Quiz-summary
0 of 30 questions completed
Questions:
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
Information
Certified Ethical Hacker Exam Practice Questions
You have already completed the quiz before. Hence you can not start it again.
Quiz is loading...
You must sign in or sign up to start the quiz.
You have to finish following quiz, to start this quiz:
Results
0 of 30 questions answered correctly
Your time:
Time has elapsed
You have reached 0 of 0 points, (0)
Categories
- Not categorized 0%
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- Answered
- Review
-
Question 1 of 30
1. Question
Ethical hacking, also called penetration testing, is the process of performing a test against software to identify vulnerabilities that can be used to compromise the software and the computer system. One of the types of penetration testing is the red team assessment. Which of the following sentences is not true about a red team member?
Correct
The red team assessment is a specific type of penetration test where the testers are adversarial to the organization and network under test. A red team member would act as an attacker, meaning they would try to be stealthy so as not to be detected.
Incorrect
The red team assessment is a specific type of penetration test where the testers are adversarial to the organization and network under test. A red team member would act as an attacker, meaning they would try to be stealthy so as not to be detected.
-
Question 2 of 30
2. Question
Ethical hacking is consists of five phases: reconnaissance and footprinting, scanning and enumeration, gaining access, maintaining access, and covering tracks. Which of the following sentences best describes the scanning and enumeration phase?
Correct
The scanning and enumeration phase involves identifying systems that are accessible within the network blocks. It is where the information collected from the reconnaissance phase is used to examine the target network further for specific details, such as computer names, IP addresses, open ports, user accounts, OS details, system architecture, and vulnerabilities.
Incorrect
The scanning and enumeration phase involves identifying systems that are accessible within the network blocks. It is where the information collected from the reconnaissance phase is used to examine the target network further for specific details, such as computer names, IP addresses, open ports, user accounts, OS details, system architecture, and vulnerabilities.
-
Question 3 of 30
3. Question
The Open Systems Interconnection (OSI) model is created by the International Organization for Standardization to help refer to boundaries between functions within a network stack. It is consists of seven layers. Which of the following statements defines the session layer in the OSI model?
Correct
The session layer is the 5th layer in the Open Systems Interconnection (OSI) model. This layer manages the communication between the endpoints when it comes to maintaining the communication of the applications. It is responsible for establishing, managing, synchronizing, and terminating sessions between end-user application processes. An example of a function at the session layer is the remote procedure calls (RPCs).
Incorrect
The session layer is the 5th layer in the Open Systems Interconnection (OSI) model. This layer manages the communication between the endpoints when it comes to maintaining the communication of the applications. It is responsible for establishing, managing, synchronizing, and terminating sessions between end-user application processes. An example of a function at the session layer is the remote procedure calls (RPCs).
-
Question 4 of 30
4. Question
Network topology refers to the layout of a network, and how different nodes in a network are connected, and how they communicate. Which of the following descriptions defines a bus topology?
Correct
A bus topology also called line topology or backbone topology, orients all the devices on a network along a single cable running in a single direction, from one end of the network to the other.
Incorrect
A bus topology also called line topology or backbone topology, orients all the devices on a network along a single cable running in a single direction, from one end of the network to the other.
-
Question 5 of 30
5. Question
The Internet Engineering Task Force (IETF) is responsible for maintaining all of the documentation related to protocols. If a person or a group of people wants to propose a new protocol or an extension to an existing protocol, what document will they need to write and submit to IETF?
Correct
A request for comments (RFC) is a formal document drafted by the Internet Engineering Task Force (IETF) that describes the specifications for a particular technology. It is used when a person or a group of people wants to propose a new protocol or an extension to an existing protocol. When an RFC is ratified, it becomes a formal standards document.
Incorrect
A request for comments (RFC) is a formal document drafted by the Internet Engineering Task Force (IETF) that describes the specifications for a particular technology. It is used when a person or a group of people wants to propose a new protocol or an extension to an existing protocol. When an RFC is ratified, it becomes a formal standards document.
-
Question 6 of 30
6. Question
An Internet Protocol (IP) address is an identifier for a computer or device on a TCP/IP network. There are two versions of IP that currently coexist in the global internet: Internet Protocol version 4 and Internet Protocol version 6. Which of the following statements is not true about IPv6?
Correct
IPv6 is the latest generation of the IP protocol. It greatly increased the number of unique IP addresses that computers and devices connected to the internet can assign. It uses 16 octets, and the longest address you will run across an IPv6 will be 32 characters. The three types of IPv6 include the following: unicast, anycast, and multicast.
