



















































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
Ethical Hacking Essentials Exam Prep Questions
Typology: Exams
1 / 59
This page cannot be seen from the preview
Don't miss anything!




















































The assurance that the systems responsible for delivering, storing, and processing information are accessible when required by authorized users is referred to by which of the following elements of information security? A. non-repudiation B. integrity C. confidentiality D. availability - ANSWER - D. availability Identify the element of information security that refers to the quality of being genuine or uncorrupted as a characteristic of any communication, documents, or any data. A. integrity B. authenticity C. availability D. confidentiality - ANSWER - B. authenticity Mark, a professional hacker, targets his opponent's website. He finds susceptible user inputs, injects malicious SQL code into the database, and tampers with critical information. Which of the following types of attack did Mark perform in the above scenario? A. close-in attack B. passive attack C. insider attack D. active attack - ANSWER - D. active attack Ruby, a hacker, visited her target company disguised as an aspiring candidate seeking a job. She noticed that certain sensitive documents were thrown in the trash near an employee's desk. She collected these documents, which included critical information that helped her to perform further attacks. Identify the type of attack performed by Ruby in the above scenario. A. close-in attack B. passive attack C. insider attack D. active attack - ANSWER - A. close-in attack James, a malware programmer, intruded into a manufacturing plant that produces computer peripheral devices. James tampered with the software inside devices ready to be delivered to clients. The tampered program creates a backdoor that allows unauthorized access to the systems. Identify the type of attack performed by James in the above scenario to gain unauthorized access to the delivered systems. A. directory traversal attack B. distribution attack C. phishing attack D. replay attack - ANSWER - B. distribution attack Williams, an employee, was using his personal laptop within the organization's premises. He connected his laptop to the organization's internal network and began eavesdropping on the communication between other devices connected to the internal network. He sniffed critical information such as login credentials and other confidential data passing through the network. Identify the type of attack performed by Williams in the above scenario. A. phishing attack
B. SQL injection attack C. insider attack D. replay attack - ANSWER - C. insider attack Jack is working as a malware analyst in an organization. He was assigned to inspect an attack performed against the organization. Jack determined that the attacker had restricted access to the main computer's files and folders and was demanding an online payment to remove these restrictions. Which of the following type of attack has Jack identified in the above scenario? A. phishing B. sniffing C. ransomware D. botnet - ANSWER - C. ransomware Identify the type of attack vector that focuses on stealing information from the victim machine without its user being aware and tries to deliver a payload affecting computer performance. A. ATP attack B. botnet C. insider attack D. phishing - ANSWER - A. ATP attack Andrew, a professional hacker, drafts an email that appears to be legitimate and attaches malicious links to lure victims; he then distributes it through communication channels or mails to obtain private information like account numbers. Identify the type of attack vector employed by Andrew in the above scenario. A. botnet B. phishing C. ransomware D. insider attack - ANSWER - B. phishing Identify the insider attack wherein the miscreant can easily bypass security rules by using privileged access and cause a threat to the organization's information systems. A. SQL injection B. directory traversal attack C. pod slurping D. XSS attack - ANSWER - C. pod slurping Which of the following acts defines legal prohibitions against circumvention of the technological protection measures employed by copyright owners to protect their works and against the removal or alteration of copyright management information? A. HIPAA B. DMCA C. DPA D. PCI/DSS - ANSWER - B. DMCA An organization located in Europe maintains a large amount of user data by following all the security-related laws. It also follows GDPR protection principles, one of which states that the organization should only collect and process data necessary for the specified task. Which of the following GDPR protection principle is discussed in the above scenario? A. accuracy B. purpose limitation C. lawfulness, fairness, and transparency D. data minimization - ANSWER - D. data minimization
