GSDC Ethical Hacking Foundation Certification Exam, Exams of Technology

The GSDC Ethical Hacking Foundation Certification Exam introduces ethical hacking and cybersecurity fundamentals. It covers threat landscapes, reconnaissance techniques, vulnerability identification, basic exploitation concepts, and legal and ethical considerations. This certification establishes a strong foundation for careers in cybersecurity and information security.

Typology: Exams

2025/2026

Available from 01/23/2026

shilpi-jain-2
shilpi-jain-2 🇮🇳

1

(1)

25K documents

1 / 93

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
GSDC Ethical Hacking Foundation Certification
Exam
**Question 1. Which component of the CIA triad primarily protects data from unauthorized
disclosure?**
A) Integrity
B) Availability
C) Confidentiality
D) Authentication
Answer: C
Explanation: Confidentiality ensures that information is only accessible to authorized
individuals, preventing unauthorized disclosure.
**Question 2. In the “Security, Functionality, and Usability” triangle, increasing security most
often reduces which other factor?**
A) Functionality
B) Cost
C) Usability
D) Compliance
Answer: C
Explanation: Enhancing security typically adds controls that can make systems harder to use,
thus reducing usability.
**Question 3. Which hacker type is motivated primarily by curiosity and does not seek personal
gain or cause damage?**
A) Black Hat
B) White Hat
C) Grey Hat
D) Script Kiddie
Answer: C
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c
pf2d
pf2e
pf2f
pf30
pf31
pf32
pf33
pf34
pf35
pf36
pf37
pf38
pf39
pf3a
pf3b
pf3c
pf3d
pf3e
pf3f
pf40
pf41
pf42
pf43
pf44
pf45
pf46
pf47
pf48
pf49
pf4a
pf4b
pf4c
pf4d
pf4e
pf4f
pf50
pf51
pf52
pf53
pf54
pf55
pf56
pf57
pf58
pf59
pf5a
pf5b
pf5c
pf5d

Partial preview of the text

Download GSDC Ethical Hacking Foundation Certification Exam and more Exams Technology in PDF only on Docsity!

Exam

Question 1. Which component of the CIA triad primarily protects data from unauthorized disclosure? A) Integrity B) Availability C) Confidentiality D) Authentication Answer: C Explanation: Confidentiality ensures that information is only accessible to authorized individuals, preventing unauthorized disclosure. Question 2. In the “Security, Functionality, and Usability” triangle, increasing security most often reduces which other factor? A) Functionality B) Cost C) Usability D) Compliance Answer: C Explanation: Enhancing security typically adds controls that can make systems harder to use, thus reducing usability. Question 3. Which hacker type is motivated primarily by curiosity and does not seek personal gain or cause damage? A) Black Hat B) White Hat C) Grey Hat D) Script Kiddie Answer: C

Exam

Explanation: Grey Hat hackers explore systems without permission, often exposing vulnerabilities without malicious intent. Question 4. The five phases of an ethical hacking engagement are commonly listed in which order? A) Scanning, Reconnaissance, Gaining Access, Maintaining Access, Covering Tracks B) Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks C) Gaining Access, Reconnaissance, Scanning, Maintaining Access, Covering Tracks D) Reconnaissance, Gaining Access, Scanning, Maintaining Access, Covering Tracks Answer: B Explanation: The standard methodology follows Reconnaissance → Scanning → Gaining Access → Maintaining Access → Covering Tracks. Question 5. Which regulation specifically governs the protection of personal health information in the United States? A) GDPR B) PCI‑DSS C) HIPAA D) SOX Answer: C Explanation: HIPAA (Health Insurance Portability and Accountability Act) sets standards for safeguarding PHI. Question 6. What is the primary purpose of a “Rules of Engagement” (RoE) document in a penetration test? A) Define the scope, timing, and legal boundaries of the test B) List all tools the tester may use

Exam

A) Nmap B) Maltego C) Metasploit D) Aircrack‑ng Answer: B Explanation: Maltego creates graphical link analyses of data such as emails, domains, and social media profiles. Question 10. Shodan is best described as a search engine for which of the following? A) Web pages B) Open source code repositories C) Internet‑connected devices and services D) Social media profiles Answer: C Explanation: Shodan indexes banners of internet‑exposed devices, allowing searches for specific services, versions, or vulnerabilities. Question 11. Which of the following is a passive host discovery technique? A) ICMP echo request (ping) sweep B SYN scan C ARP request broadcast on a local LAN D SNMP walk Answer: C Explanation: ARP requests on a local network do not generate traffic visible outside the LAN, making it a passive method for discovering live hosts.

