Ethical Hacking Essentials: Complete Practice Test, Exams of Advanced Education

A comprehensive practice test for ethical hacking essentials. It covers key concepts and principles with questions and correct answers, making it an excellent resource for students and professionals preparing for certifications or seeking to enhance their knowledge in cybersecurity. The test includes questions on information security elements, attack types, cyber kill chain methodology, threat actors, and hacking phases, offering a thorough review of essential topics in ethical hacking. This practice test is designed to assess and reinforce understanding of critical cybersecurity concepts, providing valuable preparation for certifications and real-world scenarios. It covers a wide range of topics, including attack vectors, security laws, and ethical hacking methodologies, ensuring a comprehensive review of essential knowledge.

Typology: Exams

2025/2026

Available from 11/25/2025

EXAMGUIDE
EXAMGUIDE 🇺🇸

4.4

(33)

32K documents

1 / 50

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
ETHICAL HACKING ESSENTIALS
COMPLETE PRACTICE TEST
The assurance that the systems responsible for delivering, storing, and processing
information are accessible when required by authorized users is referred to by which of
the following elements of information security? - Correct Answers -Available
Identify the element of information security that refers to the quality of being genuine or
uncorrupted as a characteristic of any communication, documents, or any data. -
Correct Answers -Authenticity
Mark, a professional hacker, targets his opponent's website. He finds susceptible user
inputs, injects malicious SQL code into the database, and tampers with critical
information.
Which of the following types of attack did Mark perform in the above scenario? - Correct
Answers -Active Attack
Ruby, a hacker, visited her target company disguised as an aspiring candidate seeking
a job. She noticed that certain sensitive documents were thrown in the trash near an
employee's desk. She collected these documents, which included critical information
that helped her to perform further attacks.
Identify the type of attack performed by Ruby in the above scenario. - Correct Answers -
Close in Attack
James, a malware programmer, intruded into a manufacturing plant that produces
computer peripheral devices. James tampered with the software inside devices ready to
be delivered to clients. The tampered program creates a backdoor that allows
unauthorized access to the systems.
Identify the type of attack performed by James in the above scenario to gain
unauthorized access to the delivered systems. - Correct Answers -Distribution Attack
Williams, an employee, was using his personal laptop within the organization's
premises. He connected his laptop to the organization's internal network and began
eavesdropping on the communication between other devices connected to the internal
network. He sniffed critical information such as login credentials and other confidential
data passing through the network.
Identify the type of attack performed by Williams in the above scenario. - Correct
Answers -Insider Attack
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32

Partial preview of the text

Download Ethical Hacking Essentials: Complete Practice Test and more Exams Advanced Education in PDF only on Docsity!

ETHICAL HACKING ESSENTIALS

COMPLETE PRACTICE TEST

The assurance that the systems responsible for delivering, storing, and processing information are accessible when required by authorized users is referred to by which of the following elements of information security? - Correct Answers -Available Identify the element of information security that refers to the quality of being genuine or uncorrupted as a characteristic of any communication, documents, or any data. - Correct Answers -Authenticity Mark, a professional hacker, targets his opponent's website. He finds susceptible user inputs, injects malicious SQL code into the database, and tampers with critical information. Which of the following types of attack did Mark perform in the above scenario? - Correct Answers -Active Attack Ruby, a hacker, visited her target company disguised as an aspiring candidate seeking a job. She noticed that certain sensitive documents were thrown in the trash near an employee's desk. She collected these documents, which included critical information that helped her to perform further attacks. Identify the type of attack performed by Ruby in the above scenario. - Correct Answers - Close in Attack James, a malware programmer, intruded into a manufacturing plant that produces computer peripheral devices. James tampered with the software inside devices ready to be delivered to clients. The tampered program creates a backdoor that allows unauthorized access to the systems. Identify the type of attack performed by James in the above scenario to gain unauthorized access to the delivered systems. - Correct Answers -Distribution Attack Williams, an employee, was using his personal laptop within the organization's premises. He connected his laptop to the organization's internal network and began eavesdropping on the communication between other devices connected to the internal network. He sniffed critical information such as login credentials and other confidential data passing through the network. Identify the type of attack performed by Williams in the above scenario. - Correct Answers -Insider Attack