John has performed in the above scenario. A. reconnaissance B. delivery C. exploitation D. installation - ANSWER - B. delivery Clara, a security professional, while checking the data feeds of the domains, detects downloaded malicious files and unsolicited communication with the outside network based on the domains. Which of the following adversary behaviors was detected by Clara? A. internal reconnaissance B. unspecified proxy activities C. HTTP user agent D. use of web shell - ANSWER - B. unspecified proxy activities James, a professional hacker, successfully penetrated the target's network and now wants to gather as much information as possible. To achieve this, he uses a technique that can collect and combine as much information as possible, including business tactics of the organization, financial information, and network infrastructure information. Which of the following techniques was used by James in the above scenario? A. HTTP user agent B. use of web shell C. use of powershell D. data staging - ANSWER - D. data staging John, a professional hacker, was hired by a government agency to penetrate, gain top-secret information from, and damage other government agencies' information systems or networks. Based on the above scenario, which of the following classes of hacker does John fall in? A. cyber terrorists B. state-sponsored hackers C. hacker teams D. industrial spies - ANSWER - B. state- sponsored hackers Lionel, a professional hacker motivated by political beliefs, plans to employ various techniques to create fear of large-scale disruption of computer networks. Which of the following types of threat actors does Lionel belong to in the above scenario? A. cyber terrorists B. script kiddies C. state-sponsored hackers D. industrial spies - ANSWER - A. cyber terrorists Which of the following types of threat actors helps both hackers find various vulnerabilities in a system and vendors improve products by checking limitations to make them more secure? A. gray hats B. white hats C. black hats D. organized hackers - ANSWER - A. gray hats Identify the type of threat actors that include groups of individuals or communities involved in organized, planned, and prolonged criminal activities and who exploit victims from distinct jurisdictions on the Internet, making them difficult
to locate. A. industrial spies B. black hats C. insiders D. criminal syndicates - ANSWER - D. criminal syndicates Which of the following type of hackers are unskilled individuals who compromise systems by running tools or software developed by other professional hackers? A. suicide hackers B. script kiddies C. hacktivists D. black hats - ANSWER - B. script kiddies Given below are the various phases of hacking.
Which of the following Google advanced search operators displays websites that are similar to the URL specified? A. info B. related C. allinurl D. cache - ANSWER - B. related Which of the following tools includes scanners such as comprehensive security scanners and port scanners and provides information such as NetBIOS names, configuration info, open TCP and UDP ports, transports, and shares? A. TorBrowser B. Netcraft C. MegaPIng D. ShellPhish - ANSWER - C. MegaPing Identify the Nbtstat parameter that displays a count of all names resolved by a broadcast or WINS server. A. - r B. - c C. - R D. - S - ANSWER - A. - r Given below is the syntax of the nbtstat command. nbtstat [-a RemoteName] [-A IP Address] [-c] [-n] [-r] [-R] [-RR] [-s] [-S] [Interval] Which of the following Nbtstat parameters in the above syntax purges the name cache and reloads all #PRE-tagged entries from the Lmhosts file? A. - R B. - r C. - s D. - RR - ANSWER - A. - R Identify the Nbtstat parameter that lists the contents of the NetBIOS name cache, the table of NetBIOS names, and their resolved IP addresses. A. - R B. - r C. - S D. - c - ANSWER - D. - c Jack, a professional hacker, was recruited by an agency to steal sensitive data from a rival company. From a remote location, he discovered vulnerabilities in the target company's network using a vulnerability scanner. He exploited them to intrude into the network and steal confidential data. Identify the threat source exploited by Jack in the above scenario. A. unintentional threats B. natural threats C. external threats D. internal threats - ANSWER - C. external threats Elon, a disgruntled employee with access to sensitive data, intends to damage the organization's reputation. He shares all the critical information and blueprints with the competitor and benefits financially. Identify the threat source in the above scenario. A. external threat B. natural threat
