
















































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Ethical Hacking Essentials Complete Practice Test
Typology: Exams
1 / 56
This page cannot be seen from the preview
Don't miss anything!

















































The assurance that the systems responsible for delivering, storing, and processing information are accessible when required by authorized users is referred to by which of the following elements of information security? - Available Identify the element of information security that refers to the quality of being genuine or uncorrupted as a characteristic of any communication, documents, or any data. - Authenticity Mark, a professional hacker, targets his opponent's website. He finds susceptible user inputs, injects malicious SQL code into the database, and tampers with critical information. Which of the following types of attack did Mark perform in the above scenario? - Active Attack Ruby, a hacker, visited her target company disguised as an aspiring candidate seeking a job. She noticed that certain sensitive documents were thrown in the trash near an employee's desk. She collected these documents, which included critical information that helped her to perform further attacks. Identify the type of attack performed by Ruby in the above scenario. - Close in Attack James, a malware programmer, intruded into a manufacturing plant that produces computer peripheral devices. James tampered with the software inside devices ready to be delivered to clients. The tampered program creates a backdoor that allows unauthorized access to the systems. Identify the type of attack performed by James in the above scenario to gain unauthorized access to the delivered systems. - Distribution Attack Williams, an employee, was using his personal laptop within the organization's premises. He connected his laptop to the organization's internal network and began eavesdropping on the communication between other devices connected to the internal network. He sniffed critical information such as login credentials and other confidential data passing through the network. Identify the type of attack performed by Williams in the above scenario. - Insider Attack David, a professional hacker, has initiated a DDoS attack against a target organization. He developed a malicious code and distributed it through emails to compromise the systems. Then, all the infected systems were grouped together to launch a DDoS attack against the organization.
Identify the type of attack launched by David on the target organization. - Botnet Jack is working as a malware analyst in an organization. He was assigned to inspect an attack performed against the organization. Jack determined that the attacker had restricted access to the main computer's files and folders and was demanding an online payment to remove these restrictions. Which of the following type of attack has Jack identified in the above scenario? - Ransomware Identify the type of attack vector that focuses on stealing information from the victim machine without its user being aware and tries to deliver a payload affecting computer performance. - APT Attack Andrew, a professional hacker, drafts an email that appears to be legitimate and attaches malicious links to lure victims; he then distributes it through communication channels or mails to obtain private information like account numbers. Identify the type of attack vector employed by Andrew in the above scenario. - Phishing Identify the civilian act designed to protect investors and the public by increasing the accuracy and reliability of corporate disclosures. - Sarbanes - Oxley Act Which of the following ISO/IEC standard specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of an organization? - ISO/IEC 27001: An organization located in Europe maintains a large amount of user data by following all the security- related laws. It also follows GDPR protection principles, one of which states that the organization should only collect and process data necessary for the specified task. Which of the following GDPR protection principle is discussed in the above scenario? - Data Minimization Which of the following titles in The Digital Millennium Copyright Act (DMCA) allows the owner of a copy of a program to make reproductions or adaptations when these are necessary to use the program in conjunction with a system? - Title III: Computer Maintenance or Repair Which of the following countries has implemented "The Copyright Act 1968" and "The Patents Act 1990"? - Australia
Lionel, a professional hacker motivated by political beliefs, plans to employ various techniques to create fear of large-scale disruption of computer networks. Which of the following types of threat actors does Lionel belong to in the above scenario? - Cyber Terrorists Which of the following types of threat actors helps both hackers find various vulnerabilities in a system and vendors improve products by checking limitations to make them more secure? - Gray Hats Allen, a CEO of a business organization, targeted his competitor. He penetrated the target network by using APTs and stayed undetected for years. He consequently gained access to critical information such as blueprints, formulas, product designs, marketing strategies, and trade secrets. Identify the class of hackers to which Allen belongs in the above scenario. - Industrial spies Identify the type of threat actors that include groups of individuals or communities involved in organized, planned, and prolonged criminal activities and who exploit victims from distinct jurisdictions on the Internet, making them difficult to locate. - Criminal Syndicates Given below are the various phases of hacking.