Incorrect
IPv6 is the latest generation of the IP protocol. It greatly increased the number of unique IP addresses that computers and devices connected to the internet can assign. It uses 16 octets, and the longest address you will run across an IPv6 will be 32 characters. The three types of IPv6 include the following: unicast, anycast, and multicast.
-
Question 7 of 30
7. Question
Transmission Control Protocol (TCP) is a transport layer protocol in the OSI layer and is used to create a connection between remote computers by transporting and ensuring the delivery of messages over supporting networks and the internet. Several headers are defined for TCP, one of which is the data offset header. Which of the following sentences defines the data offset header?
Correct
The data offset is a 4-bit value indicating the number of 32-bit words in the TCP header. This field gets its name from the fact that it is also the offset from the start of the TCP segment to the actual data.
Incorrect
The data offset is a 4-bit value indicating the number of 32-bit words in the TCP header. This field gets its name from the fact that it is also the offset from the start of the TCP segment to the actual data.
-
Question 8 of 30
8. Question
The Parkerian Hexad is a set of six elements of information security proposed by Donn B. Parker in 1988. It adds three additional attributes to the three classic security attributes of the CIA triad. Which of the following sentences best defines authenticity in the Parkerian Hexad?
Correct
Authencity sometimes referred to as non-repudiation, is the process of making sure that when you get a piece of data, no matter what it is, it’s actually from where it purports to be from. For electronic information, a digital signature could be used to verify the authorship of a digital document using public-key cryptography.
Incorrect
Authencity sometimes referred to as non-repudiation, is the process of making sure that when you get a piece of data, no matter what it is, it’s actually from where it purports to be from. For electronic information, a digital signature could be used to verify the authorship of a digital document using public-key cryptography.
-
Question 9 of 30
9. Question
A firewall is a network security device that monitors incoming and outgoing network traffic and decides whether to allow or block specific traffic based on a defined set of security rules. Which of the following statements is true about deep packet inspection firewalls?
Correct
Deep packet inspection (DPI) looks beyond the headers and into the payload of the packet. It is an advanced method of examining and managing network traffic. It is a form of packet filtering that locates, identifies, classifies, reroutes, or blocks packets with specific data or code payloads that conventional packet filtering cannot detect.
Incorrect
Deep packet inspection (DPI) looks beyond the headers and into the payload of the packet. It is an advanced method of examining and managing network traffic. It is a form of packet filtering that locates, identifies, classifies, reroutes, or blocks packets with specific data or code payloads that conventional packet filtering cannot detect.
-
Question 10 of 30
10. Question
What is this database created by the Securities and Exchange Commission (SEC), which stores all public filings associated with a company, like annual reports and other details about a company’s finances?
Correct
The Electronic Data Gathering, Analysis, and Retrieval (EDGAR) company database is a subset of the data maintained by the EDGAR system and contains over 500,000 public records. Filers may search for and view company information about various EDGAR filing entities; this information includes data such as company name, address, annual reports, and other details about a company’s finances.
Incorrect
The Electronic Data Gathering, Analysis, and Retrieval (EDGAR) company database is a subset of the data maintained by the EDGAR system and contains over 500,000 public records. Filers may search for and view company information about various EDGAR filing entities; this information includes data such as company name, address, annual reports, and other details about a company’s finances.
-
Question 11 of 30
11. Question
One way to get more information about the target system is to look at what the webserver is, as well as the operating system. One important tool that can be used to gather web site intelligence is Wappalyzer. Which of the following sentences is true about Wappalyzer?
Correct
Wappalyzer is a technology profiler that shows you what websites are built with. It is more than a CMS detector or framework detector; it provides information about the webserver, programming frameworks, ad networks, and tracking technology.
Incorrect
Wappalyzer is a technology profiler that shows you what websites are built with. It is more than a CMS detector or framework detector; it provides information about the webserver, programming frameworks, ad networks, and tracking technology.
-
Question 12 of 30
12. Question
A ping sweep is a technique used to identify if the hosts are alive in the networks using their IP addresses. Many tools can perform a ping sweep; one of the common ones is fping. Which of the following statements best defines fping?
Correct
Fping is a program like ping which uses the Internet Control Message Protocol (ICMP) echo request to determine if a target host is responding. Fping differs from ping in that you can specify any number of targets on the command-line, or specify a file containing the lists of targets to ping.
Incorrect
Fping is a program like ping which uses the Internet Control Message Protocol (ICMP) echo request to determine if a target host is responding. Fping differs from ping in that you can specify any number of targets on the command-line, or specify a file containing the lists of targets to ping.
