Quiz-summary
0 of 11 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
Information
Certified Ethical Hacker Exam Practice Questions
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 11 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- Answered
- Review
-
Question 1 of 11
1. Question
What is defined as the communications network used by our vehicles, and refers to the spontaneous creation of a wireless network for vehicle-to-vehicle data exchange?
Correct
Vehicular Ad Hoc Networks (VANET) are created by applying the principles of Mobile Ad Hoc Networks (MANETs). It is the spontaneous creation of a wireless network or mobile devices to the domain of vehicles. VANETs are also a key part of the intelligent transportation system (ITS) framework.
Incorrect
Vehicular Ad Hoc Networks (VANET) are created by applying the principles of Mobile Ad Hoc Networks (MANETs). It is the spontaneous creation of a wireless network or mobile devices to the domain of vehicles. VANETs are also a key part of the intelligent transportation system (ITS) framework.
-
Question 2 of 11
2. Question
ECC outlined a list of architecture layers inside IoT. What is this layer in IoT, which sits between the application and hardware layers, and handles data and device management, data analysis, and aggregation?
Correct
Middleware is an application-independent software that provides services that allow communications between applications. It also hides the complexities of the lower layers, like operating systems, and networks to ease the integration of new and legacy systems.
Incorrect
Middleware is an application-independent software that provides services that allow communications between applications. It also hides the complexities of the lower layers, like operating systems, and networks to ease the integration of new and legacy systems.
-
Question 3 of 11
3. Question
The Open Web Security Project (OWASP) outlined the Top 10 IoT vulnerabilities to help organizations and individuals gauge the acceptable risk and make an informed decision about releasing or purchasing a product. Which of the following is not included in the list?
Correct
Top 10 IoT vulnerabilities as listed by OWASP:
(1) Weak guessable, or hardcoded passwords
(2) Insecure network services
(3) Insecure ecosystem interfaces
(4) Lack of secure update mechanism
(5) Use of insecure or outdated components
(6) Insufficient privacy protection
(7) Insecure data transfer and storage
(8) Lack of device management
(9) Insecure default settings
(10) Lack of physical hardeningIncorrect
Top 10 IoT vulnerabilities as listed by OWASP:
(1) Weak guessable, or hardcoded passwords
(2) Insecure network services
(3) Insecure ecosystem interfaces
(4) Lack of secure update mechanism
(5) Use of insecure or outdated components
(6) Insufficient privacy protection
(7) Insecure data transfer and storage
(8) Lack of device management
(9) Insecure default settings
(10) Lack of physical hardening -
Question 4 of 11
4. Question
Cloud computing is the delivery of computing services like servers, databases, networking, software, analytics, and intelligence over the internet. What is this type of cloud deployment model, which is generally used when security and compliance requirements in large organizations isn’t a major issue?
Correct
The public cloud is a computing service offered by third-party providers over the public internet, making them available to anyone who wants to use or purchase them.
Incorrect
The public cloud is a computing service offered by third-party providers over the public internet, making them available to anyone who wants to use or purchase them.
-
Question 5 of 11
5. Question
The National Institutes of Standards and Technology created the NIST Cloud Computing Reference Architecture to provide a fundamental reference point to describe an overall framework that can be used government-wide. According to the publication, which major role is defined as the independent assessor of cloud service and security controls?
Correct
NIST Cloud Computing Reference Architecture outlined the five major roles within a cloud architecture: cloud carrier, cloud consumer, cloud provider, cloud broker, and cloud auditor. The cloud auditor is someone that can perform an independent examination of cloud service controls with the intent to express an opinion. Audits are performed to verify conformance to standards through a review of objective evidence.
Incorrect
NIST Cloud Computing Reference Architecture outlined the five major roles within a cloud architecture: cloud carrier, cloud consumer, cloud provider, cloud broker, and cloud auditor. The cloud auditor is someone that can perform an independent examination of cloud service controls with the intent to express an opinion. Audits are performed to verify conformance to standards through a review of objective evidence.
-
Question 6 of 11
6. Question
A trojan is a software that appears to perform a useful function for the user before installing it but instead performs a function, without the user’s consent, to steal information or harm the system. What is this type of trojan, which is intended to provide a backdoor to the system that you connect to via command-line access?
Correct
A command shell trojan is used for reentry into the target’s system by the attacker. This program is installed and is running on the target computer with a name that sounds genuine, so the target is not aware that his or her system is compromised.
Incorrect
A command shell trojan is used for reentry into the target’s system by the attacker. This program is installed and is running on the target computer with a name that sounds genuine, so the target is not aware that his or her system is compromised.
-
Question 7 of 11
7. Question
A virus is a self-replicating program that reproduces its code by attaching copies into other executable codes. What is this type of virus, which modifies directory table entries so that the user or system processed are pointed to the virus code itself instead of the application?
Correct
A cluster virus associates itself with the execution of programs by modifying directory table entries to ensure the virus itself will start when any program on the computer is started.
Incorrect
A cluster virus associates itself with the execution of programs by modifying directory table entries to ensure the virus itself will start when any program on the computer is started.
-
Question 8 of 11
8. Question
A worm is a self-replicating malware computer program that uses a computer network to send copies of itself to other systems without human intervention. What is this type of worm, which uses random messaging on Facebook and other sites to perform malicious actions?
Correct
Ghost eye worm is a hacking program that spreads random messages on Facebook or chat websites to get the user’s password. It is dangerous for your system as it can replicate itself and can attack various windows version computer.
Incorrect
Ghost eye worm is a hacking program that spreads random messages on Facebook or chat websites to get the user’s password. It is dangerous for your system as it can replicate itself and can attack various windows version computer.
-
Question 9 of 11
9. Question
A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt the normal traffic of a targeted server, service, or network by overwhelming the target or its surrounding infrastructure with a flood of internet traffic. What is this type of DDoS attack, which consumes all available bandwidth for the system or service?
Correct
Volumetric attacks are designed to overwhelm internal network capacity with significantly high volumes of malicious traffic. It attempts to consume the bandwidth within the target network, or between the target network and the rest of the internet.
Incorrect
Volumetric attacks are designed to overwhelm internal network capacity with significantly high volumes of malicious traffic. It attempts to consume the bandwidth within the target network, or between the target network and the rest of the internet.
-
Question 10 of 11
10. Question
Encryption is the process of converting data into an unrecognizable form. It is commonly used to protect sensitive information so that only authorized parties can view it. What is this type of encryption which uses only one key to encrypt and decrypt data?
Correct
Symmetric encryption is a form of computerized cryptography using a singular encryption key to guise an electronic message. It is a two-way algorithm because the mathematical algorithm is reversed when decrypting the message using the same secret key.
Incorrect
Symmetric encryption is a form of computerized cryptography using a singular encryption key to guise an electronic message. It is a two-way algorithm because the mathematical algorithm is reversed when decrypting the message using the same secret key.
-
Question 11 of 11
11. Question
Social engineering is the process of manipulating a person, or group of people, into providing information or service they otherwise would never have given. ECC outlined four phases of successful social engineering. In which phase of social engineering is dumpster dive conducted?
Correct
The four phases of successful social engineering as listed by ECC:
(1) Researching or gathering of information by visiting websites, touring the company, and dumpster diving.
(2) Selecting the victim by identifying a frustrated employee or other promising targets.
(3) Developing a relationship with the victim.
(4) Exploiting the relationship by collecting sensitive information.Incorrect