Quiz-summary
0 of 10 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
Information
Certified Ethical Hacker Exam Practice Questions
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 10 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- Answered
- Review
-
Question 1 of 10
1. Question
A rootkit is a collection of software put in place by an attacker that is created to conceal system compromise. Which type of rootkit replaces the boot loader with another one which is controlled by the hacker?
Correct
Boot loader level rootkits replace or modify the legitimate boot loader with another one, thus enabling the boot loader level to be activated even before the operating system is started. Boot loader level rootkits are a serious threat to security because they can be used to hack the encryption keys and passwords.
Incorrect
Boot loader level rootkits replace or modify the legitimate boot loader with another one, thus enabling the boot loader level to be activated even before the operating system is started. Boot loader level rootkits are a serious threat to security because they can be used to hack the encryption keys and passwords.
-
Question 2 of 10
2. Question
What is this web organization, which is defined as an international community where member organizations, full-time staff, and the public work together to develop web standards?
Correct
The W3C mission is to lead the World Wide Web to its full potential by developing protocols and guidelines that ensure the long-term growth of the web. W3C engages in education and outreach, develops software, and serves as an open forum for discussion about the web.
Incorrect
The W3C mission is to lead the World Wide Web to its full potential by developing protocols and guidelines that ensure the long-term growth of the web. W3C engages in education and outreach, develops software, and serves as an open forum for discussion about the web.
-
Question 3 of 10
3. Question
The Open Web Application Security is a non-profit charitable organization focused on improving the security of software. The OWASP outlined the Top 10 most critical web application security flaws. Which of the following is not included in the Top 10 list?
Correct
The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.
(1) Injection
(2) Broken Authentication
(3) Sensitive Data Exposure
(4) XML External Entities (XXE)
(5) Broken Access Control
(6) Security Misconfiguration
(7) Cross-Site Scripting XSS
(8) Insecure Deserialization
(9) Using Components with Known Vulnerabilities
(10) Insufficient Logging & MonitoringIncorrect
The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.
(1) Injection
(2) Broken Authentication
(3) Sensitive Data Exposure
(4) XML External Entities (XXE)
(5) Broken Access Control
(6) Security Misconfiguration
(7) Cross-Site Scripting XSS
(8) Insecure Deserialization
(9) Using Components with Known Vulnerabilities
(10) Insufficient Logging & Monitoring -
Question 4 of 10
4. Question
Network mapper (NMAP) is a powerful tool, which is used for network mapping and port scanning, allowing the network administrators to discover hosts, and services on a computer network, and create a map of the network. What command will you use if you want to enumerate common web applications?
Correct
If you want to enumerate web applications, you just need to type nmap –script http-enum -p80
Other examples of useful NMAP command include the following:
(1) To list email accounts, just type nmap –script http-google-email
(2) To grab the robots.txt file, just type nmap -p80 –script http-robots.txtIncorrect
If you want to enumerate web applications, you just need to type nmap –script http-enum -p80
Other examples of useful NMAP command include the following:
(1) To list email accounts, just type nmap –script http-google-email
(2) To grab the robots.txt file, just type nmap -p80 –script http-robots.txt -
Question 5 of 10
5. Question
Wireless encryption secures your wireless network with an authentication protocol. It requires a password or network key when a user tries to connect. Which type of wireless encryption uses a Temporal Key Integrity Protocol (TKIP), a 128-bit key, and the client’s MAC address to accomplish much stronger encryption?
Correct
WPA is a security protocol created to make secure wireless networks. It is similar to the WEP protocol but offers better security measures. WPA also uses the Extensible Authentication Protocol (EAP) for authorizing users. This makes it more difficult for unauthorized systems to gain access to the wireless network.
Incorrect
WPA is a security protocol created to make secure wireless networks. It is similar to the WEP protocol but offers better security measures. WPA also uses the Extensible Authentication Protocol (EAP) for authorizing users. This makes it more difficult for unauthorized systems to gain access to the wireless network.
-
Question 6 of 10
6. Question
A variety of wireless network vulnerabilities could easily be exploited on wireless networks to steal sensitive data, take control of a router or connected device, or install malware. What is this type of wireless hacking attack, wherein the attacker is using a 3rd party valid consumer as an extra hop or man-in-the-center between the attacker’s device and AP?
Correct
During the Ad-Hoc connection attack, an attacker can enable an Ad-Hoc connection in a user’s system using malware, or if the consumer is already using an Ad-Hoc connection to share the internet with peers. The attacker can compromise the connection operating in Ad-Hoc mode since this mode does not provide strong encryption to the connection.
Incorrect
During the Ad-Hoc connection attack, an attacker can enable an Ad-Hoc connection in a user’s system using malware, or if the consumer is already using an Ad-Hoc connection to share the internet with peers. The attacker can compromise the connection operating in Ad-Hoc mode since this mode does not provide strong encryption to the connection.
-
Question 7 of 10
7. Question
Cloud computing provides users and organization subscribers on-demand delivery of different IT services over a network. What is this type of cloud computing wherein users are allowed to connect to and use cloud-based apps over the internet?
Correct
Software as a Service (SaaS) is a software distribution model that offers on-demand applications to subscribers over the internet. Common examples are email, calendaring, and office tools.
Incorrect
Software as a Service (SaaS) is a software distribution model that offers on-demand applications to subscribers over the internet. Common examples are email, calendaring, and office tools.
-
Question 8 of 10
8. Question
Malware is defined as software designed to harm or to illegally access a computer system without the owner’s consent. What is this cyber technique, wherein the attacker attempts to distribute the malware through online advertisements?
Correct
Malvertising is the process of embedding malware into legitimate ad networks in an effort to throw malware to different sites.
Incorrect
Malvertising is the process of embedding malware into legitimate ad networks in an effort to throw malware to different sites.
-
Question 9 of 10
9. Question
A virus is a self-replicating program that reproduces its code by attaching copies into other executable codes. Which type of virus attempts to infect both files and the boot sector at the same time?
Correct
A multipartite virus is a fast-moving virus that uses boot infectors to attack the boot sector and executable files simultaneously.
Incorrect
A multipartite virus is a fast-moving virus that uses boot infectors to attack the boot sector and executable files simultaneously.
-
Question 10 of 10
10. Question
What is defined as the technique of hiding secret data within an ordinary, non-secret, file, or message to avoid detection?
Correct
Stenography is the art of concealing information by hiding the data within a normal message or file. It serves a similar purpose to cryptography, but instead of encrypting data, stenography hides it from the user.
Incorrect
Stenography is the art of concealing information by hiding the data within a normal message or file. It serves a similar purpose to cryptography, but instead of encrypting data, stenography hides it from the user.