Ethical Hacking Essentials Complete Practice Test, Exams of Advanced Education

Ethical Hacking Essentials Complete Practice Test

Typology: Exams

2024/2025

Available from 10/06/2024

alex-david-34
alex-david-34 🇿🇦

4.5

(4)

5.6K documents

1 / 56

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Ethical Hacking Essentials Complete Practice Test
The assurance that the systems responsible for delivering, storing, and processing information are
accessible when required by authorized users is referred to by which of the following elements of
information security? - Available
Identify the element of information security that refers to the quality of being genuine or uncorrupted
as a characteristic of any communication, documents, or any data. - Authenticity
Mark, a professional hacker, targets his opponent's website. He finds susceptible user inputs, injects
malicious SQL code into the database, and tampers with critical information.
Which of the following types of attack did Mark perform in the above scenario? - Active Attack
Ruby, a hacker, visited her target company disguised as an aspiring candidate seeking a job. She noticed
that certain sensitive documents were thrown in the trash near an employee's desk. She collected these
documents, which included critical information that helped her to perform further attacks.
Identify the type of attack performed by Ruby in the above scenario. - Close in Attack
James, a malware programmer, intruded into a manufacturing plant that produces computer peripheral
devices. James tampered with the software inside devices ready to be delivered to clients. The
tampered program creates a backdoor that allows unauthorized access to the systems.
Identify the type of attack performed by James in the above scenario to gain unauthorized access to the
delivered systems. - Distribution Attack
Williams, an employee, was using his personal laptop within the organization's premises. He connected
his laptop to the organization's internal network and began eavesdropping on the communication
between other devices connected to the internal network. He sniffed critical information such as login
credentials and other confidential data passing through the network.
Identify the type of attack performed by Williams in the above scenario. - Insider Attack
David, a professional hacker, has initiated a DDoS attack against a target organization. He developed a
malicious code and distributed it through emails to compromise the systems. Then, all the infected
systems were grouped together to launch a DDoS attack against the organization.
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38

Partial preview of the text

Download Ethical Hacking Essentials Complete Practice Test and more Exams Advanced Education in PDF only on Docsity!

Ethical Hacking Essentials Complete Practice Test

The assurance that the systems responsible for delivering, storing, and processing information are accessible when required by authorized users is referred to by which of the following elements of information security? - Available Identify the element of information security that refers to the quality of being genuine or uncorrupted as a characteristic of any communication, documents, or any data. - Authenticity Mark, a professional hacker, targets his opponent's website. He finds susceptible user inputs, injects malicious SQL code into the database, and tampers with critical information. Which of the following types of attack did Mark perform in the above scenario? - Active Attack Ruby, a hacker, visited her target company disguised as an aspiring candidate seeking a job. She noticed that certain sensitive documents were thrown in the trash near an employee's desk. She collected these documents, which included critical information that helped her to perform further attacks. Identify the type of attack performed by Ruby in the above scenario. - Close in Attack James, a malware programmer, intruded into a manufacturing plant that produces computer peripheral devices. James tampered with the software inside devices ready to be delivered to clients. The tampered program creates a backdoor that allows unauthorized access to the systems. Identify the type of attack performed by James in the above scenario to gain unauthorized access to the delivered systems. - Distribution Attack Williams, an employee, was using his personal laptop within the organization's premises. He connected his laptop to the organization's internal network and began eavesdropping on the communication between other devices connected to the internal network. He sniffed critical information such as login credentials and other confidential data passing through the network. Identify the type of attack performed by Williams in the above scenario. - Insider Attack David, a professional hacker, has initiated a DDoS attack against a target organization. He developed a malicious code and distributed it through emails to compromise the systems. Then, all the infected systems were grouped together to launch a DDoS attack against the organization.