C. internal threat D. unintentional threat - ANSWER - C. internal threat Sam, a new employee at an organization, received a phishing mail from an unauthorized source on his official email ID. As Sam was not trained on email security, he opened the email and clicked on the malicious link within the email, allowing the attacker to gain backdoor access to the office network. Identify the threat source in the above scenario. A. structured external threats B. natural threats C. unintentional threats D. external threats - ANSWER - C. unintentional threats James, a student, was curious about hacking. Although he does not possess much knowledge about the subject, he initiated a DoS attack on a website using freely available tools on the Internet. As the website already has some sort of security controls, it detected unusual traffic and blocked James's IP address. Which of the following types of threat sources is discussed in the above scenario? A. structured external threats B. natural threats C. unstructured external threats D. unintentional threats - ANSWER - C. unstructured external threats Daniel, an employee working from home, was assigned a task to complete within a half-day, but due to frequent power failures at his residential area, he failed to accomplish the task. Which of the following threats was demonstrated in the above scenario? A. natural threats B. internal threats C. unstructured external threats D. structured external threats - ANSWER - A. natural threats Mark, a professional hacker, scanned the target system to check for running services or open ports. After successful scanning, he discovered an open FTP port, exploited it to install malware, and performed malicious activities on the victim system. In which of the following ways did Mark installed malware in the victim system? A. file sharing services B. insecure patch management C. email attachments D. rogue/decoy applications - ANSWER - A. file sharing services Joe, a professional hacker, initiated an attack against Bob by tricking him into downloading a free software program embedded with a keylogger labeled as trusted. As the program was labeled trusted, the antivirus software installed on Bob's system failed to identify it as malicious software. As a result, the malicious software recorded all the key strokes entered by Bob and transmitted them to Joe. Identify the application Joe employed in the above scenario to lure Bob into installing malicious software. A. insecure patch management B. instant messenger applications C. email attachments
D. drive-by downloads - ANSWER - D. drive-by downloads Identify the malware component that compresses the malware file by using compression techniques to convert the code and data of the malware into an unreadable format. A. obfuscator B. injector C. dropper D. packer - ANSWER - D. packer Which of the following malware components performs the desired activity when activated and is used to delete or modify files to compromise system security? A. dropper B. payload C. downloader D. crypter - ANSWER - B. payload Eyan, a professional hacker, developed malicious code that contains a sequence of commands that can take advantage of a bug or vulnerability in a digital system or device. He used the malicious code to spy on information, install malware, and compromise system security. Identify the component of the malware developed by Eyan in the above scenario. A. droppery B. crypter C. downloader D. exploit - ANSWER - D. exploit Which of the following port numbers is used by the trojan "Telecommando" to perform malicious activities on the target machine? A. 4590 B. 54321 C. 61466 D. 65000 - ANSWER - C. 61466 Identify the trojan that uses port number 443 to infect the target systems and propagate malicious software to other systems. A. shamoon B. remote grab C. WannaCry D. emotet - ANSWER - D. emotet Which of the following port numbers is used by trojans such as Silencer and WebEx? A. 1177 B. 1011 C. 1001 D. 1170 - ANSWER - C. 1001 Irin is a security professional in an organization. The organization instructed her to investigate a security incident that exposed critical information such as credit card/debit card details, account holder name, and CVV number. While investigating the incident, Irin found that the systems are infected with financial fraudulent malware that targeted the payment equipment. Identify the type of malware detected by Irin in the above scenario. A. point-of-sale trojans B. rootkit trojans C. backdoor trojans D. service protocol trojans - ANSWER - A.
point-of-sale trojans Which of the following types of trojan tricks regular computer users into downloading trojan- infected files to their systems through URL redirection and, post-download, connects back to the attacker using IRC channels? A. defacement trojans B. e-banking trojans C. botnet trojans D. rootkit trojans - ANSWER - C. botnet trojans Serin, a professional hacker, injected a backdoor into a target system that specifically attacked the root or system OS. When the backdoor is executed, he will obtain administrator-level access to the target system. Identify the type of malware utilized by Serin in the above scenario. A. point-of-sale trojans B. service protocol trojans C. e-banking trojans D. rootkit trojans - ANSWER - D. rootkit trojans Which of the following types of trojan uses port number 445 to infect the target system entry and exit points for application traffic? A. shamoon B. WannaCry C. hackers paradise D. Mspy - ANSWER - B. WannaCry Given below are various stages involved in the virus lifecycle.