David, a professional hacker, has initiated a DDoS attack against a target organization. He developed a malicious code and distributed it through emails to compromise the systems. Then, all the infected systems were grouped together to launch a DDoS attack against the organization. Identify the type of attack launched by David on the target organization. - Correct Answers -Botnet Jack is working as a malware analyst in an organization. He was assigned to inspect an attack performed against the organization. Jack determined that the attacker had restricted access to the main computer's files and folders and was demanding an online payment to remove these restrictions. Which of the following type of attack has Jack identified in the above scenario? - Correct Answers -Ransomware Identify the type of attack vector that focuses on stealing information from the victim machine without its user being aware and tries to deliver a payload affecting computer performance. - Correct Answers -APT Attack Andrew, a professional hacker, drafts an email that appears to be legitimate and attaches malicious links to lure victims; he then distributes it through communication channels or mails to obtain private information like account numbers. Identify the type of attack vector employed by Andrew in the above scenario. - Correct Answers -Phishing Identify the civilian act designed to protect investors and the public by increasing the accuracy and reliability of corporate disclosures. - Correct Answers -Sarbanes - Oxley Act Which of the following ISO/IEC standard specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of an organization? - Correct Answers -ISO/IEC 27001: An organization located in Europe maintains a large amount of user data by following all the security-related laws. It also follows GDPR protection principles, one of which states that the organization should only collect and process data necessary for the specified task. Which of the following GDPR protection principle is discussed in the above scenario? - Correct Answers -Data Minimization Which of the following titles in The Digital Millennium Copyright Act (DMCA) allows the owner of a copy of a program to make reproductions or adaptations when these are necessary to use the program in conjunction with a system? - Correct Answers -Title III: Computer Maintenance or Repair

Which of the following types of threat actors helps both hackers find various vulnerabilities in a system and vendors improve products by checking limitations to make them more secure? - Correct Answers -Gray Hats Allen, a CEO of a business organization, targeted his competitor. He penetrated the target network by using APTs and stayed undetected for years. He consequently gained access to critical information such as blueprints, formulas, product designs, marketing strategies, and trade secrets. Identify the class of hackers to which Allen belongs in the above scenario. - Correct Answers -Industrial spies Identify the type of threat actors that include groups of individuals or communities involved in organized, planned, and prolonged criminal activities and who exploit victims from distinct jurisdictions on the Internet, making them difficult to locate. - Correct Answers -Criminal Syndicates Given below are the various phases of hacking.

  1. Reconnaissance
  2. Gaining access
  3. Maintaining access
  4. Clearing tracks
  5. Scanning What is the correct sequence of phases involved in hacking? - Correct Answers -1 -> 5 -

2 -> 3 -> 4 In which of the following phases of hacking does an attacker employ steganography and tunneling techniques to retain access to the victim's system, remain unnoticed, and remove evidence that might lead to prosecution? - Correct Answers -Clearing Tracks In which of the following hacking phases do attackers extract information such as live machines, port, port status, OS details, device type, and system uptime to launch further attacks? - Correct Answers -Scanning Lopez, a penetration tester, executes different phases of the hacking cycle in her organization. She detects that the network is susceptible to password cracking, buffer overflows, denial of service, and session hijacking attacks. Identify the hacking phase Lopez was executing in the above scenario. - Correct Answers -Gaining Access Peter, a professional hacker, managed to gain total control of his target system and was able to execute scripts in the trojan. He then used techniques such as steganography and tunneling to remain undetected and to avoid legal trouble. Which of the following hacking phase was Peter currently performing in the above scenario? - Correct Answers -Clearing Tracks

John, a security specialist, was requested by a client organization to check whether the security testing process was performed according to standard. He implemented a security audit on the organization's network to ensure that the performed test was well- organized, efficient, and ethical. John has conducted the audit following the steps given below.

