






















































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
A comprehensive practice test covering essential concepts in ethical hacking. It includes multiple-choice questions and answers related to various aspects of information security, including attack types, attack vectors, security standards, and hacking methodologies. The test is designed to assess understanding of key principles and techniques used in ethical hacking.
Typology: Exams
1 / 62
This page cannot be seen from the preview
Don't miss anything!























































The assurance that the systems responsible for delivering, storing, and processing information are accessible when required by authorized users is referred to by which of the following elements of information security? - Available Identify the element of information security that refers to the quality of being genuine or uncorrupted as a characteristic of any communication, documents, or any data. - Authenticity Mark, a professional hacker, targets his opponent's website. He finds susceptible user inputs, injects malicious SQL code into the database, and tampers with critical information. Which of the following types of attack did Mark perform in the above scenario? - Active Attack Ruby, a hacker, visited her target company disguised as an aspiring candidate seeking a job. She noticed that certain sensitive documents were thrown in the trash near an employee's desk. She collected these documents, which included critical information that helped her to perform further attacks. Identify the type of attack performed by Ruby in the above scenario. - Close in Attack James, a malware programmer, intruded into a manufacturing plant that produces computer peripheral devices. James tampered with the software inside devices ready to be delivered to clients. The tampered program creates a backdoor that allows unauthorized access to the systems. Identify the type of attack performed by James in the above scenario to gain unauthorized access to the delivered systems. - Distribution Attack Williams, an employee, was using his personal laptop within the organization's premises. He connected his laptop to the organization's internal network and began eavesdropping on the communication between other devices connected to the internal network. He sniffed critical information such as login credentials and other confidential data passing through the network. Identify the type of attack performed by Williams in the above scenario. - Insider Attack
David, a professional hacker, has initiated a DDoS attack against a target organization. He developed a malicious code and distributed it through emails to compromise the systems. Then, all the infected systems were grouped together to launch a DDoS attack against the organization. Identify the type of attack launched by David on the target organization. - Botnet Jack is working as a malware analyst in an organization. He was assigned to inspect an attack performed against the organization. Jack determined that the attacker had restricted access to the main computer's files and folders and was demanding an online payment to remove these restrictions. Which of the following type of attack has Jack identified in the above scenario? - Ransomware Identify the type of attack vector that focuses on stealing information from the victim machine without its user being aware and tries to deliver a payload affecting computer performance. - APT Attack Andrew, a professional hacker, drafts an email that appears to be legitimate and attaches malicious links to lure victims; he then distributes it through communication channels or mails to obtain private information like account numbers. Identify the type of attack vector employed by Andrew in the above scenario. - Phishing Identify the civilian act designed to protect investors and the public by increasing the accuracy and reliability of corporate disclosures. - Sarbanes - Oxley Act Which of the following ISO/IEC standard specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of an organization? - ISO/IEC 27001: An organization located in Europe maintains a large amount of user data by following all the security- related laws. It also follows GDPR protection principles, one of which states that the organization should only collect and process data necessary for the specified task. Which of the following GDPR protection principle is discussed in the above scenario? - Data Minimization
Clara, a security professional, while checking the data feeds of the domains, detects downloaded malicious files and unsolicited communication with the outside network based on the domains. Which of the following adversary behaviors was detected by Clara? - Unspecified proxy activities John, a professional hacker, was hired by a government agency to penetrate, gain top-secret information from, and damage other government agencies' information systems or networks. Based on the above scenario, which of the following classes of hacker does John fall in? - state- sponsored hackers Lionel, a professional hacker motivated by political beliefs, plans to employ various techniques to create fear of large-scale disruption of computer networks. Which of the following types of threat actors does Lionel belong to in the above scenario? - Cyber Terrorists Which of the following types of threat actors helps both hackers find various vulnerabilities in a system and vendors improve products by checking limitations to make them more secure? - Gray Hats Allen, a CEO of a business organization, targeted his competitor. He penetrated the target network by using APTs and stayed undetected for years. He consequently gained access to critical information such as blueprints, formulas, product designs, marketing strategies, and trade secrets. Identify the class of hackers to which Allen belongs in the above scenario. - Industrial spies Identify the type of threat actors that include groups of individuals or communities involved in organized, planned, and prolonged criminal activities and who exploit victims from distinct jurisdictions on the Internet, making them difficult to locate. - Criminal Syndicates Given below are the various phases of hacking.
