Eti Unit 6

Government Polytechnic, Ratnagiri
Computer Engineering Department

ETI 22618 QUESTION BANK
UNIT NO 6 TYPES OF HACKING
a) Simple Network Messaging Protocol
b) Simple Network Mailing Protocol
1 SNMP stands for
c) Simple Network Management Protocol
d) Simple Network Master Protocol
a) NetCat
Which of the following tool is used forNetwork Testing and b) SuperScan
2
port scanning? c) NetScan
d) All of Above
a) White Hat Hacking
b) Black Hat Hacking
3 Banner grabbing is often used for
c) Gray Hat Hacking
d) Script Kiddies
a) Connection Attack
An attacker can create an attack by sending hundreds or b) Auto responder Attack
4
thousands of e-mails with very large attachments. c) Attachment Overloading Attack
c) All of the above
a) Post bomb
b) Internet bomb
5 An email bomb is also known as
c) Letter bomb
d) All of the above
a) Threat
b) Vulnerability
6 _____ is any action that might compromise cyber-security.
c) Exploit
d) Attack
a) Threat
Existence of weakness in a system or network is called b) Vulnerability
7
_____ c) Exploit
d) Attack
a) Hacktivism
__________ is an act of hacking by the means of which a b) Whistle-blowing
8
political or social message is conveyed. c) Surveillance
d) Pseudonymization
a) Data copying
___ is the method of developing or creating a structurally
b) Data masking
9 similar yet unauthentic and illegitimate data of any firm or
c) Data breaching
company.
d) Data duplicating
a) Data obfuscation
b) Data copying
10 Data masking is also known as ______
c) Data breaching
d) Data duplicating
a) Trap doors
b) Front doors
11 Backdoors are also known as ________
c) Cover doors
d) Back entry
a) banner
b) software
12 Adware are pre-chosen _________ developed to display ads.
c) malware
d) shareware
a) Over buffering
________is an attack technique occurs when excess data b) Buffering
13
gets written to a memory block. c) Buffer overflow
d) Memory full
a) Cyber-security
_______ is an attempt to steal, spy, damage or destroy b) Cyber-attack
14
computer systems, networks or their associated information. c) Digital hacking
d) Computer security
a) Card Skimmer
_____ is a device which secretly collects data from credit / b) Data Stealer
15
debit cards. c) Card Copier
d) Card cloner
a) Drive-by click
____ is the way or technique through which majority of the b) Drive-by redirection
16
malware gets installed in our system. c) Drive-by download
d) Drive-by injecting USB devices
a) Cyber-replication
_____ is the hacking approach where cyber-criminals design
b) Mimicking
17 fake websites or pages for tricking or gaining additional
c) Website-Duplication
traffic.
d) Pharming
a) True
RAM-Scraping is a special kind of malware that looks b) False
18
(scrape) for sensitive data in the hard drive.
a) database system
When you book online tickets by swiping your card, the b) point-of-sale system
19
details of the card gets stored in c) servers
d) hard drives
______ are deadly exploits where the vulnerability is known a) Unknown attacks
and found by cyber-criminals but not known and fixed by b) Secret attacks
20
the owner of that application or company. c) Elite exploits
d) Zero-day exploits
a) zero-day attacks
b) hidden attacks
21 Zero-day exploits are also called ______
c) un-patched attacks
d) un-fixed exploits
a) 1
b) 2
22 There are ______ major types of ports in computers.
c) 3
d) 4
a) True
b) False
23 PS2 and DVI are examples of Logical ports.
a) jacks
b) cables
24 Physical ports are usually referred to as _______
c) interfaces
d) hardware plugs
a) Logical ports
b) Physical ports
25 ____ are logical numbers assigned for logical connections.