  1. Talk to the client and discuss the needs to be addressed during testing
  2. Analyze the results of the testing and prepare a report
  3. Organize an ethical hacking team and prepare a schedule for testing
  4. Conduct the test
  5. Prepare and sign NDA documents with the client
  6. Present the findings to the client Identify the correct sequence of the steps John has followed while performing the security audit. - Correct Answers -1 -> 5 -> 3 -> 4 -> 2 -> 6 Identify the term that refers to IT professionals who employ their hacking skills for defensive purposes, such as auditing their systems for known vulnerabilities and testing the organization's network security for possible loopholes and vulnerabilities. - Correct Answers -Ethical Hacker Identify the reason why organizations recruit ethical hackers. - Correct Answers - Uncover vulnerabilities in systems and explore their potential as a risk Which of the following is the practice of employing computer and network skills in order to assist organizations in testing their network security for possible loopholes and vulnerabilities? - Correct Answers -Ethical Hacking Identify the individuals who are also known as security analysts or ethical hackers. - Correct Answers -White Hats Which of the following Google advanced search operators displays websites that are similar to the URL specified? - Correct Answers -related Which of the following tools includes scanners such as comprehensive security scanners and port scanners and provides information such as NetBIOS names, configuration info, open TCP and UDP ports, transports, and shares? - Correct Answers -MegaPing Identify the Nbtstat parameter that displays a count of all names resolved by a broadcast or WINS server. - Correct Answers --r Given below is the syntax of the nbtstat command. "nbtstat [-a RemoteName] [-A IP Address] [-c] [-n] [-r] [-R] [-RR] [-s] [-S] [Interval]" Which of the following Nbtstat parameters in the above syntax purges the name cache and reloads all #PRE-tagged entries from the Lmhosts file? - Correct Answers --R

to identify it as malicious software. As a result, the malicious software recorded all the key strokes entered by Bob and transmitted them to Joe. Identify the application Joe employed in the above scenario to lure Bob into installing malicious software. - Correct Answers -Rogue / Decoy application Jack, a professional hacker, created a malicious hyperlink and injected it into a website that appeared legitimate to trick users into clicking the link. When a victim clicked on a malicious link, the malware embedded in the link is executed without the knowledge or consent of the victim. Identify the technique employed by Jack to distribute malware in the above scenario. Jack, a professional hacker, created a malicious hyperlink and injected it into a website that appeared legitimate to trick users into clicking the link. When a victim clicked on a malicious link, the malware embedded in the link is executed without the knowledge or consent of the victim. Identify the technique employed by Jack to distribute malware in the above scenario. - Correct Answers -Social engineered click-jacking Anisha, a shopping freak, frequently uses many online websites for purchasing products without checking their legitimacy. While doing so, she unknowingly clicked on one of the shopping commercials expecting it to be authentic. However, this activity made her lose a huge amount of money from her account. Identify the technique employed to distribute malware in the above scenario. - Correct Answers -Malvertising Which of the following malware distribution techniques involves mimicking legitimate institutions in an attempt to steal login credentials? - Correct Answers -Spear-phishing sites Which of the following malware distribution techniques involves exploiting flaws in browser software to install malware by merely visiting a web page? - Correct Answers - Drive-by downloads Identify the technique used by the attacker that involves keyword stuffing, inserting doorway pages, page swapping, and adding unrelated keywords to get higher rankings for malware pages. - Correct Answers -Black hat search engine optimization Benson, a professional hacker, uses a technique that can exploit browser vulnerabilities. Using this technique, he is able to install malware simply by visiting a web page, and the victim system gets exploited whenever the webpage is being explored. Which of the following technique was mentioned in the above scenario? - Correct Answers -Drive by downloads