Identify the type of attack launched by David on the target organization. - Botnet Jack is working as a malware analyst in an organization. He was assigned to inspect an attack performed against the organization. Jack determined that the attacker had restricted access to the main computer's files and folders and was demanding an online payment to remove these restrictions. Which of the following type of attack has Jack identified in the above scenario? - Ransomware Identify the type of attack vector that focuses on stealing information from the victim machine without its user being aware and tries to deliver a payload affecting computer performance. - APT Attack Andrew, a professional hacker, drafts an email that appears to be legitimate and attaches malicious links to lure victims; he then distributes it through communication channels or mails to obtain private information like account numbers. Identify the type of attack vector employed by Andrew in the above scenario. - Phishing Identify the civilian act designed to protect investors and the public by increasing the accuracy and reliability of corporate disclosures. - Sarbanes - Oxley Act Which of the following ISO/IEC standard specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system within the context of an organization? - ISO/IEC 27001: An organization located in Europe maintains a large amount of user data by following all the security- related laws. It also follows GDPR protection principles, one of which states that the organization should only collect and process data necessary for the specified task. Which of the following GDPR protection principle is discussed in the above scenario? - Data Minimization Which of the following titles in The Digital Millennium Copyright Act (DMCA) allows the owner of a copy of a program to make reproductions or adaptations when these are necessary to use the program in conjunction with a system? - Title III: Computer Maintenance or Repair Which of the following countries has implemented "The Copyright Act 1968" and "The Patents Act 1990"? - Australia

Lionel, a professional hacker motivated by political beliefs, plans to employ various techniques to create fear of large-scale disruption of computer networks. Which of the following types of threat actors does Lionel belong to in the above scenario? - Cyber Terrorists Which of the following types of threat actors helps both hackers find various vulnerabilities in a system and vendors improve products by checking limitations to make them more secure? - Gray Hats Allen, a CEO of a business organization, targeted his competitor. He penetrated the target network by using APTs and stayed undetected for years. He consequently gained access to critical information such as blueprints, formulas, product designs, marketing strategies, and trade secrets. Identify the class of hackers to which Allen belongs in the above scenario. - Industrial spies Identify the type of threat actors that include groups of individuals or communities involved in organized, planned, and prolonged criminal activities and who exploit victims from distinct jurisdictions on the Internet, making them difficult to locate. - Criminal Syndicates Given below are the various phases of hacking.

  1. Reconnaissance
  2. Gaining access
  3. Maintaining access
  4. Clearing tracks
  5. Scanning What is the correct sequence of phases involved in hacking? - 1 -> 5 -> 2 -> 3 -> 4 In which of the following phases of hacking does an attacker employ steganography and tunneling techniques to retain access to the victim's system, remain unnoticed, and remove evidence that might lead to prosecution? - Clearing Tracks In which of the following hacking phases do attackers extract information such as live machines, port, port status, OS details, device type, and system uptime to launch further attacks? - Scanning

Lopez, a penetration tester, executes different phases of the hacking cycle in her organization. She detects that the network is susceptible to password cracking, buffer overflows, denial of service, and session hijacking attacks. Identify the hacking phase Lopez was executing in the above scenario. - Gaining Access Peter, a professional hacker, managed to gain total control of his target system and was able to execute scripts in the trojan. He then used techniques such as steganography and tunneling to remain undetected and to avoid legal trouble. Which of the following hacking phase was Peter currently performing in the above scenario? - Clearing Tracks John, a security specialist, was requested by a client organization to check whether the security testing process was performed according to standard. He implemented a security audit on the organization's network to ensure that the performed test was well-organized, efficient, and ethical. John has conducted the audit following the steps given below.