Lopez, a penetration tester, executes different phases of the hacking cycle in her organization. She detects that the network is susceptible to password cracking, buffer overflows, denial of service, and session hijacking attacks. Identify the hacking phase Lopez was executing in the above scenario. - Gaining Access Peter, a professional hacker, managed to gain total control of his target system and was able to execute scripts in the trojan. He then used techniques such as steganography and tunneling to remain undetected and to avoid legal trouble. Which of the following hacking phase was Peter currently performing in the above scenario? - Clearing Tracks John, a security specialist, was requested by a client organization to check whether the security testing process was performed according to standard. He implemented a security audit on the organization's network to ensure that the performed test was well-organized, efficient, and ethical. John has conducted the audit following the steps given below.
Sam, a new employee at an organization, received a phishing mail from an unauthorized source on his official email ID. As Sam was not trained on email security, he opened the email and clicked on the malicious link within the email, allowing the attacker to gain backdoor access to the office network. Identify the threat source in the above scenario. - Unintentional threats James, a student, was curious about hacking. Although he does not possess much knowledge about the subject, he initiated a DoS attack on a website using freely available tools on the Internet. As the website already has some sort of security controls, it detected unusual traffic and blocked James's IP address. Which of the following types of threat sources is discussed in the above scenario? - Unstructured external threats Daniel, an employee working from home, was assigned a task to complete within a half-day, but due to frequent power failures at his residential area, he failed to accomplish the task. Which of the following threats was demonstrated in the above scenario? - Natural threats Mark, a professional hacker, scanned the target system to check for running services or open ports. After successful scanning, he discovered an open FTP port, exploited it to install malware, and performed malicious activities on the victim system. In which of the following ways did Mark installed malware in the victim system? - File sharing services Joe, a professional hacker, initiated an attack against Bob by tricking him into downloading a free software program embedded with a keylogger labeled as trusted. As the program was labeled trusted, the antivirus software installed on Bob's system failed to identify it as malicious software. As a result, the malicious software recorded all the key strokes entered by Bob and transmitted them to Joe. Identify the application Joe employed in the above scenario to lure Bob into installing malicious software. - Rogue / Decoy application Jack, a professional hacker, created a malicious hyperlink and injected it into a website that appeared legitimate to trick users into clicking the link. When a victim clicked on a malicious link, the malware embedded in the link is executed without the knowledge or consent of the victim. Identify the technique employed by Jack to distribute malware in the above scenario. Jack, a professional hacker, created a malicious hyperlink and injected it into a website that appeared legitimate to trick users into clicking the link. When a victim clicked on a malicious link, the malware embedded in the link is executed without the knowledge or consent of the victim.
Identify the technique employed by Jack to distribute malware in the above scenario. - Social engineered click-jacking Anisha, a shopping freak, frequently uses many online websites for purchasing products without checking their legitimacy. While doing so, she unknowingly clicked on one of the shopping commercials expecting it to be authentic. However, this activity made her lose a huge amount of money from her account. Identify the technique employed to distribute malware in the above scenario. - Malvertising Which of the following malware distribution techniques involves mimicking legitimate institutions in an attempt to steal login credentials? - Spear-phishing sites Which of the following malware distribution techniques involves exploiting flaws in browser software to install malware by merely visiting a web page? - Drive-by downloads Identify the technique used by the attacker that involves keyword stuffing, inserting doorway pages, page swapping, and adding unrelated keywords to get higher rankings for malware pages. - Black hat search engine optimization Benson, a professional hacker, uses a technique that can exploit browser vulnerabilities. Using this technique, he is able to install malware simply by visiting a web page, and the victim system gets exploited whenever the webpage is being explored. Which of the following technique was mentioned in the above scenario? - Drive by downloads Identify the malware component that compresses the malware file by using compression techniques to convert the code and data of the malware into an unreadable format. - Packer Eyan, a professional hacker, developed malicious code that contains a sequence of commands that can take advantage of a bug or vulnerability in a digital system or device. He used the malicious code to spy on information, install malware, and compromise system security. Identify the component of the malware developed by Eyan in the above scenario. - Exploit Which of the following port numbers is used by the trojan "Telecommando" to perform malicious activities on the target machine? - 61466