-
Question 13 of 30
13. Question
Transmission Control Protocol (TCP) scanning is the most detailed and complex type of port scanning. There are different types of TCP scans that Nmap can perform, one of which is the SYN scan. Which of the following sentences best describes the SYN scan?
Correct
SYN scan is also called a half-open scan because connections are left half-open. During this scan, Nmap will send an SYN message to the target. If the port is open, it responds with an SYN/ACK message, and Nmap will respond to that with an RST message, indicating it doesn’t want to continue with the connection. If the port is closed, the target system will respond with its RST message.
Incorrect
SYN scan is also called a half-open scan because connections are left half-open. During this scan, Nmap will send an SYN message to the target. If the port is open, it responds with an SYN/ACK message, and Nmap will respond to that with an RST message, indicating it doesn’t want to continue with the connection. If the port is closed, the target system will respond with its RST message.
-
Question 14 of 30
14. Question
Nmap contains a variety of functionality, one of which is a scripting engine, which allows a Nmap user to extend the functionality in any way he or she would like. If you’re using a Linux system, where can you find all of the installed Nmap scripts?
Correct
On a Linux system, you can find all of the installed scripts in /usr/share/nmap/scripts. On a Windows system, you can find the scripts in the Program Files directory where Nmap is installed. The file extension for these scripts is .nse for the Nmap scripting engine. Scripts are written in the Lua language, and each file can be opened and read, possibly to get details about the function of the script.
Incorrect
On a Linux system, you can find all of the installed scripts in /usr/share/nmap/scripts. On a Windows system, you can find the scripts in the Program Files directory where Nmap is installed. The file extension for these scripts is .nse for the Nmap scripting engine. Scripts are written in the Lua language, and each file can be opened and read, possibly to get details about the function of the script.
-
Question 15 of 30
15. Question
Vulnerability scanning is the inspection of the potential points of exploitation on a computer or network to identify security holes. There are four categories of vulnerabilities, one of which is the true positive. Which of the following statements defines true positive?
Correct
The four categories of vulnerability include the following:
(1) False-positive wherein the scanner has identified something it believes to be a vulnerability. After investigation, it turns out it’s not a vulnerability.
(2) False-negative wherein the scanner has not identified a vulnerability. It later turns out that there was a vulnerability that the scanner missed.
(3) True positive wherein the scanner has identified a vulnerability, and after manual investigation, it turns out to be a legitimate vulnerability.
(4) True negative wherein the scanner has not identified a vulnerability, and there is not a vulnerability to identify.Incorrect
The four categories of vulnerability include the following:
(1) False-positive wherein the scanner has identified something it believes to be a vulnerability. After investigation, it turns out it’s not a vulnerability.
(2) False-negative wherein the scanner has not identified a vulnerability. It later turns out that there was a vulnerability that the scanner missed.
(3) True positive wherein the scanner has identified a vulnerability, and after manual investigation, it turns out to be a legitimate vulnerability.
(4) True negative wherein the scanner has not identified a vulnerability, and there is not a vulnerability to identify. -
Question 16 of 30
16. Question
Enumeration is about determining what services are running and then extracting information from those services. There are a variety of protocols and tools that you would use during enumeration. For a start, there is the Server Message Block (SMB) protocol. Which of the following statements best defines SMB?
Correct
The Server Message Block Protocol (SMB) is a client-server communication protocol used on Windows systems for file and resource sharing, as well as some remote management. It can also carry transaction protocols for interprocess communication.
Incorrect
The Server Message Block Protocol (SMB) is a client-server communication protocol used on Windows systems for file and resource sharing, as well as some remote management. It can also carry transaction protocols for interprocess communication.
-
Question 17 of 30
17. Question
The Metasploit Project is an open-source project that provides a public resource for researching security vulnerabilities and developing code that allows a network administrator to break into his own network to identify security risks and document which vulnerabilities need to be addressed first. This tool is useful in enumeration, and when it comes to SMB, there are several commands that you can run. If you want to check the SMB service that’s running in the system, which command will you use?
Correct
If you want to check the Server Message Block (SMB) services running in the target system, you can use this command: msf auxiliary(scanner/smb/smb_version) > run
Incorrect
If you want to check the Server Message Block (SMB) services running in the target system, you can use this command: msf auxiliary(scanner/smb/smb_version) > run
-
Question 18 of 30
18. Question
What is this database created by the Offensive Security (an information security training company), which is defined as an archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers?
