Quiz-summary
0 of 10 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
Information
Certified Ethical Hacker Exam Practice Questions
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 10 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- Answered
- Review
-
Question 1 of 10
1. Question
A network security zone is a segmented section of a network that contains systems and components with limited access to the internal network. What is this type of security policy, which outlines the controls placed on both the physical access to the computer system and software to control access to computer networks and data?
Correct
Access control policy recognizes the resources that need protection and the regulations in place to limit access to those resources.
Incorrect
Access control policy recognizes the resources that need protection and the regulations in place to limit access to those resources.
-
Question 2 of 10
2. Question
A hacker is defined as a person who uses a set of tools, techniques, knowledge, and skills to bypass computer security measures to infiltrate a computer or network. Which of the following statements best describes a script kiddie?
Correct
A script kiddie is someone who lacks programming knowledge and uses existing software to launch an attack. Often a script kiddie will use these programs without even knowing how they work or what they do.
Incorrect
A script kiddie is someone who lacks programming knowledge and uses existing software to launch an attack. Often a script kiddie will use these programs without even knowing how they work or what they do.
-
Question 3 of 10
3. Question
Hackers are classified into three categories: white hats, black hats, and gray hats. Which of the following statements best describes a gray hat hacker?
Correct
Gray hat hackers represent the middle ground between white hat hackers ad black hat hackers. These types of hackers are not inherently malicious with their intentions; they’re just looking to get something out of their discoveries for themselves. However, this type of hacking is still considered illegal because the hacker did not receive permission from the owner before attempting to attack the system.
Incorrect
Gray hat hackers represent the middle ground between white hat hackers ad black hat hackers. These types of hackers are not inherently malicious with their intentions; they’re just looking to get something out of their discoveries for themselves. However, this type of hacking is still considered illegal because the hacker did not receive permission from the owner before attempting to attack the system.
-
Question 4 of 10
4. Question
According to ECC, there are five phases of ethical hacking. In which phase is the gathering of evidence and information on the targets you want to attack happens?
Correct
Reconnaissance, also known a the preparatory phase, is where the hacker gathers information about a target before launching an attack and is completed in phases prior to exploiting system vulnerabilities.
Incorrect
Reconnaissance, also known a the preparatory phase, is where the hacker gathers information about a target before launching an attack and is completed in phases prior to exploiting system vulnerabilities.
-
Question 5 of 10
5. Question
A penetration test is a simulated cyberattack against your computer system to check for exploitable vulnerabilities. There are three types of penetration testing: black box, white box, and gray box testing. Which of the following statements best describes a white box testing?
Correct
White box testing is a software testing method in which the internal structure or design of the target of evaluation is known to the tester.
Incorrect
White box testing is a software testing method in which the internal structure or design of the target of evaluation is known to the tester.
-
Question 6 of 10
6. Question
Footprinting is the process of collecting as much information as possible about the target system to find ways to penetrate the system. It has two main methods: active and passive footprinting. Which of the following scenarios is an example of active footprinting?
Correct
Active footprinting is the process of using tools and techniques, such as performing a ping sweep or using the traceroute command, to gather information on a target while passive footprinting refers to measures to collect information from publicly accessible sources.
Incorrect
Active footprinting is the process of using tools and techniques, such as performing a ping sweep or using the traceroute command, to gather information on a target while passive footprinting refers to measures to collect information from publicly accessible sources.
-
Question 7 of 10
7. Question
There are various footprinting methodologies used to collect information about the target organization. What is this footprinting method, which involves manipulating a search string with additional specific operators to search for vulnerabilities?
Correct
Google hacking can be used to identify a security vulnerability in web applications, gather information for individual targets, discover error messages disclosing sensitive information, discover files containing credentials, and other sensitive data.
Incorrect
Google hacking can be used to identify a security vulnerability in web applications, gather information for individual targets, discover error messages disclosing sensitive information, discover files containing credentials, and other sensitive data.
-
Question 8 of 10
8. Question
The domain name system (DNS) is a naming database in which the internet domain names are located and translated into the internet protocol (IP) addresses. What is this DNS record type, which provides for domain name aliases within your zone?
Correct
The CNAME record is a DNS record type that maps an alias name to a true or canonical domain name within your zone.
Incorrect
The CNAME record is a DNS record type that maps an alias name to a true or canonical domain name within your zone.
-
Question 9 of 10
9. Question
Nslookup is a useful tool in the DNS footprinting toolset. What nslookup command will you use if you want to query DNS servers for information?
Correct
This command provides a means to query DNS servers for information.
The syntax for the tool is fairly simple:
nslookup [ -options] {hostname | [ -server] }Incorrect
This command provides a means to query DNS servers for information.
The syntax for the tool is fairly simple:
nslookup [ -options] {hostname | [ -server] } -
Question 10 of 10
10. Question
What is this footprinting tool, which is defined as an open-source intelligence and forensics application designed to demonstrate social engineering weaknesses for your environment?
Correct
Maltego is an open-source intelligence (OSINT) tool which offers an interface for mining and gathering of information as well as the representation of this information in an easy to understand format. It also identifies key relationships between information and identifies previously unknown relationships between them.
Incorrect
Maltego is an open-source intelligence (OSINT) tool which offers an interface for mining and gathering of information as well as the representation of this information in an easy to understand format. It also identifies key relationships between information and identifies previously unknown relationships between them.