Exam

Question 12. An Nmap scan using the “‑sS” option performs which type of scan? A) TCP connect scan B) SYN stealth scan C) UDP scan D) ACK scan Answer: B Explanation: “‑sS” sends SYN packets and analyzes responses without completing the TCP handshake, making it stealthier. Question 13. When Nmap reports a port as “filtered,” what does this indicate? A) The port is open and accepting connections B) The port is closed and actively rejecting traffic C) The scanner cannot determine the state because a firewall is blocking probes D) The service on the port is unknown Answer: C Explanation: “Filtered” means packet filtering (e.g., firewall) prevented Nmap from receiving a response. Question 14. Banner grabbing is most useful for determining which piece of information? A) The physical location of a server B) The exact operating system version and service software C) The number of users logged in D) The encryption keys used by the service Answer: B Explanation: Service banners often include version strings that reveal OS and application details.

Exam

Explanation: The VRFY command asks the server to verify whether a given mailbox exists, aiding enumeration. Question 18. SNMP community strings that are set to “public” represent which security issue? A) Encryption weakness B) Default credentials that allow read/write access C) Misconfigured firewall rule D) Vulnerable firmware version Answer: B Explanation: “public” is a default read‑only community; if left unchanged, attackers can query device information. Question 19. Which password cracking technique relies on pre‑computed hash tables to speed up the process? A) Brute‑force attack B) Dictionary attack C) Rainbow table attack D) Credential stuffing Answer: C Explanation: Rainbow tables store hash‑value mappings, allowing attackers to reverse hashes without recomputing each guess. Question 20. John the Ripper is primarily used for which type of security testing? A) Network scanning B) Web application fuzzing C) Password hash cracking

Exam

D) Wireless packet injection Answer: C Explanation: John the Ripper specializes in cracking password hashes using dictionary, brute‑force, and rule‑based methods. Question 21. Which Windows privilege escalation technique leverages insecure service permissions? A) DLL hijacking B) Pass‑the‑hash C) Unquoted service path D) Kernel driver exploit Answer: C Explanation: An unquoted service path allows an attacker to place a malicious executable in a location that will be executed with SYSTEM privileges. Question 22. In Metasploit, the “exploit/multi/handler” module is used for what purpose? A) Scanning target hosts for open ports B) Generating payloads only C) Listening for inbound connections from a payload D) Performing privilege escalation on the target Answer: C Explanation: The multi/handler module sets up a listener to receive a reverse shell or meterpreter session from a deployed payload. Question 23. Which type of malware replicates itself across a network without user interaction? A) Trojan

Exam

Question 26. When performing a man‑in‑the‑middle (MITM) attack on a LAN, which technique is most commonly used to redirect traffic? A) DNS poisoning B) ARP spoofing C) Port knocking D) VLAN hopping Answer: B Explanation: ARP spoofing sends falsified ARP replies, causing the victim’s MAC address table to point traffic through the attacker. Question 27. Wireshark’s “Follow TCP Stream” feature is primarily used to: A) Identify open ports on a host B) Reassemble and view the entire payload of a TCP conversation C) Perform a SYN scan D) Generate a packet capture file in pcap format Answer: B Explanation: “Follow TCP Stream” reconstructs the data exchanged in a TCP session, aiding analysis of protocols and payloads. Question 28. Which web server configuration mistake often leads to directory traversal vulnerabilities? A) Disabling SSL B) Enabling directory listing without restrictions C) Allowing “..” in URL paths without proper validation D) Using default index.html file Answer: C

Exam

Explanation: If the server does not sanitize “..” sequences, attackers can navigate to parent directories and access restricted files. Question 29. In the OWASP Top 10, which category addresses attacks that inject malicious code into a website’s database query? A) Broken Access Control B) Security Misconfiguration C) SQL Injection D) Cross‑Site Scripting (XSS) Answer: C Explanation: SQL Injection exploits improper handling of user‑supplied data in SQL statements. Question 30. Which XSS variant involves injecting malicious script that is stored on the server and served to every user who accesses the vulnerable page? A) Reflected XSS B) Stored XSS C) DOM‑based XSS D) Self‑XSS Answer: B Explanation: Stored XSS persists on the server (e.g., in a database) and is delivered to all visitors of the affected page. Question 31. Broken Access Control can allow an attacker to: A) Execute code on the client browser B) Bypass authentication and access privileged resources C) Overwrite DNS records

Exam

B) Brute‑force attack on the SSID C) Replay attack on authentication frames D) Man‑in‑the‑middle on data frames Answer: A Explanation: Aircrack‑ng captures the 4‑way handshake and then attempts a dictionary or brute‑force attack against the PSK. Question 35. Which of the following is NOT a typical step in the ethical hacking methodology? A) Reconnaissance B) Scanning C) Patch deployment D) Covering tracks Answer: C Explanation: Patch deployment is a defensive activity, not part of the offensive penetration testing process. Question 36. A “script kiddie” typically relies on: A) Zero‑day exploits they develop themselves B) Commercially available hacking tools and scripts without deep knowledge C) Social engineering to obtain credentials D) Physical access to servers Answer: B Explanation: Script kiddies use pre‑made tools and lack the skill to create their own exploits.