Identify the Nbtstat parameter that displays a count of all names resolved by a broadcast or WINS server.
Which of the following types of threat sources is discussed in the above scenario? - Unstructured external threats Daniel, an employee working from home, was assigned a task to complete within a half-day, but due to frequent power failures at his residential area, he failed to accomplish the task. Which of the following threats was demonstrated in the above scenario? - Natural threats Mark, a professional hacker, scanned the target system to check for running services or open ports. After successful scanning, he discovered an open FTP port, exploited it to install malware, and performed malicious activities on the victim system. In which of the following ways did Mark installed malware in the victim system? - File sharing services Joe, a professional hacker, initiated an attack against Bob by tricking him into downloading a free software program embedded with a keylogger labeled as trusted. As the program was labeled trusted, the antivirus software installed on Bob's system failed to identify it as malicious software. As a result, the malicious software recorded all the key strokes entered by Bob and transmitted them to Joe. Identify the application Joe employed in the above scenario to lure Bob into installing malicious software. - Rogue / Decoy application Jack, a professional hacker, created a malicious hyperlink and injected it into a website that appeared legitimate to trick users into clicking the link. When a victim clicked on a malicious link, the malware embedded in the link is executed without the knowledge or consent of the victim. Identify the technique employed by Jack to distribute malware in the above scenario. Jack, a professional hacker, created a malicious hyperlink and injected it into a website that appeared legitimate to trick users into clicking the link. When a victim clicked on a malicious link, the malware embedded in the link is executed without the knowledge or consent of the victim. Identify the technique employed by Jack to distribute malware in the above scenario. - Social engineered click-jacking Anisha, a shopping freak, frequently uses many online websites for purchasing products without checking their legitimacy. While doing so, she unknowingly clicked on one of the shopping commercials
Identify the trojan that uses port number 443 to infect the target systems and propagate malicious software to other systems. - Emotet Which of the following port numbers is used by trojans such as Silencer and WebEx? - 1001 Irin is a security professional in an organization. The organization instructed her to investigate a security incident that exposed critical information such as credit card/debit card details, account holder name, and CVV number. While investigating the incident, Irin found that the systems are infected with financial fraudulent malware that targeted the payment equipment. Identify the type of malware detected by Irin in the above scenario. - Point-of-sale trojans Identify the trojan that targets websites and physically changes the underlying HTML format, resulting in content modification. - Defacement trojans Which of the following types of trojan tricks regular computer users into downloading trojan-infected files to their systems through URL redirection and, post-download, connects back to the attacker using IRC channels? - Botnet trojans Serin, a professional hacker, injected a backdoor into a target system that specifically attacked the root or system OS. When the backdoor is executed, he will obtain administrator-level access to the target system. Identify the type of malware utilized by Serin in the above scenario. - Rootkit trojans Which of the following types of trojan uses port number 445 to infect the target system entry and exit points for application traffic? - WannaCry Given below are various stages involved in the virus lifecycle.
Which one of the following vulnerabilities is NOT an example of misconfiguration vulnerability? - Running only necessary services on a machine Steve, a forensic expert, was appointed to evaluate an attack initiated on the organization's network. He performed an overall assessment of the network to identify the cause. During this process, he identified outbound connections to Internet services and a few applications running with debugging enabled. Which following category of vulnerabilities did Steve identify in the above scenario? - Misconfiguration A computer user was trying to read the latest news articles from a popular website, but the user was prevented from accessing the resources of the website as certain underlying vulnerabilities in the webpage allowed an attacker to inject fake requests into the network; as a result, the server stopped responding to legitimate user requests. What is the impact caused due to vulnerabilities in the above scenario? - Denial of Service Identify the severity of CVSS v3.0 ratings with a base score range of 9.0-10.0. - Critical Identify the metric used in CVSS assessment that represents the features that continue to change during the lifetime of the vulnerability. - Temporal Metric Which of the following is a U.S. government repository of standards-based vulnerability management data and enables the automation of vulnerability management, security measurement, and compliance?