  1. Talk to the client and discuss the needs to be addressed during testing
  2. Analyze the results of the testing and prepare a report
  3. Organize an ethical hacking team and prepare a schedule for testing
  4. Conduct the test
  5. Prepare and sign NDA documents with the client
  6. Present the findings to the client Identify the correct sequence of the steps John has followed while performing the security audit. - 1 -> 5 -> 3 -> 4 -> 2 -> 6 Identify the term that refers to IT professionals who employ their hacking skills for defensive purposes, such as auditing their systems for known vulnerabilities and testing the organization's network security for possible loopholes and vulnerabilities. - Ethical Hacker Identify the reason why organizations recruit ethical hackers. - Uncover vulnerabilities in systems and explore their potential as a risk

Sam, a new employee at an organization, received a phishing mail from an unauthorized source on his official email ID. As Sam was not trained on email security, he opened the email and clicked on the malicious link within the email, allowing the attacker to gain backdoor access to the office network. Identify the threat source in the above scenario. - Unintentional threats James, a student, was curious about hacking. Although he does not possess much knowledge about the subject, he initiated a DoS attack on a website using freely available tools on the Internet. As the website already has some sort of security controls, it detected unusual traffic and blocked James's IP address. Which of the following types of threat sources is discussed in the above scenario? - Unstructured external threats Daniel, an employee working from home, was assigned a task to complete within a half-day, but due to frequent power failures at his residential area, he failed to accomplish the task. Which of the following threats was demonstrated in the above scenario? - Natural threats Mark, a professional hacker, scanned the target system to check for running services or open ports. After successful scanning, he discovered an open FTP port, exploited it to install malware, and performed malicious activities on the victim system. In which of the following ways did Mark installed malware in the victim system? - File sharing services Joe, a professional hacker, initiated an attack against Bob by tricking him into downloading a free software program embedded with a keylogger labeled as trusted. As the program was labeled trusted, the antivirus software installed on Bob's system failed to identify it as malicious software. As a result, the malicious software recorded all the key strokes entered by Bob and transmitted them to Joe. Identify the application Joe employed in the above scenario to lure Bob into installing malicious software. - Rogue / Decoy application Jack, a professional hacker, created a malicious hyperlink and injected it into a website that appeared legitimate to trick users into clicking the link. When a victim clicked on a malicious link, the malware embedded in the link is executed without the knowledge or consent of the victim. Identify the technique employed by Jack to distribute malware in the above scenario. Jack, a professional hacker, created a malicious hyperlink and injected it into a website that appeared legitimate to trick users into clicking the link. When a victim clicked on a malicious link, the malware embedded in the link is executed without the knowledge or consent of the victim.

Identify the technique employed by Jack to distribute malware in the above scenario. - Social engineered click-jacking Anisha, a shopping freak, frequently uses many online websites for purchasing products without checking their legitimacy. While doing so, she unknowingly clicked on one of the shopping commercials expecting it to be authentic. However, this activity made her lose a huge amount of money from her account. Identify the technique employed to distribute malware in the above scenario. - Malvertising Which of the following malware distribution techniques involves mimicking legitimate institutions in an attempt to steal login credentials? - Spear-phishing sites Which of the following malware distribution techniques involves exploiting flaws in browser software to install malware by merely visiting a web page? - Drive-by downloads Identify the technique used by the attacker that involves keyword stuffing, inserting doorway pages, page swapping, and adding unrelated keywords to get higher rankings for malware pages. - Black hat search engine optimization Benson, a professional hacker, uses a technique that can exploit browser vulnerabilities. Using this technique, he is able to install malware simply by visiting a web page, and the victim system gets exploited whenever the webpage is being explored. Which of the following technique was mentioned in the above scenario? - Drive by downloads Identify the malware component that compresses the malware file by using compression techniques to convert the code and data of the malware into an unreadable format. - Packer Eyan, a professional hacker, developed malicious code that contains a sequence of commands that can take advantage of a bug or vulnerability in a digital system or device. He used the malicious code to spy on information, install malware, and compromise system security. Identify the component of the malware developed by Eyan in the above scenario. - Exploit Which of the following port numbers is used by the trojan "Telecommando" to perform malicious activities on the target machine? - 61466

