Quiz-summary
0 of 10 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
Information
Certified Ethical Hacker Exam Practice Questions
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 10 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- Answered
- Review
-
Question 1 of 10
1. Question
Bluetooth is used for connecting devices, usually mobile phones, wirelessly over a short distance. Since we keep a lot of personal information in our Bluetooth-enabled devices, it is susceptible to hacking that could pay huge dividends. What is this type of Bluetooth attack wherein the attacker sends unsolicited messages to and from mobile devices?
Correct
Bluejacking or bluehacking is a hacking method that allows an individual to send anonymous messages to Bluetooth-enabled devices within a certain radius.
Incorrect
Bluejacking or bluehacking is a hacking method that allows an individual to send anonymous messages to Bluetooth-enabled devices within a certain radius.
-
Question 2 of 10
2. Question
A wireless network is a communications system that transmits and receives radio signals over the air. What is this tool, which is used to verify wireless quality and to measure the magnitude of a given input signal set against the full frequency range of the instrument?
Correct
The spectrum analyzer is primarily used to measure the strength of the spectrum of known and unknown signals. It can also divulge details and elements about the signal, such as the efficiency and performance of the circuit or equipment producing the signal.
Incorrect
The spectrum analyzer is primarily used to measure the strength of the spectrum of known and unknown signals. It can also divulge details and elements about the signal, such as the efficiency and performance of the circuit or equipment producing the signal.
-
Question 3 of 10
3. Question
The Internet of Things refers to the growing network of physical objects that feature an IP address for internet connectivity, and the communication that occurs between these subjects and other internet-enabled devices and systems. What is this type of IoT attack, which is defined as an attack by which the hackers can grasp Bluetooth connections to penetrate and take complete control over targeted devices?
Correct
A BlueBorne attack can affect computers, mobile phones, and the expanding realm of IoT devices. The attack does not need the targeted device to be paired to the hacker’s device, or even to be set on discoverable mode. It can also be used to conduct a large range of offenses, including remote code execution and man-in-the-middle attacks.
Incorrect
A BlueBorne attack can affect computers, mobile phones, and the expanding realm of IoT devices. The attack does not need the targeted device to be paired to the hacker’s device, or even to be set on discoverable mode. It can also be used to conduct a large range of offenses, including remote code execution and man-in-the-middle attacks.
-
Question 4 of 10
4. Question
Malware is a computer program designed to infiltrate and damage computers without the user’s consent. What is this type of malware, which appears to perform a useful function for the user before installing it but instead performs a function without the user’s knowledge that steals information and harms the system?
Correct
A trojan is one of the most common types of malware which penetrates your system disguised as a normal and harmless file designed to trick you into installing malware. As soon as you install a trojan, you’re giving hackers access to your system. These hackers can steal information, install more malware, monitor user activity, and even modify files.
Incorrect
A trojan is one of the most common types of malware which penetrates your system disguised as a normal and harmless file designed to trick you into installing malware. As soon as you install a trojan, you’re giving hackers access to your system. These hackers can steal information, install more malware, monitor user activity, and even modify files.
-
Question 5 of 10
5. Question
Social engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. What are the phases of social engineering?
Correct
ECC defines four phases of successful social engineering:
(1) Researching or gathering of information.
(2) Selecting of the victim.
(3) Developing a relationship or initiating an interaction, starting by building trust.
(4) Exploiting the relationship or actively infiltrating the target.Incorrect
ECC defines four phases of successful social engineering:
(1) Researching or gathering of information.
(2) Selecting of the victim.
(3) Developing a relationship or initiating an interaction, starting by building trust.
(4) Exploiting the relationship or actively infiltrating the target. -
Question 6 of 10
6. Question
A security assessment is performed to identify the current security posture of an organization. The assessment provides recommendations for improvement, which allows the organization to reach a security goal that mitigates risks. What is this type of security assessment, which is designed to uncover potential security holes in the system and disclose them to the client for resolution, but it does not fix vulnerabilities, nor does it exploit them?
Correct
A security audit occurs when a technology team conducts an organizational review to ensure that the correct and updated processes are being applied to the system. It also scans and tests a system for existing vulnerabilities but does not intend to exploit any of them.
Incorrect
A security audit occurs when a technology team conducts an organizational review to ensure that the correct and updated processes are being applied to the system. It also scans and tests a system for existing vulnerabilities but does not intend to exploit any of them.
-
Question 7 of 10
7. Question
What is this type of penetration test, which analyzes publicly available information, conducts network scanning, enumeration, and testing from the network perimeter?
Correct
External penetration testing is performed remotely to the environment to simulate an external penetration attack, targeting responding internet-facing hosts and services.
Incorrect
External penetration testing is performed remotely to the environment to simulate an external penetration attack, targeting responding internet-facing hosts and services.
-
Question 8 of 10
8. Question
ECC outlined the main phases during the actual test: pre-attack, attack, and post-attack phases. In which phase is identifying network ranges performed?
Correct
During the pre-attack phase, reconnaissance, the gathering of information efforts, gathering competitive intelligence, and identifying network ranges are accomplished.
Incorrect
During the pre-attack phase, reconnaissance, the gathering of information efforts, gathering competitive intelligence, and identifying network ranges are accomplished.
-
Question 9 of 10
9. Question
A penetration test report should detail the outcome of the test, and if you are making recommendations, document the recommendations to secure any high-risk systems. Which of the following should not be included in a penetration test report?
Correct
A complete penetration test report should contain the following:
(1) Summary of the organization’s overall security posture.
(2) Names of all participants and dates of all tests.
(3) List of findings.
(4) Analysis of each finding and the recommended mitigation steps.
(5) Log files and other evidence from your toolset.Incorrect
A complete penetration test report should contain the following:
(1) Summary of the organization’s overall security posture.
(2) Names of all participants and dates of all tests.
(3) List of findings.
(4) Analysis of each finding and the recommended mitigation steps.
(5) Log files and other evidence from your toolset. -
Question 10 of 10
10. Question
Social engineering is defined as a broad range of malicious activities accomplished through human interactions. It uses psychological manipulation to trick users into making security mistakes or giving away sensitive information. Hoax emails, chain letters, and instant messaging are examples of which type of social engineering attack?
Correct
Computer-based attacks are carried out with the use of a computer. Examples of computer-based attacks include hoax emails, chain letters, instant messaging, spam and phishing, and social networking and spoofing sites.
Incorrect
Computer-based attacks are carried out with the use of a computer. Examples of computer-based attacks include hoax emails, chain letters, instant messaging, spam and phishing, and social networking and spoofing sites.