Identify the malware component that compresses the malware file by using compression techniques to convert the code and data of the malware into an unreadable format. - Correct Answers -Packer Eyan, a professional hacker, developed malicious code that contains a sequence of commands that can take advantage of a bug or vulnerability in a digital system or device. He used the malicious code to spy on information, install malware, and compromise system security. Identify the component of the malware developed by Eyan in the above scenario. - Correct Answers -Exploit Which of the following port numbers is used by the trojan "Telecommando" to perform malicious activities on the target machine? - Correct Answers - Identify the trojan that uses port number 443 to infect the target systems and propagate malicious software to other systems. - Correct Answers -Emotet Which of the following port numbers is used by trojans such as Silencer and WebEx? - Correct Answers - Irin is a security professional in an organization. The organization instructed her to investigate a security incident that exposed critical information such as credit card/debit card details, account holder name, and CVV number. While investigating the incident, Irin found that the systems are infected with financial fraudulent malware that targeted the payment equipment. Identify the type of malware detected by Irin in the above scenario. - Correct Answers - Point-of-sale trojans Identify the trojan that targets websites and physically changes the underlying HTML format, resulting in content modification. - Correct Answers -Defacement trojans Which of the following types of trojan tricks regular computer users into downloading trojan-infected files to their systems through URL redirection and, post-download, connects back to the attacker using IRC channels? - Correct Answers -Botnet trojans Serin, a professional hacker, injected a backdoor into a target system that specifically attacked the root or system OS. When the backdoor is executed, he will obtain administrator-level access to the target system. Identify the type of malware utilized by Serin in the above scenario. - Correct Answers - Rootkit trojans Which of the following types of trojan uses port number 445 to infect the target system entry and exit points for application traffic? - Correct Answers -WannaCry Given below are various stages involved in the virus lifecycle.

Which of the following viruses stores itself with the same filename as the target program file, infects the computer upon executing the file, and uses DoS to run COM files before executing EXE files? - Correct Answers -Camouflage viruses Which of the following malware programs can replicate, execute, and spread across network connections independent of human intervention? - Correct Answers -Worms Which of the following PUAs compel users to download large files to download unwanted programs with peer-to-peer file sharing features? - Correct Answers -Torrent Which of the following file less propagation techniques involves exploiting pre-installed tools in Windows OS such as PowerShell and Windows Management Instrumentation (WMI) to install and run malicious code? - Correct Answers -Native applications Which of the following malware components performs the desired activity when activated and is used to delete or modify files to compromise system security? - Correct Answers -Payload Identify the type of vulnerabilities exploited by an attacker before they are identified and patched by the developers. - Correct Answers -Zero-day vulnerabilities Identify the type of software vulnerability that occurs due to coding errors and allows the attackers to gain access to the target system. - Correct Answers -Buffer overflow Which one of the following vulnerabilities is NOT an example of misconfiguration vulnerability? - Correct Answers -Running only necessary services on a machine Steve, a forensic expert, was appointed to evaluate an attack initiated on the organization's network. He performed an overall assessment of the network to identify the cause. During this process, he identified outbound connections to Internet services and a few applications running with debugging enabled. Which following category of vulnerabilities did Steve identify in the above scenario? - Correct Answers -Misconfiguration A computer user was trying to read the latest news articles from a popular website, but the user was prevented from accessing the resources of the website as certain underlying vulnerabilities in the webpage allowed an attacker to inject fake requests into the network; as a result, the server stopped responding to legitimate user requests. What is the impact caused due to vulnerabilities in the above scenario? - Correct Answers -Denial of Service Identify the severity of CVSS v3.0 ratings with a base score range of 9.0-10.0. - Correct Answers -Critical