replicate, execute, and spread across network connections independent of human intervention? A. botnet B. trojans C. worms D. keyloggers - ANSWER - C. worms Which of the following PUAs compel users to download large files to download unwanted programs with peer-to-peer file sharing features? A. adware B. marketing C. torrent D. cryptomining - ANSWER - C. torrent Which of the following fileless propagation techniques involves exploiting pre-installed tools in Windows OS such as PowerShell and Windows Management Instrumentation (WMI) to install and run malicious code? A. native applications B. phishing emails C. registry manipulation D. malicious websites - ANSWER - A. native applications Identify the type of vulnerabilities exploited by an attacker before they are identified and patched by the developers. A. open services B. zero-day vulnerabilities C. legacy platform vulnerabilities D. buffer overflow vulnerabilities - ANSWER - B. zero-day vulnerabilities Identify the type of software vulnerability that occurs due to coding errors and allows the attackers to gain access to the target system. A. unpatched servers B. open services C. misconfiguration D. buffer overflow - ANSWER - D. buffer overflow Steve, a forensic expert, was appointed to evaluate an attack initiated on the organization's network. He performed an overall assessment of the network to identify the cause. During this process, he identified outbound connections to Internet services and a few applications running with debugging enabled. Which following category of vulnerabilities did Steve identify in the above scenario? A. misconfiguration B. operating system flaws C. design flaws D. buffer overflows - ANSWER - A. misconfiguration Rogers, an administrator, has installed new software on an employee's system and forgot to change the credentials provided by the software vendor. Robert, an attacker, on the other hand, browsed an online resource to obtain credentials provided by the software vendor and used those credentials to gain remote access to the employee's system to steal valuable data. Identify the type of vulnerability demonstrated in the above scenario. A. IP protocol vulnerabilities B. default password and settings C. TCP protocol vulnerabilities D. operating system vulnerabilities -
ANSWER - B. default password and settings A computer user was trying to read the latest news articles from a popular website, but the user was prevented from accessing the resources of the website as certain underlying vulnerabilities in the webpage allowed an attacker to inject fake requests into the network; as a result, the server stopped responding to legitimate user requests. What is the impact caused due to vulnerabilities in the above scenario? A. denial of service B. information disclosure C. privilege escalation D. remote code execution - ANSWER - A. denial of service Identify the severity of CVSS v3.0 ratings with a base score range of 9.0-10. A. medium B. critical C. high D. low - ANSWER - B. critical Identify the metric used in CVSS assessment that represents the features that continue to change during the lifetime of the vulnerability. A. environmental metric B. impact metric C. base metric D. temporal metric - ANSWER - D. temporal metric Which of the following is a U.S. government repository of standards-based vulnerability management data and enables the automation of vulnerability management, security measurement, and compliance? A. National Vulnerability Database (NVD) B. Common Vulnerabilities and Exposures (CVE) C. Common Weakness Enumeration (CWE) D. Common Vulnerability Scoring System (CVSS) - ANSWER - A. National Vulnerability Database (NVD) Identify the type of vulnerability assessment where the chances of finding the vulnerabilities related to OS and applications are higher, and it is highly unclear who owns the assets in large enterprises. A. credentialed assessment B. network-based assessment C. distributed assessment D. non-credentialed assessment - ANSWER - A. credentialed assessment James, a professional pen tester, was appointed by an organization to perform a vulnerability assessment on server systems. James conducted a configuration-level check to identify system configurations, user directories, and file systems to evaluate the possibility of compromise for all the systems. Identify the type of vulnerability assessment James performed in the above scenario. A. database assessment B. host-based assessment C. application assessment D. network-based assessment - ANSWER - B. host-based assessment
attack Which of the following malware masks itself as a benign application or software that initially appears to perform a desirable or benign function but steals information from a system? A. worm B. virus C. keylogger D. trojan - ANSWER - D. trojan Which of the following attacks is launched either by stealing the ST/TGT from an end-user machine and using it to disguise the attackers as valid users or by stealing the ST/TGT from a compromised AS? A. pass-the-hash B. dictionary attack C. pass-the-ticket D. password guessing - ANSWER - C. pass-the-ticket Timberly, a professional hacker, targeted a Windows machine to leverage the Kerberos authentication mechanism to manipulate its services. Timberly compromised the machine of an end-user who was trying to access the target machine's services and stole their ST/TGT to masquerade as a valid user. Using the stolen TGT, Timberly gained unauthorized access to the network services of the target machine. Identify the type of attack performed by Timberly in the above scenario. A. pass-the-ticket B. wire sniffing C. brute-force attack D. pass-the-hash - ANSWER - A. pass-the- ticket Lucifer, a professional hacker, targeted an organization for certain financial benefits. He employed a technique that sniffs out credentials during transit by capturing Internet packets from the target network. Using this technique, Lucifer gained passwords to rlogin sessions. Identify the type of attack performed by Lucifer in the above scenario. A. hash injection B. wiretapping C. keyloggers D. pass-the-ticket - ANSWER - B. wiretapping Melvin, an attacker, targeted an administrator of the targeted organization to gain unauthorized access to its server machine. He created a lookup file containing precomputed hashes of the password previously obtained using brute-force attempts. He compared these hashes with the administrator credentials and discovered a match to access the server. Identify the attack technique implemented by Melvin in the above scenario. A. keyloggers B. rainbow table attack C. pass-the-ticket attack D. wiretapping attack - ANSWER - B. rainbow table attack Given below are different steps involved in password guessing.
