Quiz-summary
0 of 10 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
Information
Certified Ethical Hacker Exam Practice Questions
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 10 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- Answered
- Review
-
Question 1 of 10
1. Question
SQL injection is an application security weakness that allows attackers to control an application’s database, letting them access or delete data, change an application’s data-driven behavior by tricking the application into sending unexpected SQL commands. Which of the following statements best describes an out-of-band SQL injection?
Correct
The out-of-band SQL injection is performed when the attacker can’t use the same channel to launch the attack and gather information, or when a server is too slow or unstable for these actions to be performed. These techniques count on the capacity of the server to create DNS or HTTP requests to transfer data to an attacker.
Incorrect
The out-of-band SQL injection is performed when the attacker can’t use the same channel to launch the attack and gather information, or when a server is too slow or unstable for these actions to be performed. These techniques count on the capacity of the server to create DNS or HTTP requests to transfer data to an attacker.
-
Question 2 of 10
2. Question
Web organizations assist in a wide array of efforts to improve the internet. What is this web organization, which is defined as an international community where Member organizations, full-time staff, and the public work together to develop web standards?
Correct
The World Wide Web (W3C) is an international community where Member organizations, full-time staff, and the public work together to develop web standards. Its mission is to lead the World Wide Web to its full potential by developing protocols and guidelines that ensure the long-term growth of the web. W3C engages in education and outreach, develops software, and serves as an open forum for discussion about the web.
Incorrect
The World Wide Web (W3C) is an international community where Member organizations, full-time staff, and the public work together to develop web standards. Its mission is to lead the World Wide Web to its full potential by developing protocols and guidelines that ensure the long-term growth of the web. W3C engages in education and outreach, develops software, and serves as an open forum for discussion about the web.
-
Question 3 of 10
3. Question
Jailbreaking is the process of removing a restricted mode of operation in a mobile device. There are three basic techniques in jailbreaking an IOS device: untethered, semi-tethered, and tethered. Which of the following statements defines the semi-tethered technique?
Correct
A semi-tethered is a jailbreaking technique wherein reboot no longer retains the patched kernel, but the software has already been added to the device. In this technique, jailbreak extensions won’t load until a computer-based jailbreak application is deployed over a physical cable connection between the device and the computer in question.
Incorrect
A semi-tethered is a jailbreaking technique wherein reboot no longer retains the patched kernel, but the software has already been added to the device. In this technique, jailbreak extensions won’t load until a computer-based jailbreak application is deployed over a physical cable connection between the device and the computer in question.
-
Question 4 of 10
4. Question
Bluetooth is used for connecting devices over a short distance, and since we keep everything on our devices, it is fairly obvious that hacking that signal could pay huge dividends. Bluejacking is one of the major types of Bluetooth attacks. Which of the following statements best describes bluejacking?
Correct
Bluejacking is a hacking method that allows an individual to send anonymous messages to Bluetooth-enabled devices within a certain radius. First, the hacker scans his surroundings with a Bluetooth-enabled device, searching for other devices. The hacker then sends an unsolicited message to the detected devices.
Incorrect
Bluejacking is a hacking method that allows an individual to send anonymous messages to Bluetooth-enabled devices within a certain radius. First, the hacker scans his surroundings with a Bluetooth-enabled device, searching for other devices. The hacker then sends an unsolicited message to the detected devices.
-
Question 5 of 10
5. Question
A trojan is a software that appears to perform a useful function for the user before installing it but instead performs a function without the user’s knowledge, that steals information and harms the system. Which of the following statements best describes a covert channel tunneling trojan (CCTT)?
Correct
Covert channel tunneling trojan (CCTT) is one form of remote access trojan that uses a variety of exploitation techniques to create data transfer channels in previously authorized data streams. It is designed to provide an external shell from within the internal environment.
Incorrect
Covert channel tunneling trojan (CCTT) is one form of remote access trojan that uses a variety of exploitation techniques to create data transfer channels in previously authorized data streams. It is designed to provide an external shell from within the internal environment.
-
Question 6 of 10
6. Question
A virus is a self-replicating program that reproduces its code by attaching copies into other executable codes. Which of the following descriptions defines a metamorphic virus?
Correct
A metamorphic virus rewrites itself every time it infects a new file. It is considered the most infectious computer virus, and it can do serious damage to a system if not detected quickly.
Incorrect
A metamorphic virus rewrites itself every time it infects a new file. It is considered the most infectious computer virus, and it can do serious damage to a system if not detected quickly.
-
Question 7 of 10
7. Question
A worm is a self-replicating malware computer program that uses a computer network to send copies of itself to other systems without human intervention. Which of the following statements best describes a Darlloz worm?
Correct
The Darlloz worm is a Linux-based worm that targets running ARM, MIPS, and PowerPC architectures. It uses the vulnerability to seek administrative privileges by providing commonly-used login usernames and passwords. If a Darlloz worm gains access to the computer, it leaves a backdoor on the infected system or device that allows hackers to issue commands at any point in time.
Incorrect
The Darlloz worm is a Linux-based worm that targets running ARM, MIPS, and PowerPC architectures. It uses the vulnerability to seek administrative privileges by providing commonly-used login usernames and passwords. If a Darlloz worm gains access to the computer, it leaves a backdoor on the infected system or device that allows hackers to issue commands at any point in time.
-
Question 8 of 10
8. Question
A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic or sending it information that triggers a crash. ECC listed several DoS application-level attacks, one of which is the teardrop attack. Which of the following statements best describes a teardrop attack?
Correct
A teardrop attack is a Denial-of-Service (DoS) attack that involves sending an overlapping, extremely large IP fragments to the target machine. Since the machine receiving such packets cannot reassemble them due to a bug in TCP/IP fragmentation reassembly, the packets overlap one another, crashing the target network device.
Incorrect
A teardrop attack is a Denial-of-Service (DoS) attack that involves sending an overlapping, extremely large IP fragments to the target machine. Since the machine receiving such packets cannot reassemble them due to a bug in TCP/IP fragmentation reassembly, the packets overlap one another, crashing the target network device.
-
Question 9 of 10
9. Question
Encryption algorithms are mathematical formulas used to encrypt and decrypt data. There are two methods in which the algorithms work, and there are two methods by which keys can be used and shared. One of which is asymmetric encryption. Which of the following descriptions does not define asymmetric encryption?
Correct
In asymmetric encryption, the sender and the recipient use two different keys. It uses a public key-private key pairing: data encrypted with the private key can only be decrypted with the public key, and vice versa.
Incorrect
In asymmetric encryption, the sender and the recipient use two different keys. It uses a public key-private key pairing: data encrypted with the private key can only be decrypted with the public key, and vice versa.
-
Question 10 of 10
10. Question
Social engineering is the art of manipulating a person, or a group of people, into providing information or service they otherwise would never have given. Shoulder surfing is an example of a human-based social engineering method. Which of the following statements best describes shoulder surfing?
Correct
Shoulder surfing refers to direct observation, such as looking over a person’s shoulder, to obtain information. In some instances, shoulder surfing may constitute a security breach as the person behind may be gleaning private information, such as your PIN or credit card information.
Incorrect
Shoulder surfing refers to direct observation, such as looking over a person’s shoulder, to obtain information. In some instances, shoulder surfing may constitute a security breach as the person behind may be gleaning private information, such as your PIN or credit card information.