Quiz-summary
0 of 10 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
Information
Certified Ethical Hacker Exam Practice Questions
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 10 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- Answered
- Review
-
Question 1 of 10
1. Question
A penetration test is defined as a full-scale test of the security controls of a system or network to identify security risks and vulnerabilities. There are three different types of penetration testing: black-box testing, white-box testing, and gray-box testing. Which of the following statements best describes gray-box testing?
Correct
Gray-box testing, also known as partial knowledge testing, assumes only that the attacker is an insider. Because most attacks do originate from inside a network, this type of testing is valuable and can demonstrate privilege escalation from a trusted employee.
Incorrect
Gray-box testing, also known as partial knowledge testing, assumes only that the attacker is an insider. Because most attacks do originate from inside a network, this type of testing is valuable and can demonstrate privilege escalation from a trusted employee.
-
Question 2 of 10
2. Question
Ethical hacking is the process of penetrating a system or network to find threats and vulnerabilities in those systems, which a malicious attacker may find and exploit causing loss of data, financial loss, or other major damages. ECC outlined the standard hack as having five phases. Which of the following statements best defines the maintaining access phase in ethical hacking?
Correct
Maintaining access is the fourth phase in ethical hacking, wherein back doors are left open by the attacker for future use, especially if the system is used for further information gathering. Access can be maintained through the use of trojans, rootkits, or any number of methods.
Incorrect
Maintaining access is the fourth phase in ethical hacking, wherein back doors are left open by the attacker for future use, especially if the system is used for further information gathering. Access can be maintained through the use of trojans, rootkits, or any number of methods.
-
Question 3 of 10
3. Question
A hacker is defined as a person who uses a specialized set of tools, techniques, knowledge, and skills to bypass computer security measures to infiltrate a computer system. Which of the following statements best describes a hacktivist?
Correct
A hacktivist is a person who misuses a computer system or network for a socially or politically motivated reason. Hacktivism is meant to call the public’s attention to something the hacktivist believes is an important issue or cause, such as freedom of information or human rights.
Incorrect
A hacktivist is a person who misuses a computer system or network for a socially or politically motivated reason. Hacktivism is meant to call the public’s attention to something the hacktivist believes is an important issue or cause, such as freedom of information or human rights.
-
Question 4 of 10
4. Question
There are several guidelines, standards, and laws governing ethical hacking. What is this law which is enacted to deal with sharing cybersecurity information between the U.S. government and private companies to prevent future attacks?
Correct
The Cyber Intelligence Sharing and Protection Act (CISPA) amends the National Security Act of 1947 with provisions for detecting and sharing information and intelligence about cybersecurity and cybercrime. The bill is geared toward facilitating communication between the government and the private sector, including tech companies.
Incorrect
The Cyber Intelligence Sharing and Protection Act (CISPA) amends the National Security Act of 1947 with provisions for detecting and sharing information and intelligence about cybersecurity and cybercrime. The bill is geared toward facilitating communication between the government and the private sector, including tech companies.
-
Question 5 of 10
5. Question
Footprinting is the process of seeking out information that can be used to facilitate an attack. Several tools can be used in footprinting, one of which is Google Hacking. Which of the following statements best describes Google Hacking?
Correct
Google Hacking is the process of manipulating a search string with additional specific operators to search for vulnerabilities. It involves an attacker submitting queries to Google’s search engine to find sensitive information residing on web pages that have been indexed by Google or to find sensitive information concerning vulnerabilities in applications indexed by Google.
Incorrect
Google Hacking is the process of manipulating a search string with additional specific operators to search for vulnerabilities. It involves an attacker submitting queries to Google’s search engine to find sensitive information residing on web pages that have been indexed by Google or to find sensitive information concerning vulnerabilities in applications indexed by Google.
-
Question 6 of 10
6. Question
Email is one of the valuable footprinting sources. Email communication can provide the IP address, physical location information, browser, and OS information, and links visited by the recipient. Which of the following tools can you use to conduct email footprinting?
Correct
Example of tools for email tracking include the following:
(1) GetNotify
(2) ContactMonkey
(3) Yesware
(4) Read Notify
(5) WhoReadMe
(6) MSGTAG
(7) Trace Email
(8) ZendioIncorrect
Example of tools for email tracking include the following:
(1) GetNotify
(2) ContactMonkey
(3) Yesware
(4) Read Notify
(5) WhoReadMe
(6) MSGTAG
(7) Trace Email
(8) Zendio -
Question 7 of 10
7. Question
The domain name system (DNS) is a naming database in which internet domain names are located and translated into the internet protocol (IP) addresses. Which of the following statements best describes the service (SRV) record?
Correct
The service (SRV) record is a specification of data in the domain name system (DNS), which defines the hostname and port number of servers providing specific services. It is frequently used when configuring SIP or some other third-party service.
Incorrect
The service (SRV) record is a specification of data in the domain name system (DNS), which defines the hostname and port number of servers providing specific services. It is frequently used when configuring SIP or some other third-party service.
-
Question 8 of 10
8. Question
Domain name system (DNS) footprinting refers to collecting information about the DNS zone data, which includes information about key hosts in the network. Whois is one of the tools used in DNS footprinting. Which of the following statements best describes whois?
Correct
Whois is an internet service protocol that queries the registries and returns information, including domain ownership, addresses, locations, and phone numbers. It is a free internet service that enables a user to search a specific domain name’s availability and, in the case it’s registered, the assigned entity/person to whom it is registered. Whois was first conceived in 1982 as an enhancement to the nickname protocol that was developed by ARPANET.
Incorrect
Whois is an internet service protocol that queries the registries and returns information, including domain ownership, addresses, locations, and phone numbers. It is a free internet service that enables a user to search a specific domain name’s availability and, in the case it’s registered, the assigned entity/person to whom it is registered. Whois was first conceived in 1982 as an enhancement to the nickname protocol that was developed by ARPANET.
-
Question 9 of 10
9. Question
Several tools can be used in footprinting, one of which is the Maltego tool. Which of the following statements best describes the Maltego tool?
Correct
Maltego is an open-source intelligence and forensics application created to demonstrate social engineering weaknesses for your environment. It offers an interface for mining and gathering of information, as well as the representation in an easy to understand format.
Incorrect
Maltego is an open-source intelligence and forensics application created to demonstrate social engineering weaknesses for your environment. It offers an interface for mining and gathering of information, as well as the representation in an easy to understand format.
-
Question 10 of 10
10. Question
ECC outlined the scanning methodology phases to ensure that ethical hackers don’t miss anything and that all bases are properly covered. Which of the following is the second phase in the scanning methodology?
Correct
The scanning methodology phases as listed by ECC:
(1) Check for live systems.
(2) Check for open ports.
(3) Scan beyond IDS.
(4) Perform banner grabbing.
(5) Scan for vulnerabilities.
(6) Draw network diagrams.
(7) Prepare proxies.Incorrect
The scanning methodology phases as listed by ECC:
(1) Check for live systems.
(2) Check for open ports.
(3) Scan beyond IDS.
(4) Perform banner grabbing.
(5) Scan for vulnerabilities.
(6) Draw network diagrams.
(7) Prepare proxies.