Identify the metric used in CVSS assessment that represents the features that continue to change during the lifetime of the vulnerability. - Correct Answers -Temporal Metric Which of the following is a U.S. government repository of standards-based vulnerability management data and enables the automation of vulnerability management, security measurement, and compliance? - Correct Answers -National Vulnerability Database (NVD) Identify the type of vulnerability assessment where the chances of finding the vulnerabilities related to OS and applications are higher, and it is highly unclear who owns the assets in large enterprises. - Correct Answers -Credentialed assessment James, a professional pen tester, was appointed by an organization to perform a vulnerability assessment on server systems. James conducted a configuration-level check to identify system configurations, user directories, and file systems to evaluate the possibility of compromise for all the systems. Identify the type of vulnerability assessment James performed in the above scenario. - Correct Answers -Host-based assessment Which of the following protocols employs a key distribution center (KDC) that consists of two logically distinct parts, an authentication server (AS) and a ticket-granting server (TGS), and uses "tickets" to prove a user's identity? - Correct Answers -Kerberos authentication Which of the following protocols was upgraded as a default authentication protocol on Windows OS to provide stronger authentication for client/server applications? - Correct Answers -Kerberos Which of the following is a default authentication scheme that performs authentication using a challenge/response strategy as it does not rely on any official protocol specification and has no guarantee to work effectively in every situation? - Correct Answers -NTLM Don, a professional hacker, targeted Bob to steal the credentials of his bank account. Don lured Bob to install malicious software embedded with a keylogger. The keylogger installed on Bob's machine recorded all of Bob's keystrokes and transmitted them to Don. Using the keylogger, Don obtained the credentials of Bob's bank account and performed illegal transactions on his account. Identify the type of attack Don has performed in the above scenario. - Correct Answers - Active online attacks Meghan, a professional hacker, was trying to gain unauthorized access to the admin- level system of the target organization. To hack the passwords used by admins, she employed various password cracking techniques such as internal monologue attack, Markov-chain attack, Kerberos password cracking, and LLMNR/NBT-NS poisoning.

  1. Find a valid user
  2. Rank passwords from high to low probability
  3. Create a list of possible passwords
  4. Key in each password until the correct password is discovered What is the correct sequence of steps involved in password guessing? - Correct Answers -1 -> 3 -> 2 -> 4 John, a professional hacker, targeted an employee of an organization to intrude and gain access to the corporate network. He employed a sniffer to capture packets and authentication tokens between the employee and the organization's server. After extracting relevant information, he transmitted the captured tokens back to the server to gain access as a legitimate user. Identify the type of attack performed by John in the above scenario. - Correct Answers - Replay attack Moses recently purchased an HP laptop to fulfill his business needs, and he did not change the default password of the laptop set by the manufacturer. Clark, a disgruntled employee working with Moses, decided to steal critical business information from his laptop. Clark used an online tool to obtain the default password to access the target laptop successfully. Identify the online tool employed by Clark to search default passwords. - Correct Answers -https://open-sez.me: It is an online tool to search for default passwords. Identify the password cracking tool that helps attackers to gain unauthorized access to the system or network. - Correct Answers -THC Hydra Malcolm, a professional hacker, is attempting to access an organization's systems remotely. For this purpose, he used a tool to recover the passwords of the target system and gain unauthorized access to critical files and other system software. Identify the tool used by Malcolm to crack the passwords of the target system. - Correct Answers -hashcat Which of the following tools allows you to reset unknown or lost Windows local administrator, domain administrator, and other user account passwords? - Correct Answers -John the Ripper Which of the following tools allows an attacker to crack passwords of the target system?
  • Correct Answers -Medusa Brady, a student, is attending a training course on Python programming. He purchased a computer to practice Python programming at home. One day he switched ON his computer to practice Python but forgot his system password. He used an automated tool to recover forgotten password and gained instant access to his locked computer without reinstalling the operating system.

Identify the tool employed by Brady in the above scenario. - Correct Answers -THC Hydra MegaPing - Correct Answers -MegaPing is an ultimate toolkit that provides complete essential utilities for IT administrators and solution providers. With MegaPing utility, you can detect live hosts, open ports of the system in the network. nmap - Correct Answers -is a free and open source utility for network discovery and security auditing THC Hydra - Correct Answers -helps penetration testers and ethical hackers crack the passwords of network services. Hydra can perform rapid dictionary attacks against more than 50 protocols. This includes telnet, FTP, HTTP, HTTPS, SMB, databases, and several other services. John the Ripper - Correct Answers -used to crack passwords HashCat - Correct Answers -password recovery tool Wireshark - Correct Answers -Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education Medusa - Correct Answers -a brute force password cracker Burp Suite - Correct Answers -is an integrated platform/graphical tool for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities. Which of the following practice helps security specialists to protect the network against password cracking attempts? - Correct Answers -Check any suspicious application that stores passwords in memory Teena, a security professional, has recently joined the company, and she has been trained in various security practices to be followed to protect passwords from being compromised. While implementing the security practices, she notices that a system is susceptible to password cracking attacks. Identify the practice noticed by Teena that can lead to password cracking attacks. - Correct Answers -Allow the storing of passwords in an unsecured location. Which of the following countermeasures should be followed to protect against password cracking? - Correct Answers -Do not use passwords that can be found in a dictionary