Which of the following viruses stores itself with the same filename as the target program file, infects the computer upon executing the file, and uses DoS to run COM files before executing EXE files? - Camouflage viruses Which of the following malware programs can replicate, execute, and spread across network connections independent of human intervention? - Worms Which of the following PUAs compel users to download large files to download unwanted programs with peer-to-peer file sharing features? - Torrent Which of the following file less propagation techniques involves exploiting pre-installed tools in Windows OS such as PowerShell and Windows Management Instrumentation (WMI) to install and run malicious code? - Native applications Which of the following malware components performs the desired activity when activated and is used to delete or modify files to compromise system security? - Payload Identify the type of vulnerabilities exploited by an attacker before they are identified and patched by the developers. - Zero-day vulnerabilities Identify the type of software vulnerability that occurs due to coding errors and allows the attackers to gain access to the target system. - Buffer overflow Which one of the following vulnerabilities is NOT an example of misconfiguration vulnerability? - Running only necessary services on a machine Steve, a forensic expert, was appointed to evaluate an attack initiated on the organization's network. He performed an overall assessment of the network to identify the cause. During this process, he identified outbound connections to Internet services and a few applications running with debugging enabled. Which following category of vulnerabilities did Steve identify in the above scenario? - Misconfiguration
Which of the following is a default authentication scheme that performs authentication using a challenge/response strategy as it does not rely on any official protocol specification and has no guarantee to work effectively in every situation? - NTLM Don, a professional hacker, targeted Bob to steal the credentials of his bank account. Don lured Bob to install malicious software embedded with a keylogger. The keylogger installed on Bob's machine recorded all of Bob's keystrokes and transmitted them to Don. Using the keylogger, Don obtained the credentials of Bob's bank account and performed illegal transactions on his account. Identify the type of attack Don has performed in the above scenario. - Active online attacks Meghan, a professional hacker, was trying to gain unauthorized access to the admin-level system of the target organization. To hack the passwords used by admins, she employed various password cracking techniques such as internal monologue attack, Markov-chain attack, Kerberos password cracking, and LLMNR/NBT-NS poisoning. Identify the type of password attack performed by Meghan in the above scenario. - Active Online Attack Don, a professional hacker, targeted Johana's official email to steal sensitive information related to a project. Using a password cracking tool, Don tried all the possible combinations of password characters until it was cracked. Identify the type of password attack performed by Don in the above scenario. - Brute-force attack Which of the following technique is a brute-force attack on encryption where all possible keys are tested in an attempt to recover the plaintext used to produce a particular ciphertext? - Cryptanalysis Which of the following malware masks itself as a benign application or software that initially appears to perform a desirable or benign function but steals information from a system? - Trojan Which of the following attacks is launched either by stealing the ST/TGT from an end-user machine and using it to disguise the attackers as valid users or by stealing the ST/TGT from a compromised AS? - Pass the ticket Timberly, a professional hacker, targeted a Windows machine to leverage the Kerberos authentication mechanism to manipulate its services. Timberly compromised the machine of an end-user who was trying to access the target machine's services and stole their ST/TGT to masquerade as a valid user.
Using the stolen TGT, Timberly gained unauthorized access to the network services of the target machine. Identify the type of attack performed by Timberly in the above scenario. - Pass the ticket Lucifer, a professional hacker, targeted an organization for certain financial benefits. He employed a technique that sniffs out credentials during transit by capturing Internet packets from the target network. Using this technique, Lucifer gained passwords to rlogin sessions. Identify the type of attack performed by Lucifer in the above scenario. - Wiretapping Melvin, an attacker, targeted an administrator of the targeted organization to gain unauthorized access to its server machine. He created a lookup file containing precomputed hashes of the password previously obtained using brute-force attempts. He compared these hashes with the administrator credentials and discovered a match to access the server. Identify the attack technique implemented by Melvin in the above scenario. - Rainbow table attack Given below are different steps involved in password guessing.