c) Networking cables
d) IP address
a) numbered ports
b) virtual numbering
26 Logical ports are also known as _______
c) virtual ports
d) network protocol ports
a) 20
b) 21
27 Which of the following is the port number for FTP data?
c) 22
d) 23
a) 20
b) 21
28 Which of the following is the port number for SMTP data?
c) 25
d) 23
a) 20
b) 21
29 Which of the following is the port number for FTP control?
c) 22
d) 23
a) 20
Which of the following is the port number for SSH (Secure b) 21
30
Shell)? c) 22
d) 23
a) 20
b) 21
31 Which of the following is the port number for Telnet?
c) 22
d) 23
a) 50, 51
Which of the following are the port numbers for IPSec b) 49, 50
32
service? c) 51, 52
d) 23, 24
a) 66, 67
b) 67, 68
33 Which of the following are the port numbers for DHCP?
c) 65, 66
d) 68, 69
a) 69
Which of the following is the port number for TFTP b) 70
34
service? c) 71
d) 72
a) True
b) False
35 Port 80 handles unencrypted web traffic.
a) For database security

Why it is important to know which service is using which b) For reporting data security to the auditor
36
port number? c) For understanding which data is going through secured traffic and which is not
d) For checking unused data traffic
a) 79
b) 80
37 Which of the following is the port number for HTTP?
c) 81
d) 82
a) 110
b) 111
38 Which of the following is the port number for POP3?
c) 112
d) 113
a) 160
b) 161
39 Which of the following is the port number for SNMP?
c) 162
d) 163
a) 1
b) 2
40 Firewalls can be of _________ kinds.
c) 3
d) 4
a) True
An ethical hacker must need to have the skills of
b) False
41 understanding the problem, networking knowledge and to
know how the technology works.
a) Social engineering
_________ enables a hacker to open a piece of program or
b) Reverse engineering
42 application and re-build it with further features &
c) Planting malware
capabilities.
d) Injecting code
a) Creative thinking
Which of the following do not comes under the intangible b) Problem-solving capability
43
skills of hackers? c) Persistence
d) Smart attacking potential
a) Only to write malware
Why programming language is important for ethical hackers b) For solving problems and building tool and programs
44
and security professionals? c) To teach programming
d) To develop programs to harm others
a) OS
Understanding of _______ is also important for gaining b) email-servers
45
access to a system through networks. c) networking
d) hardware
a) SQL
For hacking a database or accessing and manipulating data b) HTML
46
which of the following language the hacker must know? c) Tcl
d) F#
a) True
Information Gathering about the system or the person or b) False
47
about organization or network is not important.
a) Footprinting
______ is an ethical hacking technique used for determining
b) Cyber-printing
48 what operating system (OS) is running on a remote
c) OS fingerprinting
computer.
d) OS penetration testing
a) 5
How many types of fingerprinting are there in ethical b) 4
49
hacking? c) 3
d) 2
a) Hping
b) Wireshark
50 _______ is a common tool used for doing OS fingerprinting.
c) Nmap
d) Nessus
a) True
To secure your system from such type of attack, you have to b) False
51
hide your system behind any VPN or proxy server.
a) ping-based hacking
A ______ is a network scanning practice through which
b) ping sweep
52 hackers can use to conclude to a point which IP address
c) ping-range
from a list of IP addresses is mapping to live hosts.
d) pinging
a) ICMP sweep
b) SNMP sweep
53 Ping sweep is also known as ______
c) SGNP sweep
d) SICMP sweep
a) dnslookup
The _______ command is used on Linux for getting the b) lookup
54
DNS and host-related information. c) nslookup
d) infolookup
a) True
b) False
55 The configuration of DNS needs to be done in a secure way.
a) Exploits
________ are piece of programs or scripts that allow hackers b) Antivirus
56
to take control over any system. c) Firewall by-passers
d) Worms
a) infiltrating
The process of finding vulnerabilities and exploiting them b) exploitation
57
using exploitable scripts or programs are known as ______ c) cracking
d) hacking
a) Nessus
b) Nexpose
Which of them is not a powerful vulnerability detecting
58 c) Metasploit
tool?