have forgotten my system's password. Can you help me out?". The administrator, without questioning him, immediately responded to Clark's request with credentials. Identify the type of attack performed by Clark in the above scenario. - Correct Answers - Impersonation refers to an unauthorized person listening to a conversation or reading others' messages. It includes the interception of any form of communication, including audio, video, or written, using channels such as telephone lines, email, and instant messaging.

  • Correct Answers -Eavesdropping is the technique of looking over someone's shoulder as they key information into a device. Attackers use shoulder surfing to find out passwords, personal identification numbers, account numbers, and other information.. - Correct Answers -Shoulder surfing is a common human-based social engineering technique where an attacker pretends to be a legitimate or authorized person. Attackers perform impersonation attacks personally or use a phone or another communication medium to mislead their target and trick them into revealing information. - Correct Answers -Impersonation usually implies entry into a building or security area with the consent of an authorized person. - Correct Answers -Piggybacking In which of the following social engineering attacks do attackers install small cameras to record the victim's system's actions to obtain login details and other sensitive information? - Correct Answers -Shoulder Surfing In which of the following attacks does an attacker send an email or message to the target offering free gifts such as money and software, on the condition that the user forwards the email to a predetermined number of recipients? - Correct Answers -Chain Letter trick or compel users into clicking a hyperlink that redirects them to fake web pages asking for personal information or downloading malicious programs such as keyloggers, trojans, or spyware. - Correct Answers -Pop-ups is a message warning its recipients of a non-existent computer virus threat. It relies on social engineering to spread its reach. Usually, hoaxes do not cause any physical damage or loss of information; but they cause a loss of productivity and use an organization's valuable network resources. - Correct Answers -Hoax Letter An attacker chats with selected online users via instant chat messengers and tries to gather their personal information such as date of birth or maiden name. They then use the acquired information to crack users' accounts. - Correct Answers -Instant Chat Messenger

A chain letter is a message offering free gifts, such as money and software, on the condition that the user forwards the email to a predetermined number of recipients. - Correct Answers -Chain Letter Rina, a student, was browsing online for information about her research project. She clicked on a link and suddenly observed many warning windows on her laptop about a virus she could not close. She became suspicious and reached out to her friend, who advised her to install reputed antivirus software. Which of the following types of attack was performed on Rina in the above scenario? - Correct Answers -Hoax In which of the following type of attacks do attackers mainly target high-profile executives such as CEO, CFO, politicians, and celebrities who have complete access to confidential and highly valuable information? - Correct Answers -Whaling is the technique of looking over someone's shoulder as they key information into a device. Attackers use shoulder surfing to find out passwords, personal identification numbers, account numbers, and other information. - Correct Answers -Shoulder surfing usually implies entry into a building or security area with the consent of the authorized person. - Correct Answers -Piggybacking attack is a type of phishing that targets high profile executives like CEO, CFO, politicians, and celebrities who have complete access to confidential and highly valuable information. - Correct Answers -whaling the SMS text messaging system is used to lure users into taking instant action such as downloading malware, visiting a malicious webpage, or calling a fraudulent phone number. - Correct Answers -In SMiShing (SMS Phishing) In which of the following attacks do attackers exploit instant messaging platforms and use them to spread spam messages? - Correct Answers -Spimming A variant of spam that exploits Instant Messaging platforms to flood spam across the networks. - Correct Answers -Spimming Julius, a professional hacker, impersonates an external auditor and tries to persuade a conversation with one of the employees of his target organization. He encouraged the employee to ask questions and then manipulated certain questions to draw out the required information. Which of the following attack techniques was portrayed by Julius in the above scenario?