Identify the type of vulnerability assessment James performed in the above scenario. - Host-based assessment Which of the following protocols employs a key distribution center (KDC) that consists of two logically distinct parts, an authentication server (AS) and a ticket-granting server (TGS), and uses "tickets" to prove a user's identity? - Kerberos authentication Which of the following protocols was upgraded as a default authentication protocol on Windows OS to provide stronger authentication for client/server applications? - Kerberos Which of the following is a default authentication scheme that performs authentication using a challenge/response strategy as it does not rely on any official protocol specification and has no guarantee to work effectively in every situation? - NTLM Don, a professional hacker, targeted Bob to steal the credentials of his bank account. Don lured Bob to install malicious software embedded with a keylogger. The keylogger installed on Bob's machine recorded all of Bob's keystrokes and transmitted them to Don. Using the keylogger, Don obtained the credentials of Bob's bank account and performed illegal transactions on his account. Identify the type of attack Don has performed in the above scenario. - Active online attacks Meghan, a professional hacker, was trying to gain unauthorized access to the admin-level system of the target organization. To hack the passwords used by admins, she employed various password cracking techniques such as internal monologue attack, Markov-chain attack, Kerberos password cracking, and LLMNR/NBT-NS poisoning. Identify the type of password attack performed by Meghan in the above scenario. - Active Online Attack Don, a professional hacker, targeted Johana's official email to steal sensitive information related to a project. Using a password cracking tool, Don tried all the possible combinations of password characters until it was cracked. Identify the type of password attack performed by Don in the above scenario. - Brute-force attack
Brady, a student, is attending a training course on Python programming. He purchased a computer to practice Python programming at home. One day he switched ON his computer to practice Python but forgot his system password. He used an automated tool to recover forgotten password and gained instant access to his locked computer without reinstalling the operating system. Identify the tool employed by Brady in the above scenario. - THC Hydra MegaPing - MegaPing is an ultimate toolkit that provides complete essential utilities for IT administrators and solution providers. With MegaPing utility, you can detect live hosts, open ports of the system in the network. nmap - is a free and open source utility for network discovery and security auditing THC Hydra - helps penetration testers and ethical hackers crack the passwords of network services. Hydra can perform rapid dictionary attacks against more than 50 protocols. This includes telnet, FTP, HTTP, HTTPS, SMB, databases, and several other services. John the Ripper - used to crack passwords HashCat - password recovery tool Wireshark - Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education Medusa - a brute force password cracker Burp Suite - is an integrated platform/graphical tool for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities.
Don, a professional hacker, telephoned Bob and claimed to be a network administrator in the target organization. Don informed Bob about a security incident in the network and asked him to provide his account credentials to secure his data. After obtaining these credentials, Don retrieved sensitive information from Bob's account. Which of the following vulnerable behaviors was showcased by Don in the above scenario? - Authority Given below are different phases of social engineering attacks.
is a common human-based social engineering technique where an attacker pretends to be a legitimate or authorized person. Attackers perform impersonation attacks personally or use a phone or another communication medium to mislead their target and trick them into revealing information. - Impersonation usually implies entry into a building or security area with the consent of an authorized person. - Piggybacking In which of the following social engineering attacks do attackers install small cameras to record the victim's system's actions to obtain login details and other sensitive information? - Shoulder Surfing In which of the following attacks does an attacker send an email or message to the target offering free gifts such as money and software, on the condition that the user forwards the email to a predetermined number of recipients? - Chain Letter trick or compel users into clicking a hyperlink that redirects them to fake web pages asking for personal information or downloading malicious programs such as keyloggers, trojans, or spyware. - Pop-ups is a message warning its recipients of a non-existent computer virus threat. It relies on social engineering to spread its reach. Usually, hoaxes do not cause any physical damage or loss of information; but they cause a loss of productivity and use an organization's valuable network resources. - Hoax Letter An attacker chats with selected online users via instant chat messengers and tries to gather their personal information such as date of birth or maiden name. They then use the acquired information to crack users' accounts. - Instant Chat Messenger A chain letter is a message offering free gifts, such as money and software, on the condition that the user forwards the email to a predetermined number of recipients. - Chain Letter