Quiz-summary
0 of 10 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
Information
Certified Ethical Hacker Exam Practice Questions
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 10 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- Answered
- Review
-
Question 1 of 10
1. Question
A port scan identifies open ports on systems connected to the target network. It is a starting point for identifying services and applications that are listening on those ports. Zenmap is one of the useful tools in port scanning. Which of the following statements best defines zenmap?
Correct
Zenmap is a free and open-source GUI for Nmap. It is available on many operating systems and makes Nmap easier to use for beginners. Zenmap is usually packaged with Nmap itself, but if you want you can download it separately. This tool is not meant to replace Nmap but to make it more useful.
Incorrect
Zenmap is a free and open-source GUI for Nmap. It is available on many operating systems and makes Nmap easier to use for beginners. Zenmap is usually packaged with Nmap itself, but if you want you can download it separately. This tool is not meant to replace Nmap but to make it more useful.
-
Question 2 of 10
2. Question
Vulnerability scanning is the inspection of the potential points of exploitation on a computer or network to identify security holes. Several tools can be used to perform vulnerability scanning, one of which is the Nessus tool. Which of the following sentences describes the Nessus tool?
Correct
Nessus was initially released in 1998 as a freely available vulnerability scanner and remained so until 2005 when the company changed Nessus 3 to a proprietary license. Today, the product still exists in two formats; a limited, free version and a full-feature paid subscription option. It is available for Linux, Windows, and MAC OS X.
Incorrect
Nessus was initially released in 1998 as a freely available vulnerability scanner and remained so until 2005 when the company changed Nessus 3 to a proprietary license. Today, the product still exists in two formats; a limited, free version and a full-feature paid subscription option. It is available for Linux, Windows, and MAC OS X.
-
Question 3 of 10
3. Question
Packet crafting is the art of creating a packet according to various requirements to carry out attacks and to exploit vulnerabilities in a network. Several tools can be used to craft or otherwise manipulate the header data, one of which is the hping tool. Which of the following descriptions best defines an hping tool?
Correct
Hping is considered to be the Swiss Army Knife of TCP/IP packets. It is a command-line oriented TCP/IP packet analyzer. It supports TCP, UDP, ICMP, and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.
Incorrect
Hping is considered to be the Swiss Army Knife of TCP/IP packets. It is a command-line oriented TCP/IP packet analyzer. It supports TCP, UDP, ICMP, and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.
-
Question 4 of 10
4. Question
Organizations have security mechanisms in place to defend themselves from intruders. This may be a firewall, intrusion detection system, or intrusion prevention system. Fortunately, there are some evasion techniques that may help you get around these devices. Which of the following is not an example of an evasion technique?
Correct
The most common evasion techniques are as follows:
(1) Hide/obscure the data
(2) Alterations
(3) Fragmentation
(4) Overlaps
(5) Malformed data
(6) Low and slow
(7) Resource consumption
(8) Screen blindness
(9) TunnelingIncorrect
The most common evasion techniques are as follows:
(1) Hide/obscure the data
(2) Alterations
(3) Fragmentation
(4) Overlaps
(5) Malformed data
(6) Low and slow
(7) Resource consumption
(8) Screen blindness
(9) Tunneling -
Question 5 of 10
5. Question
Enumeration is about determining what services are running and then extracting information from those services. There are a variety of protocols and tools that you would use during enumeration. For a start, there is the Simple Mail Transfer Protocol (SMTP). Which of the following statements best defines SMTP?
Correct
Simple Mail Transfer Protocol (SMTP) is the standard protocol for email services on a TCP/IP network. It is an application-layer protocol that enables the transmission and delivery of email over the internet. SMTP is created and maintained by the Internet Engineering Task Force (IETF).
Incorrect
Simple Mail Transfer Protocol (SMTP) is the standard protocol for email services on a TCP/IP network. It is an application-layer protocol that enables the transmission and delivery of email over the internet. SMTP is created and maintained by the Internet Engineering Task Force (IETF).
-
Question 6 of 10
6. Question
Part of the enumeration process is looking at web servers to identify directories available on a website. There are different ways to do this, one of which is by using the Metasploit tool. Which module in Metasploit can you use if you want to search for directory names on a website?
Correct
If you want to search for directory names on a website, you can use the brute_dirs module in Metasploit. Using this module, you set a format for what a directory name could or should look like, and the module will run through all possible names that match the format.
Incorrect
If you want to search for directory names on a website, you can use the brute_dirs module in Metasploit. Using this module, you set a format for what a directory name could or should look like, and the module will run through all possible names that match the format.
-
Question 7 of 10
7. Question
An exploit is the means for an external entity to cause a program to fail that will then allow an attacker to control the flow of the program’s execution. To do this, you need a shellcode for the program to execute on your behalf. The shellcode is an executable file created from assembly language code. It includes a meterpreter shell and a way to connect back to the system it has been configured to call back to. Which of the following statements best describes meterpreter?
Correct
Meterpreter is an operating system agnostic shell language. It has a number of commands that can be run against the target system regardless of what operating system the target system has. Meterpreter translates the commands passed to it into ones that are specific to the underlying operating system. This can include listing files, changing directories, uploading files, and gathering system information like passwords.
Incorrect
Meterpreter is an operating system agnostic shell language. It has a number of commands that can be run against the target system regardless of what operating system the target system has. Meterpreter translates the commands passed to it into ones that are specific to the underlying operating system. This can include listing files, changing directories, uploading files, and gathering system information like passwords.
-
Question 8 of 10
8. Question
If you’re using a Linux system and you want to hide some files in plain sight, what particular folder or directory can you use to save these files?
Correct
On a Linux system, you can use dot files and dot directories to hide these files in plain sight. A dot file has a filename that starts with a dot, such as .rashrc. If you put files into one of those directories, they may get lost or overlooked.
Incorrect
On a Linux system, you can use dot files and dot directories to hide these files in plain sight. A dot file has a filename that starts with a dot, such as .rashrc. If you put files into one of those directories, they may get lost or overlooked.
-
Question 9 of 10
9. Question
Malware refers to software programs designed to damage and to do other unwanted actions on a computer system. There are several examples of malware, one of which is a trojan. Which of the following sentences defines a trojan?
Correct
A trojan is a malicious program that pretends to be harmless to trick people into downloading it. Trojans do not self-replicate by infecting other files or computers. Rather, it is a decoy horse, ushering in other malicious software to hide its nefarious intent.
Incorrect
A trojan is a malicious program that pretends to be harmless to trick people into downloading it. Trojans do not self-replicate by infecting other files or computers. Rather, it is a decoy horse, ushering in other malicious software to hide its nefarious intent.
-
Question 10 of 10
10. Question
A botnet is a collection of compromised computers often referred to as “zombies” infected with malware that allow an attacker to control them. One of the most common types of a botnet is the ZeuS botnet. Which of the following sentences defines Zeus botnet?
Correct
The objective of a ZeuS botnet is to steal banking information from infected systems. Once ZeuS has been installed on a target system, it provides a way for the attacker to access the system remotely. It can capture keystrokes and extract bank account information to transit to the attacker.
Incorrect
The objective of a ZeuS botnet is to steal banking information from infected systems. Once ZeuS has been installed on a target system, it provides a way for the attacker to access the system remotely. It can capture keystrokes and extract bank account information to transit to the attacker.