  • Correct Answers -Reverse social engineering

competitors, for certain financial benefits, as an innocuous-looking message embedding company secrets in a picture via his official email account. Identify the type of insider attack performed by Dennis in the above scenario. - Correct Answers -Disgruntled employees Abin, an attacker intending to access the critical assets and computing devices of an organization, impersonated Sally, a system administrator. Abin masquerades as Sally and gathers critical information from computing devices of the target organization. Identify the type of insider threat demonstrated in the above scenario. - Correct Answers -Compromised Insider An outsider compromises an insider who has access to the critical assets or computing devices of an organization. This type of threat is more difficult to detect since the outsider masquerades as a genuine insider. - Correct Answers -Compromised Insider Insiders, who are uneducated on potential security threats or simply bypass general security procedures to meet workplace efficiency, are more vulnerable to social engineering attacks. Many insider attacks result from employee's laxity towards security measures, policies, and practices. - Correct Answers -Negligent Insider are the most harmful insiders. They use their technical knowledge to identify weaknesses and vulnerabilities in the company's network and sell the organization's confidential information to competitors or black-market bidders. - Correct Answers - Professional insiders threats come from disgruntled or terminated employees who steal data or destroy company networks intentionally by injecting malware into the corporate network. - Correct Answers -Malicious insider Which of the following encompasses all forms of identity theft, where the perpetrators attempt to impersonate someone else simply to hide their original profile? - Correct Answers -Identity Cloning and Concealment This type of identity theft encompasses all forms of identity theft, where the perpetrators attempt to impersonate someone else simply in order to hide their identity. - Correct Answers -Identity Cloning and Concealment This type of identity theft occurs when the perpetrator steals the victim's Social Security Number to file fraudulent tax returns and obtain fraudulent tax refunds. - Correct Answers -Tax Identity Theft This is one of the most sophisticated types of identity theft, where the perpetrator obtains information from different victims to create a new identity. - Correct Answers - Synthetic Identity Theft

This type of identity theft occurs when a victim's bank account or credit card information is stolen and illegally used by a thief. - Correct Answers -Financial Identity Theft In which of the following types of identity theft does the perpetrator obtain information from different victims to create a new identity by stealing a social security number and use it with a combination of fake names, dates of birth, addresses, and other details required for creating a new identity? - Correct Answers -Synthetic Identity Theft This is another common type of identity theft where the perpetrator steals victim's Social Security Number in order to derive various benefits such as selling it to an undocumented person, using it to defraud the government by getting a new bank account, loans, credit cards, or applying for and obtaining a new passport. - Correct Answers -Social Identity Theft This is one of the most sophisticated types of identity theft, where the perpetrator obtains information from different victims to create a new identity. Firstly, he steals a Social Security Number and uses it with a combination of fake names, date of birth, address, and other details required for creating a new identity. The perpetrator uses this new identity to open new accounts, loans, credit cards, phones, other goods, and services. - Correct Answers -Synthetic Identity Theft This type of identity theft occurs when the identity of a minor is stolen. This is desirable because it may go undetected for a long time. After birth, parents apply for a Social Security Number for their child, which along with a different date of birth, is used by identity thieves to apply for credit accounts, loans or utility services, or to rent a place to live and apply for government benefits. - Correct Answers -Child Identity Theft This is the most dangerous type of identity theft where the perpetrator uses the victim's name or information without the victim's consent or knowledge to obtain medical products and claim health insurance or healthcare services. - Correct Answers -Medical Identity Theft Dennis, an employee experiencing conflict with the management of an organization, uses steganography programs to hide company secrets. He sends this information to competitors, for certain financial benefits, as an innocuous-looking message embedding company secrets in a picture via his official email account. - Correct Answers - Disgruntled employee Which of the following is the best practice to be followed to increase password security?

  • Correct Answers -Avoid using the same password for different accounts Which of the following countermeasures can assist users in reducing the chances of identity theft? - Correct Answers -Enable two-factor authentication on all online accounts