01- Intro to Ethical Hacking QUIZ

Question 1

This term is not used in hacking circles.
A. Vulnerabilities
B. Exploits
C. Integrity
D. Zero-day attack

Answer 1

Answer: C

Integrity is one of the key principles in the CIA triad. It ensures that only authorized persons edit the data.

Question 2

Hackers and ethical hackers use the same tools and techniques.
True
False

Answer 2

Answer: True
Hackers and Ethical hackers use the same tools and techniques, but differ in consent. Ethical hackers do not exploit weaknesses
and reveal all the information about the potential vulnerabilities of the system to the admin. Hackers gain unauthorized access
and can cause damage.

Question 3

If it is legal and within the scope of the project, the pen tester can undertake war dialing to detect
listening modems and war driving to discover vulnerable access points.
True
False

Answer 3

Answer: True
If it is legal and within the scope of the project, then the pen tester can undertake war dialing to detect listening modems and
war driving to discover vulnerable access points.

Question 4

Ethical hacking cannot:
A. Perform security analysis
B. Prioritize threats
C. Test resources
D. Exploit vulnerabilities

Answer 4

Answer: D
Ethical hacking focuses on improving security by identifying the weaknesses and vulnerabilities of the system. In contrast to
unethical hacking, the ethical hackers do not exploit the flaw; they reveal all the information to the users.

Question 5

A hacker needs to be a good programmer as many hacking software programs have ready-made
exploits that can be launched against a computer system or network. Identify the uses of exploits.
(Choose all that apply.)
A. Initial attack
B. Expose vulnerability
C. Steal data
D. Gain privilege escalation

Answer 5

Answer: A, B, and D
Hackers concentrate on exploits to open the doors to an initial attack. Exploits are pieces of software used to detect the
vulnerabilities of a system. The ethical hacker will update the admin with the latest discovered vulnerabilities. The exploits take
advantage of a bug to gain unauthorized access to the system and privilege escalation to intrude into the system.

Question 6

Which of the following is not the key term of the CIA triad?
A. Exploits
B. Availability
C. Confidentiality
D. Integrity

Answer 6

Answer: A
Confidentiality, integrity, and availability are the basic tenets of information system security and are the key terms of the CIA
triad.

Question 7

Identify the key principle in the CIA triad that prevents denial-of-service (DoS) attacks.
A. Integrity
B. Availability
C. Confidentiality

Answer 7

Answer: B
Availability is ensured by performing all the hardware maintenance, updating software to the current version, and providing adequate communication bandwidth.

Question 8

Confidentiality makes use of: (Choose all that apply.)
A. Data encryption
B. User IDs and passwords
C. Backup copies
D. Necessary system upgrades

Answer 8

Answer: A and B
Data encryption is one of the common methods to ensure confidentiality. A number of security protocols work in conjunction
with the SSL/TLS to ensure security of data over the Internet. Use of user IDs and passwords constitute a standard procedure to
ensure confidentiality.

Question 9

A vulnerability with one or more known instances of working and fully implemented attacks is
classified as:
A. Exploitable vulnerability
B. Window of vulnerability
C. Attack surface

Answer 9

Answer: A
A vulnerability with one or more known instances of working and fully implemented attacks is classified as an exploitable
vulnerability.

Question 10

From discovery until disclosure, it is a:
A. Black risk
B. White risk
C. Gray risk

Answer 10

Answer: A

From discovery until disclosure of a vulnerability, the black hats use their skill for malicious purposes.

Question 11

Who are self-proclaimed ethical hackers?
A. Black hat hackers
B. White hat hackers
C. Gray hat hackers

Answer 11

Answer: C
Gray hackers are self-proclaimed ethical hackers. The nature of behavior depends on the situations and can be sometimes
offensive or defensive.

Question 12

Choose the one that doesn’t belong.
A. Zero-day attacks
B. Natural threat
C. Exploits
D. Malware

Answer 12

Answer: B
As the name implies, natural threats can be any disaster caused by nature. It can be a flood or hurricane, causing impact on the
availability of the systems.

Question 13

Identify the term not associated with confidentiality.
A. User IDs & passwords
B. EMP
C. SSL/TLS
D. Biometrics

Answer 13

Answer: B

EMP, or electromagnetic pulse, is related with integrity to ensure that only authorized persons access the data.

Question 14

What is the primary goal of using exploits?
A. Gain low-level access, escalate privileges repeatedly, and reach the root
B. Unauthorized data access
C. DoS
D. Superuser-level access

Answer 14

Answer: A
The main goal of exploits is to gain low-level access to the system. After gaining low-level access, it escalates the privilege
repeatedly until the hacker reaches the root.

Question 15

The hackers who hack with permission from the data owner are known as:
A. Gray risk hackers
B. Black risk hackers
C. White risk hackers

Answer 15

Answer: C
White risk hackers are ethical hackers, who use their knowledge to find out the vulnerabilities in the computer system and help
in the implementation of countermeasures.

