Quiz-summary
0 of 10 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
Information
Certified Ethical Hacker Exam Practice Questions
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 10 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- Answered
- Review
-
Question 1 of 10
1. Question
A network security zone is a segmented section of a network that contains systems and components with limited access to the internal network. What is this network security zone, which is defined as a controlled buffer between a trusted internal network and an untrusted external network, such as the public internet?
Correct
Internet DMZ is the middle ground between an organization’s trusted internal network and an untrusted external network such as the internet. Organizations typically place their web, mail, and authentication servers in the DMZ.
Incorrect
Internet DMZ is the middle ground between an organization’s trusted internal network and an untrusted external network such as the internet. Organizations typically place their web, mail, and authentication servers in the DMZ.
-
Question 2 of 10
2. Question
ECC outlined all vulnerabilities into a series of categories. What is this category of vulnerability, which is defined as flaws universal to all operating systems, like encryption, data validation, and logic flaws?
Correct
Different categories of vulnerability as listed by ECC:
(1) Misconfiguration
(2) Default Installation
(3) Buffer Overflows
(4) Missing Patches
(5) Design Flaws
(6) Operating System Flaws
(7) Application Flaws
(8) Open Services
(9) Default PasswordsIncorrect
Different categories of vulnerability as listed by ECC:
(1) Misconfiguration
(2) Default Installation
(3) Buffer Overflows
(4) Missing Patches
(5) Design Flaws
(6) Operating System Flaws
(7) Application Flaws
(8) Open Services
(9) Default Passwords -
Question 3 of 10
3. Question
Security controls are put into place to prevent errors or incidents from occurring, and some were designed for after the event to control the extent of damage and aid quick recovery. Which of the following is an example of technical security control?
Correct
Security controls can be categorized as physical, technical, and administrative. Examples of technical security controls include encryption, smartcards, and access control lists.
Incorrect
Security controls can be categorized as physical, technical, and administrative. Examples of technical security controls include encryption, smartcards, and access control lists.
-
Question 4 of 10
4. Question
The CIA Triad is a well-known model used for the development of security policies used in identifying problem areas, along with necessary solutions in the arena of information security. What is this part of the CIA Triad, which refers to the communication systems and data being ready for use when legitimate users need them?
Correct
Availability is the final component of the CIA triad and refers to the actual availability of your data. Authentication mechanisms, access channels, and systems all have to work properly for the information they protect and ensure it’s available when it is needed.
Incorrect
Availability is the final component of the CIA triad and refers to the actual availability of your data. Authentication mechanisms, access channels, and systems all have to work properly for the information they protect and ensure it’s available when it is needed.
-
Question 5 of 10
5. Question
A hacker is a person who uses a set of tools, techniques, knowledge, and skills to bypass computer security measures to infiltrate a computer system. Which of the following statement best describes a phreaker?
Correct
Phreaking is the action of experimenting with or manipulating a telephone system. A phreaker usually uses a device called blue box to route their calls and bypass the telephone company switches, allowing them to make free calls.
Incorrect
Phreaking is the action of experimenting with or manipulating a telephone system. A phreaker usually uses a device called blue box to route their calls and bypass the telephone company switches, allowing them to make free calls.
-
Question 6 of 10
6. Question
Passive footprinting is defined as the process of collecting information from publicly accessible sources. Which of the following scenarios is an example of passive footprinting?
Correct
Passive footprinting is a method in which the attacker never makes contact with the target systems. Other examples of passive footprinting include reading a company’s website or googling them to see what information is available about them.
Incorrect
Passive footprinting is a method in which the attacker never makes contact with the target systems. Other examples of passive footprinting include reading a company’s website or googling them to see what information is available about them.
-
Question 7 of 10
7. Question
Footprinting is the process of accumulating data regarding a specific network environment, usually to find ways to intrude into the environment. What is this footprinting method, which is defined as a passive information gathering process wherein information is gathered from social media, web search results, and various websites?
Correct
Footprinting through search engines is used by attackers to extract information about a target using technology platforms, employee details, login pages, and intranet portals, which helps in performing other types of advanced system attacks.
Incorrect
Footprinting through search engines is used by attackers to extract information about a target using technology platforms, employee details, login pages, and intranet portals, which helps in performing other types of advanced system attacks.
-
Question 8 of 10
8. Question
Web mirroring is a great method in footprinting. It is defined as the process of copying a set of files from a computer server to another computer server so that the site or files are available from more than one place. Which of the following tool will you use if you want to mirror a site?
Correct
Here are some of the useful tools that can be used in web mirroring:
(1) HTTrack
(2) Black Widow
(3) WebRipper
(4) Teleport Pro
(5) GNU Wget
(6) Backstreet BrowserIncorrect
Here are some of the useful tools that can be used in web mirroring:
(1) HTTrack
(2) Black Widow
(3) WebRipper
(4) Teleport Pro
(5) GNU Wget
(6) Backstreet Browser -
Question 9 of 10
9. Question
The domain name system (DNS) is a naming database in which internet domain names are located and translated into internet protocol addresses. What is this DNS record type, which identifies your email servers within your domain?
Correct
MX or mail exchange record directs email to a mail server. It indicates how email messages should be routed in accordance with the Simple Mail Transfer Protocol (SMTP).
Incorrect
MX or mail exchange record directs email to a mail server. It indicates how email messages should be routed in accordance with the Simple Mail Transfer Protocol (SMTP).
-
Question 10 of 10
10. Question
What is this tool, which shows in real-time all open TCP/UDP ports on the machine where it is running; it can also be used as a part of a troubleshooting process as it can identify all processes that are connecting towards and from the machine?
Correct
CurrPorts is a network monitoring software that displays the list of all currently opened TCP/IP and UDP ports on your local computer. For each port in the list, information about the process that opened the port is also displayed, including the process name, the full path of the process, version information of the process, the time that the process was created, and the user that created it.
Incorrect
CurrPorts is a network monitoring software that displays the list of all currently opened TCP/IP and UDP ports on your local computer. For each port in the list, information about the process that opened the port is also displayed, including the process name, the full path of the process, version information of the process, the time that the process was created, and the user that created it.