Correct
The Exploit Database is a site where researchers and developers post exploit code and proof of concept code that works against identified vulnerabilities. They aim to serve the most comprehensive collection of exploits gathered through direct submissions, mailing lists, as well as other public sources and present them in a freely-available and easy-to-navigate database.
Incorrect
The Exploit Database is a site where researchers and developers post exploit code and proof of concept code that works against identified vulnerabilities. They aim to serve the most comprehensive collection of exploits gathered through direct submissions, mailing lists, as well as other public sources and present them in a freely-available and easy-to-navigate database.
-
Question 19 of 30
19. Question
Once you have an exploited system, you will want to start gathering information in it. John the Ripper is one of the useful tools that can be used in obtaining passwords in a system. Which of the following statements is not true about John the Ripper?
Correct
John the Ripper (JtR) is an offline password cracking tool originally produced for UNIX-based systems. It was designed to test password strength, brute-force encrypted (hashed) passwords, and crack passwords via dictionary attacks. It uses the single crack mode to take information from the different fields in the file, applying mangling rules to them, to try as passwords.
Incorrect
John the Ripper (JtR) is an offline password cracking tool originally produced for UNIX-based systems. It was designed to test password strength, brute-force encrypted (hashed) passwords, and crack passwords via dictionary attacks. It uses the single crack mode to take information from the different fields in the file, applying mangling rules to them, to try as passwords.
-
Question 20 of 30
20. Question
Malware refers to software programs designed to damage and to do other unwanted actions on a computer system. There are several examples of malware, one of which is a virus. Which of the following sentences defines a virus?
Correct
A virus requires user intervention to infect a system. Once that happens, the virus will infect the system, possibly by injecting code into other programs, so when those programs run, the virus still retains control of the infected system. Every time the infected programs are run, the system will get reinfected, even if the original executable and process are removed.
Incorrect
A virus requires user intervention to infect a system. Once that happens, the virus will infect the system, possibly by injecting code into other programs, so when those programs run, the virus still retains control of the infected system. Every time the infected programs are run, the system will get reinfected, even if the original executable and process are removed.
-
Question 21 of 30
21. Question
There are two types of malware analysis. The first, static analysis, looks at the code to analyze it. The second type, dynamic analysis, runs the malware, and observes the behavior. VirusTotal is a useful tool in conducting the static analysis. Which of the following statements is true about VirusTotal?
Correct
VirusTotal is a tool you can use to compare malware against multiple antivirus programs. It currently checks against 60 antivirus programs. If you have a file, you can upload it, and VirusTotal will check the file by obtaining a hash and comparing the hash against the 60 antivirus programs.
Incorrect
VirusTotal is a tool you can use to compare malware against multiple antivirus programs. It currently checks against 60 antivirus programs. If you have a file, you can upload it, and VirusTotal will check the file by obtaining a hash and comparing the hash against the 60 antivirus programs.
-
Question 22 of 30
22. Question
Packet capturing is the process of acquiring network traffic that is addressed to systems other than your own. One valuable tool used in packet capturing is tcpdump. Which of the following sentences best defines tcpdump?
Correct
Tcpdump is a command-line program that can be used to give you an idea of what is happening on the network, but it can also be used to capture traffic and store that traffic in a file that can be opened later on. It is an open-source network utility that is freely available under the BSD license. Tcpdump works on the command line interface and provides descriptions of packet content in several formats, depending on the command used.
Incorrect
Tcpdump is a command-line program that can be used to give you an idea of what is happening on the network, but it can also be used to capture traffic and store that traffic in a file that can be opened later on. It is an open-source network utility that is freely available under the BSD license. Tcpdump works on the command line interface and provides descriptions of packet content in several formats, depending on the command used.
-
Question 23 of 30
23. Question
A spoofing attack is when a malicious party impersonates another device or user on a network to launch attacks against network hosts, steal data, spread malware, or bypass access controls. There are several types of spoofing attacks that malicious parties can use, one of which is the DNS spoofing attack. Which of the following statements is true about DNS spoofing?
Correct
In a DNS server spoofing attack, a malicious party modifies the DNS server to reroute a specific domain name to a different IP address. In many cases, the new IP address will be for a server that is controlled by the attacker and contains files infected with malware. DNS server spoofing attacks are often used to spread computer worms and viruses.
Incorrect
In a DNS server spoofing attack, a malicious party modifies the DNS server to reroute a specific domain name to a different IP address. In many cases, the new IP address will be for a server that is controlled by the attacker and contains files infected with malware. DNS server spoofing attacks are often used to spread computer worms and viruses.
-
Question 24 of 30
24. Question
Several techniques and principles can help you conduct successful social engineering. Robert Cialdini proposed six principles that may help you understand how to influence or manipulate people. Which of the following is not included in the list?