d) Nmap
a) Google
______ is the specific search engine for exploits where b) Bing
59
anyone can find all the exploits associated to vulnerability. c) Exploit-db
d) Exploit-engine
a) Data theft
b) Forgery
60 Which of the following is not a type of cyber crime?
c) Damage to data and systems
d) Installing antivirus for protection
a) True
61 Cyber-laws are incorporated for punishing all criminals only. b) False
a) 4
b) 3
62 Cyber-crime can be categorized into ____ types.
c) 2
d) 6
a) Phishing
Which of the following is not a type of peer-to-peer cyber- b) Injecting Trojans to a target victim
63
crime? c) MiTM
d) Credit card details leak in deep web
a) Credit card fraudulent
Which of the following is not an example of a computer as b) Spying someone using keylogger
64
weapon cyber-crime? c) IPR Violation
d) Pornography
a) Unauthorized account access
b) Mass attack using Trojans as botnets
65 Which of the following is not done by cyber criminals?
c) Email spoofing and spamming
d) Report vulnerability in any system
a) India‟s Technology (IT) Act, 2000
What is the name of the IT law that India is having in the b) India‟s Digital Information Technology (DIT) Act, 2000
66
Indian legislature? c) India‟s Information Technology (IT) Act, 2000
d) The Technology Act, 2008
a) 2000
b) 2001
67 In which year India’s IT Act came into existence?
c) 2002
d) 2003
a) Information Tech Act -2000
b) Indian Technology Act -2000
68 What is the full form of ITA-2000?
c) International Technology Act -2000
d) Information Technology Act -2000
a) True
The Information Technology Act -2000 bill was passed by b) False
69
K. R. Narayanan.
a) 65
Under which section of IT Act, stealing any digital asset or
b) 65-D
70
information is written a cyber-crime. c) 67
d) 70
a) 6 months of imprisonment and a fine of Rs. 50,000
What is the punishment in India for stealing computer
b) 1 year of imprisonment and a fine of Rs. 100,000
71 documents, assets or any software’s source code
from any organization, individual, or from any other means? c) 2 years of imprisonment and a fine of Rs. 250,000
d) 3 years of imprisonment and a fine of Rs. 500,000
a) IT Act, 2007
b) Advanced IT Act, 2007
72 What is the updated version of the IT Act, 2000?
c) IT Act, 2008
d) Advanced IT Act, 2008
a) 2006
b) 2008
73 In which year the Indian IT Act, 2000 got updated?
c) 2010
d) 2012
a) Cracking or illegally hack into any system
What type of cyber-crime, its laws and punishments does b) Putting antivirus into the victim
74
section 66 of the Indian IT Act holds? c) Stealing data
d) Stealing hardware components
a) To think like hackers and know how to defend such attacks
b) To hack a system without the permission
75 What is the ethics behind training how to hack a system?
c) To hack a network that is vulnerable
d) To corrupt software or service using malware
a) a good
Performing a shoulder surfing in order to check other’s b) not so good
76
password is ____ ethical practice c) very good social engineering practice
d) a bad
a) Automated apps
________ has now evolved to be one of the most popular b) Database software
77
automated tools for unethical hacking. c) Malware
d) Worms
a) True
Leaking your company data to the outside network without b) False
78
prior permission of senior authority is a crime.
a) Ethical hacking
__________ is the technique used in business organizations b) Unethical hacking
79
and firms to protect IT assets. c) Fixing bugs
d) Internal data-breach
a) stealing
The legal risks of ethical hacking include lawsuits due to b) disclosure
80
_____ of personal data. c) deleting
d) hacking
a) Know the nature of the organization
Before performing any penetration test, through legal b) Characteristics of work done in the firm
81
procedure, which key points listed below is not mandatory? c) System and network
d) Type of broadband company used by the firm
a) True
An ethical hacker must ensure that proprietary information b) False
82
of the firm does not get leaked.
a) hacking
After performing ________ the ethical hacker should never b) cracking
83
disclose client information to other parties. c) penetration testing
d) exploiting
a) Social ethics
_________ is the branch of cyber security that deals with
b) Ethics in cyber-security
84 morality and provides different theories and a principle
c) Corporate ethics
regarding the view-points about what is right and wrong.
d) Ethics in black hat hacking
a) Sam Spade
Which of the following tool is used for Windows for b) SuperScan
85
network queries from DNS lookups to trace routes? c) NetScan
d) Netcat
a) Netcat
b) SamSpade
86 Which tool is used for ping sweeps and port scanning?
c) SuperScan
d) All the above
a) Netcat
Which of the following tool is used for security checks as b) Nmap
87
port scanning and firewall testing? c) Data communication
d) Netscan
a) Information gathering
What is the most important activity in windows b) Cracking password
88
vulnerabilities? c) Escalating privileges
d) Covering tracks
a) Exploit weakness in TCP/IP attack.
b) To execute a Trojan horse on a system.