Question 16

For implementing the defense-in-depth strategies on the data layer, you could have:
A. Firewalls
B. Encryption
C. HIDS
D. Antivirus

Answer 16

Answer: B

Encryptions and ACL are used in the data layer.

Question 17

Which is the conventional approach to penetration testing?
A. External testing
B. Internal testing

Answer 17

Answer: A
External penetration testing is the conventional approach to penetration testing that focuses on the servers, infrastructure, and
underlying software pertaining to the target. No prior knowledge of the site or full disclosure of the topology and environment
are required to perform this test.

Question 18

Name the penetration test in which the pen testers have partial knowledge or information about the
system and environment.
A. White-box testing
B. Gray-box testing
C. Black-box testing

Answer 18

Answer: B
The pen tester conducts the tests with limited or partial knowledge about infrastructure, defense mechanism, and
communication channels of the target.

Question 19

In black-box testing, the pen testers choose to undertake black-hat testing to: (Choose all that apply.)
A. Minimize false positives
B. Simulate real-world attacks
C. Simulate an inside attacker who has full privileges
D. Simulate attacks performed by an insider or outsider with limited access privileges

Answer 19

Answer: A and B
The black hat testers carry out the test with no prior information about the infrastructure of the system to minimize false
positives. Before analysis, they determine the location and extent of the systems. The black hat testers will get no assistance
from the client and begins tests to simulate real-world attacks and reduce false positives.

Question 20

The following are true about a penetration tester, except:
A. Follows a strict code of ethics
B. Gets authorization before testing
C. Attempts to exploit vulnerabilities
D. Presents a detailed report

Answer 20

Answer: C

When a hacker attempts to exploit vulnerabilities, the penetration tester attempts to correct vulnerabilities.

Question 21

A malicious hacker: (Choose all that apply.)
A. Tries to bypass the logs
B. Will follow techniques that will not cause any damage
C. Attempts to correct vulnerabilities
D. Does not follow a code of ethics

Answer 21

Answer: A and D
A malicious hacker will always attempt to bypass all the logs in order to remain undetected. In contrast, a pen tester will submit all logs
and reports to the organization. Only a pen tester follows a code of ethics; not a hacker.

Question 22

Which is not a step in penetration testing methodology?
A. Footprinting
B. Scanning
C. Security analysis
D. Enumeration

Answer 22

Answer: C
Evaluation of security levels is a method in penetration testing, which helps the tester to determine the vulnerabilities related
to hardware and software.

Question 23

In ethical hacking, if you fail to penetrate into a system/network, then:
A. Try a denial-of-service attack
B. Try to elevate your privileges
C. Try to become an admin
D. Try to alter data

Answer 23

Answer: A

If you fail to penetrate into a system/network, then think like a hacker and carry out a denial-of-service attack.

Question 24

Choose the one which does not fall into the category of network attacks:
A. Sniffing
B. ARP poisoning
C. MiTM
D. Authorization

Answer 24

Answer: D

Authorization is a type of application attack in which the authorization process is exploited.

Question 25

To exploit vulnerability, an attacker need not have an applicable tool or technique that can connect to
a system weakness.
True
False

Answer 25

Answer: False
To exploit vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness.
In such cases, the vulnerability is also known as the attack surface.

Question 26

Script kiddies are related to zero-day exploits.
True
False

Answer 26

Answer: True
The primary desire of unskilled attackers is to obtain access to zero-day exploits. Such unskilled attackers are nicknamed Script Kiddies.

Question 27

Multiple implementations of the same basic security tool is a layered approach.
True
False

Answer 27

Answer: False
Multiple implementations of the same basic security tool is not a layered approach. Layered security is about multiple types of security measures, each protecting against a different vector of attack.

Question 28

A hacker who targets an organization’s network to gain unauthorized access, and a professional
penetration tester are different.
True
False

Answer 28

Answer: True
A professional penetration tester will have the concern of the owner to access the organization network and use his skills to improve the security, without causing any loss or damage. A hacker will have malicious intentions and may cause damage to the network.

Question 29

A gray hat hacker always hacks the system for offensive purposes.
True
False

Answer 29

Answer: False
Grey hackers use their skill for both offensive and defensive purposes, whereas a black hacker uses their knowledge to gain unauthorized access to the system for offensive purposes only. A white hacker always hacks the systems with good intentions.

Question 30

The implementation of the Incident Management process derives benefits for its IT services only.
True
False

Answer 30

Answer: False

The implementation of the Incident Management process derives benefits for both its IT services and business.

Question 31

Buffer overflow is a type of Host/OS attacks.
True
False

Answer 31

Answer: False

Buffer overflows, SQL injection, and authentication are some of the types of application attacks.