Sample Questions and Answers
What does Nmap’s -O flag do?
Output to file
B. Optimize scan speed
C. OS detection
D. Open UDP ports
Answer: C. OS detection
Explanation: -O enables Nmap’s OS fingerprinting feature.
What is a rainbow table?
Table with colored results
B. Table of precomputed password hashes
C. Table used to generate MAC addresses
D. Database of malware
Answer: B. Table of precomputed password hashes
Explanation: Rainbow tables speed up cracking by using prehashed values.
What is a pivoting attack in post-exploitation?
Using one compromised system to attack others
B. Attacking only web applications
C. Crashing the kernel
D. Encrypting the file system
Answer: A. Using one compromised system to attack others
Explanation: Pivoting helps attackers move laterally within a network.
What type of encryption is RSA?
Symmetric
B. Asymmetric
C. Hashing
D. Polyalphabetic
Answer: B. Asymmetric
Explanation: RSA uses a public-private key pair for secure communication.
Which command reveals the routing path to a remote host?
ping
B. traceroute
C. whois
D. netstat
Answer: B. traceroute
Explanation: traceroute shows the hops between the local host and target.
What is a rootkit?
A program that updates the OS
B. A tool that creates users
C. Malware designed to hide the presence of other malware
D. A firewall component
Answer: C. Malware designed to hide the presence of other malware
Explanation: Rootkits hide their presence and often allow privileged backdoor access.
Which Nmap scan type is the most stealthy and often used to avoid detection by firewalls and IDS systems?
TCP Connect Scan
B. SYN Scan
C. Xmas Scan
D. FIN Scan
Answer: D. FIN Scan
Explanation: The FIN scan sends a TCP FIN packet to a port without establishing a full TCP handshake. Many firewalls and IDS systems do not log these packets, making it a stealthy option for reconnaissance.
What is the main purpose of the hping tool in ethical hacking?
Malware analysis
B. Packet crafting and manipulation
C. Log file analysis
D. Password brute-forcing
Answer: B. Packet crafting and manipulation
Explanation: hping is a packet crafting tool used to create and send custom TCP/IP packets. It’s useful for firewall testing, network scanning, and packet analysis.
Which of the following is the correct description of an ARP spoofing attack?
Changing MAC address dynamically
B. Sending fake ARP messages to associate the attacker’s MAC address with the IP of another host
C. Capturing encrypted passwords from a router
D. Modifying DNS server entries on the fly
Answer: B. Sending fake ARP messages to associate the attacker’s MAC address with the IP of another host
Explanation: ARP spoofing tricks devices on a LAN into sending traffic intended for another host to the attacker’s machine by poisoning the ARP cache.
In vulnerability scanning, which of the following tools is best known for performing web application vulnerability assessments?
Nikto
B. Wireshark
C. Aircrack-ng
D. Cain & Abel
Answer: A. Nikto
Explanation: Nikto is a web server scanner that tests for various web vulnerabilities, such as outdated software versions and dangerous files.
What is the primary objective of a buffer overflow attack?
Flood the server with unnecessary traffic
B. Replace system files
C. Execute arbitrary code
D. Redirect users to a malicious site
Answer: C. Execute arbitrary code
Explanation: Buffer overflow attacks aim to inject and execute malicious code by overflowing a program’s memory buffer.
Which of the following is a countermeasure for SQL injection attacks?
Input validation and parameterized queries
B. Disabling cookies
C. Encrypting database tables
D. DNS blacklisting
Answer: A. Input validation and parameterized queries
Explanation: Using prepared statements and input validation ensures that user input does not alter SQL queries, preventing injection.
What is the goal of the enumeration phase in ethical hacking?
Obtain usernames, group info, shares, and services
B. Install backdoors
C. Break passwords
D. Execute scripts remotely
Answer: A. Obtain usernames, group info, shares, and services
Explanation: Enumeration extracts detailed information from a target system such as network resources, shares, and user accounts.
Which port is commonly used by the SMB protocol for file sharing in Windows environments?
80
B. 139
C. 22
D. 25
Answer: B. 139
Explanation: Port 139 is used by the Server Message Block (SMB) protocol for file sharing and communication in legacy Windows systems.
Which wireless attack involves intercepting traffic between two parties without their knowledge?
Evil Twin
B. Rogue AP
C. Man-in-the-Middle
D. Bluejacking
Answer: C. Man-in-the-Middle
Explanation: In a MITM attack, the attacker secretly relays or alters communication between two parties who believe they are directly communicating.
What does a null session in Windows allow?
Remote control
B. Brute force password attacks
C. Anonymous connection to the IPC$ share
D. DNS poisoning
Answer: C. Anonymous connection to the IPC$ share
Explanation: Null sessions allow unauthenticated access to the Inter-Process Communication (IPC$) share, often exposing information like usernames and shares.
Which of the following best describes footprinting?
Identifying users on a system
B. Gaining initial access
C. Passive collection of information about a target
D. Exploiting a vulnerability
Answer: C. Passive collection of information about a target
Explanation: Footprinting is the first phase of ethical hacking, where attackers gather publicly available information without engaging directly with the target.
What command in Linux is used to display network interface configuration?
netstat
B. ping
C. ifconfig
D. whoami
Answer: C. ifconfig
Explanation: The ifconfig command displays information about all active network interfaces on a Linux system.
Which cryptographic attack involves trying every possible key combination?