  1. Design
  2. Detection Identify the correct sequence of stages involved in the virus lifecycle. - 5 -> 1 -> 3 -> 6 -> 2 -> 4 In which of the following stages of the virus lifecycle does a user install antivirus updates and eliminate virus threats? - Execution of the damage routine Joy, a professional hacker, targeted an organization's system using a special type of virus that hides its actual source of infection. The virus employed by Joy diverts the antivirus solutions by providing certain other random location even though it is residing in the system. Identify the type of virus employed by Joy in the above scenario. - Armored Virus Kevin, a professional hacker, was hired to break into an organization's network and gather sensitive information. Kevin installed a virus that will be triggered when a specific date/time is reached, using which he can gain remote access and retrieve sensitive information. Identify the type of virus used by Kevin in the above scenario. - Logic bomb virus Freddy, a professional hacker, targets sensitive information stored in document files of programs like Microsoft word. For this purpose, he uses a virus program that is written using VBA, which infects the documents and converts the infected documents into template files while maintaining their appearance as standard document files. Identify the type of virus employed by Freddy in the above scenario. - Macro virus Which of the following viruses combines the approach of file infectors and boot record infectors and attempts to simultaneously attack both the boot sector and executable or program files? - Multipartite viruses Identify the type of virus that overwrites a part of the host file with null constant without increasing the length of the file and maintains a constant file size when infecting, which allows the virus to evade detection. - Cavity Virus Identify the type of virus whose life is directly proportional to the life of its host, which means it executes only upon the execution of its attached program and terminates upon the termination of its attached program. - Transient virus

Which of the following viruses stores itself with the same filename as the target program file, infects the computer upon executing the file, and uses DoS to run COM files before executing EXE files? - Camouflage viruses Which of the following malware programs can replicate, execute, and spread across network connections independent of human intervention? - Worms Which of the following PUAs compel users to download large files to download unwanted programs with peer-to-peer file sharing features? - Torrent Which of the following file less propagation techniques involves exploiting pre-installed tools in Windows OS such as PowerShell and Windows Management Instrumentation (WMI) to install and run malicious code? - Native applications Which of the following malware components performs the desired activity when activated and is used to delete or modify files to compromise system security? - Payload Identify the type of vulnerabilities exploited by an attacker before they are identified and patched by the developers. - Zero-day vulnerabilities Identify the type of software vulnerability that occurs due to coding errors and allows the attackers to gain access to the target system. - Buffer overflow Which one of the following vulnerabilities is NOT an example of misconfiguration vulnerability? - Running only necessary services on a machine Steve, a forensic expert, was appointed to evaluate an attack initiated on the organization's network. He performed an overall assessment of the network to identify the cause. During this process, he identified outbound connections to Internet services and a few applications running with debugging enabled. Which following category of vulnerabilities did Steve identify in the above scenario? - Misconfiguration

Which of the following is a default authentication scheme that performs authentication using a challenge/response strategy as it does not rely on any official protocol specification and has no guarantee to work effectively in every situation? - NTLM Don, a professional hacker, targeted Bob to steal the credentials of his bank account. Don lured Bob to install malicious software embedded with a keylogger. The keylogger installed on Bob's machine recorded all of Bob's keystrokes and transmitted them to Don. Using the keylogger, Don obtained the credentials of Bob's bank account and performed illegal transactions on his account. Identify the type of attack Don has performed in the above scenario. - Active online attacks Meghan, a professional hacker, was trying to gain unauthorized access to the admin-level system of the target organization. To hack the passwords used by admins, she employed various password cracking techniques such as internal monologue attack, Markov-chain attack, Kerberos password cracking, and LLMNR/NBT-NS poisoning. Identify the type of password attack performed by Meghan in the above scenario. - Active Online Attack Don, a professional hacker, targeted Johana's official email to steal sensitive information related to a project. Using a password cracking tool, Don tried all the possible combinations of password characters until it was cracked. Identify the type of password attack performed by Don in the above scenario. - Brute-force attack Which of the following technique is a brute-force attack on encryption where all possible keys are tested in an attempt to recover the plaintext used to produce a particular ciphertext? - Cryptanalysis Which of the following malware masks itself as a benign application or software that initially appears to perform a desirable or benign function but steals information from a system? - Trojan Which of the following attacks is launched either by stealing the ST/TGT from an end-user machine and using it to disguise the attackers as valid users or by stealing the ST/TGT from a compromised AS? - Pass the ticket Timberly, a professional hacker, targeted a Windows machine to leverage the Kerberos authentication mechanism to manipulate its services. Timberly compromised the machine of an end-user who was trying to access the target machine's services and stole their ST/TGT to masquerade as a valid user.

