Explore Online Courses
Free Courses
Hire from us
Become an Instructor
Reviews
All Courses
Submit
Submit
Take the Free Practice Test
Free Practice Test
Instructions:
FREE test and can be attempted multiple times.
60 Minutes
30 Multiple Choice Questions
Fill in the Details to Get Started
Select your preference
Self-learning and knowledge validation
Completed a course & revising
Just curious
By providing your contact details, you agree to our
Terms of Use
&
Privacy Policy
Welcome to your Ethical Hacking Quiz
DMCA stands for __
Digital Machine Copyright Act
Digital Millennium Copyright Act
Digital Management Copyright Act
Digital Malware Copyright Act
Which of the following is NOT an Adversary Behavior?
Use of Power Shell
Use of Windows File Explorer
Data Staging
Use of DNS Tunneling
IA refers to the assurance that the integrity, availability, _________, and authenticity of information and information systems is protected.
confidentiality
quality
meaning
quantity
What phase of Ethical Hacking comes after Footprinting and Scanning?
Reconnaissance
Clearing Tracks
Maintaining Access
Gaining Access
Close-in attacks are performed when the attacker is in close physical proximity with the target system or network in order to gather, modify, or ___
intentionally cause a threat to the organization’s information or information systems
disrupt the communication or services between the systems to bypass or break into secured systems
disrupt access to information
tamper with hardware or software prior to installation
Infoga is used for ___
gathering email account information (IP, hostname, country, etc.)
gathering web server details (IP, backend, database, etc.)
gathering packet header information
gathering server owner information
Footprinting is also known as ____
Reconnaissance
Social Engineering
Scanning
Assessment
Traceroute is used to ____
discover the hosts the IP packet has been sent to
discover the network architecture
trace back the routers the packet has passed through
trace the switches the packet has passed through
In extracting DNS information, MX record type points to ___
Points to host’s name server
Points to domain’s mail server
Service records
Indicate authority for a domain
Which of the following tools can be used for footprinting?
Nmap
HOIC
Wireshark
netcraft
ServerMask is used to prevent __
Network Topology reveal
Personal Information reveal
Operating System reveal
MAC reveal
What is the size of the 'Source Port' in a TCP Header?
64 bit
32 bit
16 bit
8 bit
What is Banner Grabbing?
Network discovery
Server discovery
Database discovery
OS discovery
Proxy Chaining is used for?
Faster target access
Maintaining anonymity
Increasing packet integrity
Faster network scanning
Which of the following is NOT a Scanning Tool for Mobile?
IP Scanner
Fing
Nmap
Network Scanner
What does 'ntpdc' command do?
Monitors NTP daemon (ntpd) operations and determines performance
Traces a chain of NTP servers back to the primary source
Monitors operation of the NTP daemon
Monitors NTP traceback route
GetNextRequest is used ___
by an SNMP agent to satisfy a request made by the SNMP manager
by the SNMP manager continuously to retrieve all the data stored in an array or table
by the SNMP manager to modify the value of a parameter within an SNMP agent’s management information base (MIB)
by an SNMP agent to inform the pre-configured SNMP manager of a certain event
What is TCP/UDP 53 port for?
Microsoft RPC Endpoint Mapper
SMB over TCP (Direct Host)
DNS Zone Transfer
Network File System (NFS)
DNS cache snooping is a DNS enumeration technique?
where attackers use DNSRecon to check all NS records of the target domain for zone transfers
whereby an attacker downloads the DNS information to get access to saved passwords
where the attacker uses the DNS cache to send determine number of hosts on a network
whereby an attacker queries the DNS server for a specific cached DNS record
In Linux/Unix systems, 'rusers' displays _______
a list of users who are logged on to remote machines or machines on local network
information about system users, such as login name, real name, terminal name, idle time, login time, office location, and office phone numbers
a list of users currently disconnected from the local network
information about system users, such as login name, real name, terminal name, idle time, login time, office location, and office phone numbers
Which of the following is NOT a use case for Vulnerability Research?
To gather information concerning security trends, threats, attack surfaces, attack vectors and techniques
To know how to recover from a network attack
To gather information about the identity of potential attackers
To know how to recover from a network attack
What is Host-based Vulnerability Assessment?
Conducts a configuration-level check to identify system configurations, user directories, file systems, registry settings, etc., to evaluate the possibility of compromise
Uses a network scanner to find hosts, services, and vulnerabilities
Tests and analyzes all elements of the web infrastructure for any misconfiguration, outdated content, or known vulnerabilities
Assesses the network from a hacker's perspective to discover exploits and vulnerabilities that are accessible to the outside world
What is NOT detected a Vulnerability Scanner?
Open ports and running services
Network vulnerabilities
Application and services configuration errors
Malwares
What is Nessus?
Scans, detects, assesses, and rectifies security vulnerabilities in a network and connected devices
An assessment solution for identifying the vulnerabilities, configuration issues, and malware
A cloud-based service that offers immediate global visibility into IT system areas that might be vulnerable to the latest Internet threats and how to protect them
A web server assessment tool that examines a web server to discover potential problems and security vulnerabilities
A vulnerability assessment report consists of _________
Scan information, Target information, Results, Target, Services, Classification, Assessment
Scan information, Host Information, Target Information, Tool Used, Classification, Assessment
Host information, Target information, Results, Target, Services, Classification, Assessment
Penetration test cases, Host Information, Target Information, Tool Used, Classification, Assessment
Fuzzing ________________________
allows attackers to send crafted TCP or UDP packets to the vulnerable server in order to make it crash
helps attackers to identify buffer overflow vulnerabilities in the target applications
allows attackers use the Metasploit framework pattern_create and pattern_offset ruby tools to identify the offset and exact location where the EIP register is being overwritten
allows attackers to send a large amount of data to the target server so that it experiences buffer overflow and overwrites the EIP register
What is NOT a part of Windows Buffer Overflow Exploitation?
Performing Spiking
Generate Shellcode
Storing Cache Information
Overwrite the EIP register
What is the correct order of System Hacking according to CEH Hacking Methodology (CHM)?
Gaining Access, Maintaining Logs, Escalating Privileges and Clearing Tracks
Escalating Privileges, Scanning, Gaining Access, Maintaining Access and Clearing Tracks
Gaining Access, Escalating Privileges, Maintaining Access and Clearing Logs
Footprinting, Scanning, Maintaining Logs, Gaining Access and Clearing Logs
What is true about Spectre Vulnerability? [More than one is allowed]
Attackers may take advantage of this vulnerability to escalate privileges by forcing an unprivileged process to read other adjacent memory locations such as kernel memory and physical memory
This leads to revealing critical system information such as credentials, private keys, etc.
Attackers may take advantage of this vulnerability to read adjacent memory locations of a process and access information for which he/she is not authorized
Using this vulnerability, an attacker can even read the kernel memory or perform a web-based attack using JavaScript
Time is Up!