Exam

Question 37. Which GDPR principle requires that personal data be processed only for a specific, explicit, and legitimate purpose? A) Data minimization B) Purpose limitation C) Accuracy D) Integrity Answer: B Explanation: Purpose limitation ensures data is not used beyond the original, lawful intent. Question 38. PCI‑DSS Requirement 3 focuses on: A) Installing firewalls B) Encrypting transmission of cardholder data across open, public networks C) Maintaining a vulnerability management program D) Implementing strong access control measures Answer: B Explanation: Requirement 3 mandates encryption of cardholder data during transmission over open or public networks. Question 39. Which of the following best describes a “Suicide Hacker”? A) An attacker who self‑destructs the compromised system after exploitation B) A hacker who works for law enforcement C) A white‑hat who performs testing without permission D) An insider who leaks data for personal gain Answer: A Explanation: Suicide hackers deploy destructive payloads (e.g., wipers) that erase data or damage systems after gaining access.

Exam

Answer: A Explanation: Sending ICMP Echo Requests interacts directly with the target host, making it an active method. Question 43. Which Nmap timing template (‑T) provides the fastest scan while risking detection? A) ‑T0 (Paranoid) B) ‑T3 (Normal) C) ‑T4 (Aggressive) D) ‑T5 (Insane) Answer: D Explanation: ‑T5 speeds up scanning dramatically but generates a high volume of packets, increasing detection likelihood. Question 44. A “null session” attack on Windows targets which service? A) SMB B) NetBIOS C) RPC D) LDAP Answer: A Explanation: Null sessions exploit anonymous connections to the SMB service (named pipe \IPC$) to enumerate system information. Question 45. Which Linux command can be used to display the current iptables firewall rules? A) ipconfig B) netstat – r

Exam

C) iptables – L D) route – n Answer: C Explanation: “iptables – L” lists all configured firewall rules in the current filter table. Question 46. The term “pivoting” in post‑exploitation refers to: A) Moving laterally to other systems using the compromised host as a launch point B) Deleting logs on the initial target C) Encrypting stolen data before exfiltration D) Installing a backdoor for future access Answer: A Explanation: Pivoting uses the compromised machine to reach other network segments or hosts not directly reachable from the attacker. Question 47. Which hashing algorithm is considered broken and should not be used for password storage? A) SHA‑ 256 B) bcrypt C) MD D) Argon Answer: C Explanation: MD5 suffers from collisions and fast computation, making it vulnerable to rainbow table attacks. Question 48. In the context of web security, “CSRF” stands for: A) Cross‑Site Request Forgery

Exam

Question 51. Which of the following is a common indicator that a system has been compromised by a rootkit? A) Unexpected high CPU usage during idle periods B) Presence of unknown kernel modules loaded in memory C) Frequent password expiration prompts D) Disabled Windows Firewall Answer: B Explanation: Rootkits often load hidden kernel modules to conceal their activities; checking loaded modules can reveal anomalies. Question 52. In wireless security, what does the term “Evil Twin” refer to? A) A rogue access point mimicking a legitimate SSID to capture credentials B) A device that amplifies Wi‑Fi signals for better coverage C) A compromised client device that forwards traffic D) A Bluetooth device that interferes with Wi‑Fi Answer: A Explanation: An Evil Twin is a malicious AP broadcasting the same SSID as a trusted network to perform MITM attacks. Question 53. Which of the following best describes a “rainbow table” attack? A) Brute‑forcing every possible password combination B) Using pre‑computed hash‑value chains to reverse password hashes quickly C) Exploiting a buffer overflow in a web application D) Intercepting traffic with a packet sniffer Answer: B

Exam

Explanation: Rainbow tables store reduced hash chains, allowing rapid lookup of plaintext passwords from captured hashes. Question 54. The “principle of least privilege” dictates that users should be granted: A) All rights needed to perform any possible task B) Only the minimum permissions required to complete their job functions C) Administrator rights by default D) No permissions until explicitly requested Answer: B Explanation: Limiting privileges reduces the impact of compromised accounts and accidental misuse. Question 55. Which of the following is a typical sign of a successful SQL Injection attack? A) The web page returns a “500 Internal Server Error” after submitting input B) The application redirects to a login page C) The attacker receives database dump data in the response body D) The browser displays a JavaScript alert box Answer: C Explanation: Exploiting SQLi can cause the application to output query results, such as a full database dump. Question 56. Which tool is commonly used for automated web application vulnerability scanning and includes an OWASP Top 10 rule set? A) Nmap B) Burp Suite Professional C) Aircrack‑ng