HashCat - password recovery tool Wireshark - Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education Medusa - a brute force password cracker Burp Suite - is an integrated platform/graphical tool for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities. Which of the following practice helps security specialists to protect the network against password cracking attempts? - Check any suspicious application that stores passwords in memory Teena, a security professional, has recently joined the company, and she has been trained in various security practices to be followed to protect passwords from being compromised. While implementing the security practices, she notices that a system is susceptible to password cracking attacks. Identify the practice noticed by Teena that can lead to password cracking attacks. - Allow the storing of passwords in an unsecured location. Which of the following countermeasures should be followed to protect against password cracking? - Do not use passwords that can be found in a dictionary Which of the following practice can help security teams defend the application against password cracking attempts? - Ensure that applications neither store passwords to memory nor write them to disk Which of the following practices can help administrators protect an organization's server from password cracking attempts? - Enable account lockout following a certain number of invalid attempts Rocky, a professional hacker, targets an organization to perform a social engineering attack. He impersonated a legitimate employee of the company and requested the receptionist to send him
important documents, as his files had been corrupted and he was required to send them immediately to the client. Which of the following vulnerable behaviors was showcased by Rocky in the above scenario? - Intimidation John, a threat actor, called up Johana, the IT help desk member of the targeted organization, and informed her that Mr. Tibiyani was about to give a presentation to customers but he could not open his files as they were corrupted and that Mr. Tibiyani requested him to call and ask her to send the files to him as soon as possible to start the presentation. Identify the social engineering context created by the attacker in the above scenario. - Intimidation Don, a professional hacker, telephoned Bob and claimed to be a network administrator in the target organization. Don informed Bob about a security incident in the network and asked him to provide his account credentials to secure his data. After obtaining these credentials, Don retrieved sensitive information from Bob's account. Which of the following vulnerable behaviors was showcased by Don in the above scenario? - Authority Given below are different phases of social engineering attacks.
A chain letter is a message offering free gifts, such as money and software, on the condition that the user forwards the email to a predetermined number of recipients. - Chain Letter Rina, a student, was browsing online for information about her research project. She clicked on a link and suddenly observed many warning windows on her laptop about a virus she could not close. She became suspicious and reached out to her friend, who advised her to install reputed antivirus software. Which of the following types of attack was performed on Rina in the above scenario? - Hoax In which of the following type of attacks do attackers mainly target high-profile executives such as CEO, CFO, politicians, and celebrities who have complete access to confidential and highly valuable information? - Whaling is the technique of looking over someone's shoulder as they key information into a device. Attackers use shoulder surfing to find out passwords, personal identification numbers, account numbers, and other information. - Shoulder surfing usually implies entry into a building or security area with the consent of the authorized person. - Piggybacking attack is a type of phishing that targets high profile executives like CEO, CFO, politicians, and celebrities who have complete access to confidential and highly valuable information. - whaling the SMS text messaging system is used to lure users into taking instant action such as downloading malware, visiting a malicious webpage, or calling a fraudulent phone number. - In SMiShing (SMS Phishing) In which of the following attacks do attackers exploit instant messaging platforms and use them to spread spam messages? - Spimming A variant of spam that exploits Instant Messaging platforms to flood spam across the networks. - Spimming
Julius, a professional hacker, impersonates an external auditor and tries to persuade a conversation with one of the employees of his target organization. He encouraged the employee to ask questions and then manipulated certain questions to draw out the required information. Which of the following attack techniques was portrayed by Julius in the above scenario? - Reverse social engineering Which of the following techniques uses VoIP technology and ID spoofing to trick individuals into revealing their critical financial and personal information and uses the information for financial gain? - Vishing is an impersonation technique in which the attacker uses Voice over IP (VoIP) technology to trick individuals into revealing their critical financial and personal information and uses the information for financial gain. - Vishing (voice or VoIP phishing) Which of the following malware tricks the computer users into visiting malware-infested websites by telling the target user that their machine has been infected with malware? - Scareware is a type of malware that tricks computer users into visiting malware-infested websites or downloading or buying potentially malicious software. is often seen in pop-ups that tell the target user that their machine has been infected with malware. - Scareware Jade, a professional hacker, was planning to enter the premises of an organization that allows access only to authorized persons. For this purpose, he creates a fake ID resembling the ID of the office staff and enters the restricted area by closely following an authorized person through a door that requires key access. Identify the type of attack performed by Jade in the above scenario. - tailgating implies accessing a building or secured area without the consent of the authorized person. It is the act of following an authorized person through a secure entrance, as a polite user would open and hold the door for those following them. - Tailgating is a social engineering technique in which the attacker executes malicious programs on a victim's computer or server, and when the victim enters any URL or domain name, it automatically redirects the victim's traffic to an attacker-controlled website. - Pharming