(A) The Simple Security Property explains that a particular subject at one security level may not read an object at a higher security level
(B) The * (star) Property says that a subject at one security level may not write to an object at a lower security level
(C) The Discretionary Security Property uses an access matrix to indicate discretionary accessIncorrect
Bell-LaPadula is focused on confidentiality rather than integrity. As a result, the model defines properties that are different from those that were defined in the Biba model. The Bell-LaPadula properties are defined as follows:-
(A) The Simple Security Property explains that a particular subject at one security level may not read an object at a higher security level
(B) The * (star) Property says that a subject at one security level may not write to an object at a lower security level
(C) The Discretionary Security Property uses an access matrix to indicate discretionary access -
Question 27 of 30
27. Question
Which of the following is a means of avoiding, detecting, counteracting, or minimizing security risk?
Correct
Security control is a means of detecting, avoiding, controlling, counteracting, reducing or minimizing security risk. Security risks may include intrusion detection systems or firewalls. They may also include CCTV cameras, security guards, door locks or bollards for physical security.
Incorrect
Security control is a means of detecting, avoiding, controlling, counteracting, reducing or minimizing security risk. Security risks may include intrusion detection systems or firewalls. They may also include CCTV cameras, security guards, door locks or bollards for physical security.
-
Question 28 of 30
28. Question
Regarding security at a business level, there are five functions refer to risks to the business. Which of the following is about identifying risk to the business, identifying assets, identifying policies used for governance, and identifying a risk management strategy?
Correct
The Identify function can be defined as:-
(A) It is a function about identifying risk to the business
(B) Identifying assets
(C) Identifying policies used for governance
(D) Identifying a risk management strategy.
(E) These procedures or actions should be guided by the organization or business ensuring that security and the business are aligned in a mutual understanding of the goals.Incorrect
The Identify function can be defined as:-
(A) It is a function about identifying risk to the business
(B) Identifying assets
(C) Identifying policies used for governance
(D) Identifying a risk management strategy.
(E) These procedures or actions should be guided by the organization or business ensuring that security and the business are aligned in a mutual understanding of the goals. -
Question 29 of 30
29. Question
Regarding security at a business level, there are five functions refer to risks to the business. Which of the following is about protecting business assets overall, which means there should be capabilities for maintaining software or appliances?
Correct
The protect function is a function which is explained below:-
(A) It is about protecting the overall assets of the organization or business
(B) It means it has the capabilities for maintaining software, applications, equipment or computer system.
(c) It also includes ensuring all assets must be kept up to date with the help of a plan.
(D) It makes sure there are an identity and access management functions or mechanism to ensure that only authorized users have access to the resources of the organization.Incorrect
The protect function is a function which is explained below:-
(A) It is about protecting the overall assets of the organization or business
(B) It means it has the capabilities for maintaining software, applications, equipment or computer system.
(c) It also includes ensuring all assets must be kept up to date with the help of a plan.
(D) It makes sure there are an identity and access management functions or mechanism to ensure that only authorized users have access to the resources of the organization. -
Question 30 of 30
30. Question
The Clark-Wilson model is another security model that focuses on which of the following?
Correct
The model which focus on integrity rather than confidentiality is known as the Clark-Wilson model. This doesn’t work the same as the Biba Model, even if the end result of the both models intended to be the same. However, Clark-Wilson does not only rely on a state machine, as compared to Biba Model.
Incorrect
The model which focus on integrity rather than confidentiality is known as the Clark-Wilson model. This doesn’t work the same as the Biba Model, even if the end result of the both models intended to be the same. However, Clark-Wilson does not only rely on a state machine, as compared to Biba Model.