4 John, a professional hacker, targeted an employee of an organization to intrude and gain access to the corporate network. He employed a sniffer to capture packets and authentication tokens between the employee and the organization's server. After extracting relevant information, he transmitted the captured tokens back to the server to gain access as a legitimate user. Identify the type of attack performed by John in the above scenario. A. rainbow table attack B. brute-force attack C. LLMNR/NBTT-NS poisoning D. replay attack - ANSWER - D. replay attack Identify the type of password attack that does not require any technical knowledge about hacking or system exploitation. A. non-electronic attack B. active online attack C. offline attack D. passive online attack - ANSWER - A. non-electronic attack Moses recently purchased an HP laptop to fulfill
his business needs, and he did not change the default password of the laptop set by the manufacturer. Clark, a disgruntled employee working with Moses, decided to steal critical business information from his laptop. Clark used an online tool to obtain the default password to access the target laptop successfully. Identify the online tool employed by Clark to search default passwords. A. https://www.intelius.com B. https://www.hoovers.com C. https://www.exploit-db.com D. https://www.open-sez.me - ANSWER - D. https://www.open-sez.me Identify the password cracking tool that helps attackers to gain unauthorized access to the system or network. A. MegaPing B. THC Hydra C. Nmap D. web data extractor - ANSWER - B. THC Hydra Malcolm, a professional hacker, is attempting to access an organization's systems remotely. For this purpose, he used a tool to recover the passwords of the target system and gain unauthorized access to critical files and other system software. Identify the tool used by Malcolm to crack the passwords of the target system. A. OllyDbg B. Dependency Walker C. BeRoot D. hashcat - ANSWER - D. hashcat
dictionary - ANSWER - D. do not use passwords that can be found in a dictionary Which of the following practice can help security teams defend the application against password cracking attempts? A. use passwords that can be found in a dictionary B. disable account lockout with a certain number of attempts C. allow the display of passwords onscreen D. ensure that applications neither store passwords to memory nor write them to disk - ANSWER - D. ensure that applications neither store passwords to memory nor write them to disk Which of the following practices can make devices or networks vulnerable to password cracking attempts? A. using different passwords that the time of password change B. using a random string (salt) as a password prefix or suffix before performing encryption C. using the system's default passwords D. using passwords that are not available in the dictionary - ANSWER - C. using the system's default passwords Rocky, a professional hacker, targets an organization to perform a social engineering attack. He impersonated a legitimate employee of the company and requested the receptionist to send him important documents, as his files had been corrupted and he was required to send them immediately to the client. Which of the following vulnerable behaviors was showcased by Rocky in the above scenario? A. scarcity B. greed C. intimidation D. familiarity - ANSWER - C. intimidation John, a threat actor, called up Johana, the IT help desk member of the targeted organization, and informed her that Mr. Tibiyani was about to give a presentation to customers but he could not open his files as they were corrupted and that Mr. Tibiyani requested him to call and ask her to send the files to him as soon as possible to start the presentation. Identify the social engineering context created by the attacker in the above scenario. A. consensus proof B. intimidation C. scarcity D. social proof - ANSWER - B. intimidation Don, a professional hacker, telephoned Bob and claimed to be a network administrator in the target organization. Don informed Bob about a security incident in the network and asked him to provide his account credentials to secure his data. After obtaining these credentials, Don retrieved sensitive information from Bob's account. Which of the following vulnerable behaviors was showcased by Don in the above scenario? A. authority B. liking C. familiarity D. social proof - ANSWER - A. authority Given below are different phases of social
engineering attacks.