Side-channel attack
B. Brute-force attack
C. Birthday attack
D. Known-plaintext attack
Answer: B. Brute-force attack
Explanation: Brute-force attacks involve attempting all possible combinations of a key or password until the correct one is found.
What is a honeypot in cybersecurity?
Encrypted password file
B. A sandbox for malware
C. A system designed to attract attackers and monitor their actions
D. Firewall rule set
Answer: C. A system designed to attract attackers and monitor their actions
Explanation: Honeypots are traps set up to detect, deflect, or study attackers by simulating vulnerable systems.
Which tool is commonly used for wireless network sniffing and packet analysis?
Wireshark
B. Nikto
C. Nmap
D. Sqlmap
Answer: A. Wireshark
Explanation: Wireshark captures and analyzes network traffic, including wireless packets, and is used extensively for protocol inspection.
Which of the following tools is primarily used for exploiting known vulnerabilities in systems?
Metasploit
B. Nmap
C. Netcat
D. Aircrack-ng
Answer: A. Metasploit
Explanation: Metasploit is a widely used penetration testing framework that allows security professionals to exploit vulnerabilities in systems with prebuilt modules.
What kind of vulnerability does Cross-Site Request Forgery (CSRF) exploit?
Input validation
B. Session management
C. Broken authentication
D. Trust relationship between the user and website
Answer: D. Trust relationship between the user and website
Explanation: CSRF tricks a user’s browser into executing unauthorized actions on a trusted site, exploiting the site’s trust in the user.
Which phase of hacking includes mapping out the network topology of a target organization?
Enumeration
B. Footprinting
C. Gaining access
D. Maintaining access
Answer: B. Footprinting
Explanation: Network topology discovery is part of footprinting, where the hacker gathers passive and active information about the organization.
Which of the following is an attack vector for DNS zone transfer?
TCP port 53
B. UDP port 53
C. TCP port 139
D. UDP port 161
Answer: A. TCP port 53
Explanation: DNS zone transfers use TCP port 53, which if misconfigured, can leak internal DNS records to attackers.
What technique is used to hide malicious code inside an image file?
Hashing
B. Stenography
C. Watermarking
D. Obfuscation
Answer: B. Stenography
Explanation: Steganography involves hiding data within other files like images or audio, making it hard to detect.
What is the primary function of a logic bomb?
Infect removable media
B. Install spyware
C. Trigger a malicious payload when specific conditions are met
D. Spread automatically across networks
Answer: C. Trigger a malicious payload when specific conditions are met
Explanation: Logic bombs remain dormant until triggered by an event like a specific date or file deletion.
Which type of scan does not complete the TCP handshake but sends a SYN and monitors the response?
Connect Scan
B. FIN Scan
C. Stealth (SYN) Scan
D. UDP Scan
Answer: C. Stealth (SYN) Scan
Explanation: Also known as a half-open scan, it sends a SYN and observes responses without completing the handshake, avoiding logs.
What is a key feature of polymorphic malware?
It encrypts files
B. It changes its code to avoid signature detection
C. It uses rootkits
D. It stays resident in RAM only
Answer: B. It changes its code to avoid signature detection
Explanation: Polymorphic malware constantly mutates its appearance, making it harder for signature-based antivirus tools to detect it.
Which of the following best defines spear phishing?
A mass email scam
B. A targeted phishing attempt against a specific person or organization
C. Impersonating a website
D. A DNS redirection attack
Answer: B. A targeted phishing attempt against a specific person or organization
Explanation: Spear phishing focuses on a particular target, often using personal details to appear legitimate.
What is the function of the “traceroute” command in reconnaissance?
Cracks Wi-Fi passwords
B. Performs port scanning
C. Identifies the path packets take to a destination
D. Transfers files remotely
Answer: C. Identifies the path packets take to a destination
Explanation: Traceroute shows each hop a packet takes to reach a target, useful for network mapping and latency analysis.
Which of the following types of malware monitors user keystrokes?
Ransomware
B. Keylogger
C. Worm
D. Logic bomb
Answer: B. Keylogger
Explanation: Keyloggers secretly record keystrokes and send them to attackers, often used to steal credentials.
Which of the following is a common countermeasure for brute-force password attacks?
Steganography
B. Account lockout policies
C. SSL encryption
D. Load balancing
Answer: B. Account lockout policies
Explanation: Locking an account after several failed attempts helps protect against automated brute-force password attacks.
What is the purpose of war driving in wireless attacks?
Disabling encryption on routers
B. Intercepting phone calls
C. Mapping and identifying unsecured wireless networks
D. Launching denial-of-service attacks
Answer: C. Mapping and identifying unsecured wireless networks
Explanation: War driving involves scanning for Wi-Fi networks while moving, typically looking for unprotected or poorly secured ones.
Which tool is commonly used for SQL injection testing?
Nikto
B. Sqlmap
C. Netcat
D. Ettercap
Answer: B. Sqlmap
Explanation: Sqlmap automates the process of detecting and exploiting SQL injection vulnerabilities in web applications.
What does the acronym “CHAP” stand for in network authentication?
Challenge-Handshake Authentication Protocol
B. Certified Host Authentication Protocol
C. Centralized Host Access Protocol
D. Checksum Header Authentication Protocol
Answer: A. Challenge-Handshake Authentication Protocol
Explanation: CHAP is a protocol that uses a challenge-response mechanism to authenticate a user or network entity.
Reviews
There are no reviews yet.