Using the stolen TGT, Timberly gained unauthorized access to the network services of the target machine. Identify the type of attack performed by Timberly in the above scenario. - Pass the ticket Lucifer, a professional hacker, targeted an organization for certain financial benefits. He employed a technique that sniffs out credentials during transit by capturing Internet packets from the target network. Using this technique, Lucifer gained passwords to rlogin sessions. Identify the type of attack performed by Lucifer in the above scenario. - Wiretapping Melvin, an attacker, targeted an administrator of the targeted organization to gain unauthorized access to its server machine. He created a lookup file containing precomputed hashes of the password previously obtained using brute-force attempts. He compared these hashes with the administrator credentials and discovered a match to access the server. Identify the attack technique implemented by Melvin in the above scenario. - Rainbow table attack Given below are different steps involved in password guessing.

  1. Find a valid user
  2. Rank passwords from high to low probability
  3. Create a list of possible passwords
  4. Key in each password until the correct password is discovered What is the correct sequence of steps involved in password guessing? - 1 -> 3 -> 2 -> 4 John, a professional hacker, targeted an employee of an organization to intrude and gain access to the corporate network. He employed a sniffer to capture packets and authentication tokens between the employee and the organization's server. After extracting relevant information, he transmitted the captured tokens back to the server to gain access as a legitimate user. Identify the type of attack performed by John in the above scenario. - Replay attack Moses recently purchased an HP laptop to fulfill his business needs, and he did not change the default password of the laptop set by the manufacturer. Clark, a disgruntled employee working with Moses, decided to steal critical business information from his laptop. Clark used an online tool to obtain the default password to access the target laptop successfully.

HashCat - password recovery tool Wireshark - Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education Medusa - a brute force password cracker Burp Suite - is an integrated platform/graphical tool for performing security testing of web applications. Its various tools work seamlessly together to support the entire testing process, from initial mapping and analysis of an application's attack surface, through to finding and exploiting security vulnerabilities. Which of the following practice helps security specialists to protect the network against password cracking attempts? - Check any suspicious application that stores passwords in memory Teena, a security professional, has recently joined the company, and she has been trained in various security practices to be followed to protect passwords from being compromised. While implementing the security practices, she notices that a system is susceptible to password cracking attacks. Identify the practice noticed by Teena that can lead to password cracking attacks. - Allow the storing of passwords in an unsecured location. Which of the following countermeasures should be followed to protect against password cracking? - Do not use passwords that can be found in a dictionary Which of the following practice can help security teams defend the application against password cracking attempts? - Ensure that applications neither store passwords to memory nor write them to disk Which of the following practices can help administrators protect an organization's server from password cracking attempts? - Enable account lockout following a certain number of invalid attempts Rocky, a professional hacker, targets an organization to perform a social engineering attack. He impersonated a legitimate employee of the company and requested the receptionist to send him

important documents, as his files had been corrupted and he was required to send them immediately to the client. Which of the following vulnerable behaviors was showcased by Rocky in the above scenario? - Intimidation John, a threat actor, called up Johana, the IT help desk member of the targeted organization, and informed her that Mr. Tibiyani was about to give a presentation to customers but he could not open his files as they were corrupted and that Mr. Tibiyani requested him to call and ask her to send the files to him as soon as possible to start the presentation. Identify the social engineering context created by the attacker in the above scenario. - Intimidation Don, a professional hacker, telephoned Bob and claimed to be a network administrator in the target organization. Don informed Bob about a security incident in the network and asked him to provide his account credentials to secure his data. After obtaining these credentials, Don retrieved sensitive information from Bob's account. Which of the following vulnerable behaviors was showcased by Don in the above scenario? - Authority Given below are different phases of social engineering attacks.