Correct
Robert Cialdini proposed six principles as part of his theory of influence:
(1) Reciprocity
(2) Commitment
(3) Social Proof
(4) Authority
(5) Liking
(6) ScarcityIncorrect
Robert Cialdini proposed six principles as part of his theory of influence:
(1) Reciprocity
(2) Commitment
(3) Social Proof
(4) Authority
(5) Liking
(6) Scarcity -
Question 25 of 30
25. Question
Social engineering is the process of convincing or manipulating someone into doing something they wouldn’t normally do for someone they don’t know. There are four social engineering vectors, one of which is smishing. Which of the following sentences is true about smishing?
Correct
Smishing refers to phishing attacks that involve the use of messages sent using SMS. False text messages are received by targets, who in turn reply directly or visit a phishing web site.
Incorrect
Smishing refers to phishing attacks that involve the use of messages sent using SMS. False text messages are received by targets, who in turn reply directly or visit a phishing web site.
-
Question 26 of 30
26. Question
Badge access is a common approach to restricting access to those who are authorized. However, there are problems with this approach, as attackers can sometimes bypass these door locking devices that allow them to gain access to a building. Which of the following statements best describes tailgating?
Correct
Tailgaiting is the process of sneaking into the organization without the awareness of anyone within the company. It can even happen if an employee forgets their badge to enter the office, or they may try to access restricted areas within the organization without proper authorization.
Incorrect
Tailgaiting is the process of sneaking into the organization without the awareness of anyone within the company. It can even happen if an employee forgets their badge to enter the office, or they may try to access restricted areas within the organization without proper authorization.
-
Question 27 of 30
27. Question
Baiting is a social engineering technique wherein users are lured into a trap that steals their personal information or inflicts their systems with malware. This technique can be done by giving a free USB stick to a target and installing software on the stick that will provide you with remote access to the user’s system. Which of the following files can you use to make the program run automatically if the stick is inserted into a computer that has autorun enabled?
Correct
You can use the autorun.inf file to have your program run automatically if the stick is inserted into a computer that has autorun enabled. Not all computers allow autorun; it’s a common hardening technique to prevent any removable disk from automatically running anything.
Incorrect
You can use the autorun.inf file to have your program run automatically if the stick is inserted into a computer that has autorun enabled. Not all computers allow autorun; it’s a common hardening technique to prevent any removable disk from automatically running anything.
-
Question 28 of 30
28. Question
There are a variety of techniques that can be used to conduct a website attack, one of which is the watering hole attack. Which of the following statements is true about the watering hole attack?
Correct
In a watering hole attack, the attacker lurks in legitimate websites that are frequently visited by their target. The target is most commonly employees of government offices, large organizations, or similar entities. The attacker then focuses on infecting these websites with malware and making the target more vulnerable. The attacker looks into vulnerabilities associated with the websites and injects malicious programming code, often in JavaScript or HTML.
Incorrect
In a watering hole attack, the attacker lurks in legitimate websites that are frequently visited by their target. The target is most commonly employees of government offices, large organizations, or similar entities. The attacker then focuses on infecting these websites with malware and making the target more vulnerable. The attacker looks into vulnerabilities associated with the websites and injects malicious programming code, often in JavaScript or HTML.
-
Question 29 of 30
29. Question
What is this program which is defined as a menu-based program that uses modules and functionality from Metasploit but pulls it all together automatically for you to accomplish tasks necessary for social engineering attacks?
Correct
The Social-Engineer Toolkit (SET) was created and written by Dave Kennedy, the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around social engineering.
Incorrect
The Social-Engineer Toolkit (SET) was created and written by Dave Kennedy, the founder of TrustedSec. It is an open-source Python-driven tool aimed at penetration testing around social engineering.
-
Question 30 of 30
30. Question
A wireless attack is a method of gathering information that is being sent across a network and uses this information to commit some crimes in other networks. One type of wireless attack is the evil twin. Which of the following statements best describes the evil twin?
Correct
A wireless evil twin mainly comes into play when criminals are trying to create rogue access points to gain access to the network or access to information that is being put through a network. Coming up with an evil twin is very simple since all one needs to do is purchase a wireless access point, plug it into the network and configure it as exactly as the existing network.
Incorrect
A wireless evil twin mainly comes into play when criminals are trying to create rogue access points to gain access to the network or access to information that is being put through a network. Coming up with an evil twin is very simple since all one needs to do is purchase a wireless access point, plug it into the network and configure it as exactly as the existing network.