  1. Develop a relationship
  2. Exploit the relationship
  3. Research the target company
  4. Select a target What is the correct sequence of steps attackers follow to execute a successful social engineering attack?
  • 3 -> 4 -> 1 -> 2 In which of the following phases of a social engineering attack do attackers try to reach out to disgruntled employees as they are easier to manipulate? - Select a target Clark, a threat actor, targeted an organization and impersonated the CEO's secretary. Clark contacted the administrator and said, "I'm working on an urgent project, and I have forgotten my system's password. Can you help me out?". The administrator, without questioning him, immediately responded to Clark's request with credentials. Identify the type of attack performed by Clark in the above scenario. - Impersonation

A chain letter is a message offering free gifts, such as money and software, on the condition that the user forwards the email to a predetermined number of recipients. - Chain Letter Rina, a student, was browsing online for information about her research project. She clicked on a link and suddenly observed many warning windows on her laptop about a virus she could not close. She became suspicious and reached out to her friend, who advised her to install reputed antivirus software. Which of the following types of attack was performed on Rina in the above scenario? - Hoax In which of the following type of attacks do attackers mainly target high-profile executives such as CEO, CFO, politicians, and celebrities who have complete access to confidential and highly valuable information? - Whaling is the technique of looking over someone's shoulder as they key information into a device. Attackers use shoulder surfing to find out passwords, personal identification numbers, account numbers, and other information. - Shoulder surfing usually implies entry into a building or security area with the consent of the authorized person. - Piggybacking attack is a type of phishing that targets high profile executives like CEO, CFO, politicians, and celebrities who have complete access to confidential and highly valuable information. - whaling the SMS text messaging system is used to lure users into taking instant action such as downloading malware, visiting a malicious webpage, or calling a fraudulent phone number. - In SMiShing (SMS Phishing) In which of the following attacks do attackers exploit instant messaging platforms and use them to spread spam messages? - Spimming A variant of spam that exploits Instant Messaging platforms to flood spam across the networks. - Spimming

Julius, a professional hacker, impersonates an external auditor and tries to persuade a conversation with one of the employees of his target organization. He encouraged the employee to ask questions and then manipulated certain questions to draw out the required information. Which of the following attack techniques was portrayed by Julius in the above scenario? - Reverse social engineering Which of the following techniques uses VoIP technology and ID spoofing to trick individuals into revealing their critical financial and personal information and uses the information for financial gain? - Vishing is an impersonation technique in which the attacker uses Voice over IP (VoIP) technology to trick individuals into revealing their critical financial and personal information and uses the information for financial gain. - Vishing (voice or VoIP phishing) Which of the following malware tricks the computer users into visiting malware-infested websites by telling the target user that their machine has been infected with malware? - Scareware is a type of malware that tricks computer users into visiting malware-infested websites or downloading or buying potentially malicious software. is often seen in pop-ups that tell the target user that their machine has been infected with malware. - Scareware Jade, a professional hacker, was planning to enter the premises of an organization that allows access only to authorized persons. For this purpose, he creates a fake ID resembling the ID of the office staff and enters the restricted area by closely following an authorized person through a door that requires key access. Identify the type of attack performed by Jade in the above scenario. - tailgating implies accessing a building or secured area without the consent of the authorized person. It is the act of following an authorized person through a secure entrance, as a polite user would open and hold the door for those following them. - Tailgating is a social engineering technique in which the attacker executes malicious programs on a victim's computer or server, and when the victim enters any URL or domain name, it automatically redirects the victim's traffic to an attacker-controlled website. - Pharming