89 What is purpose of Denial of Service attacks?
c) To overload a system so it is no longer operational.
d) To shutdown services by turning them off.
a) To identify live systems
b) To locate live systems
90 Why would a ping sweep be used?
c) To identify open ports
d) To locate firewalls
a) ARP poisoning attack
An excessive amount of ARP requests can be a sign of b) ARP Sniffing attack
91
an………… attack on your network. c) MAC-address poisoning
d) MAC-address Sniffing
a) Denial-of-Service attack
b) Man-in-the-Middle attack
92 ARP spoofing is often referred to as………..
c) Sniffing attack
d) Flooding attack
a) Rogue Network
14……………..watch out for unauthorized Access Points
b) ARP Poisoning
93 and wireless clients attached to your network that are
c) Session Hijacking
running in ad-hoc mode
d) MAC spoofing
a) MAC
…………….attack, which can take down your Internet b) DOS
94
connection or your entire network. c) IDS
d) None of above
a) Active, inactive, standby
b) Open, half-open, closed
95 What are the port states determined by Nmap?
c) Open, closed, filtered
d) Active, closed, unused
a) Operating system vulnerabilities
………….. include phishing, SQL injection, hacking, social
b) Web vulnerabilities
96 engineering, spamming, denial of service attacks, Trojans,
c) Wireless network vulnerabilities
virus and worm attacks.
d) Network infrastructure Vulnerabilities
a) Transmitting malware
What are some examples of hacker attacks against b) Crashing servers
97
messaging system? c) Obtaining remote control of workstations
d) All of the Above
a) ARP
b) FTP
98 Which protocol plays important role in MAC –daddy attack?
c) SMTP
d) SNMP
a) Loss of network access
What is one of the potential problems you may face if a b) Loss of confidential information
99
hacker compromises your WLAN? c) Legal liabilities
d) All of the above
a) results for pages that meet all of the keyword criteria
b) pages with specific text in their HTML title
100 “allintitle“ Google dork operator returns
c) matches for URLs that meet all the matching criteria
d) specific files containing title
a) Buffer overflow
………….. is a technique used by hackers to find the b) Google Dorking
101
information exposed accidentally to the internet. c) Google Shadow
d) GDPR
a) Stack Based, heap
In …………, your hacker corrupts data within the ……..,
b) Stack Based, stack
102 and that code change forces your system to overwrite
c) Heap-based, heap
important data.
d) Heap-based, stack
a) It is a method of stealing personal data
b) It is a type of man-in-the-middle (MITM) attack
103 What is ARP poisoning or spoofing?
c) It is a way to bypass firewalls
d) It is a technique used to perform DDoS attacks
a) By using a proxy server
b) By running a program such as dsniff or Cain & Abel
104 How can hackers modify ARP tables?
c) By brute-forcing the network password
d) By launching a phishing attack
a) The data is compressed to fit within the buffer
What happens when a program or system process places
b) The extra data overflows and corrupts or overwrites other data in adjacent buffers
105 more data than was originally allocated to be stored in a
c) The data is automatically deleted
buffer?
d) The buffer expands to accommodate the extra data
a) An attack that causes a program to stop functioning
b) An attack that fills up the hard drive with useless data
106 What is a buffer-overflow attack?
c) An attack that sends extra data to a program's buffer to corrupt or overwrite adjacent data
d) An attack that steals personal data from a program's buffer
a) Stack-based and heap-based
What are the two methods that an attacker can use to take
b) Stack-based and queue-based
107 over a program's buffer and initiate a buffer-overflow
c) Heap-based and list-based
attack?
d) Queue-based and tree-based
a) The attacker corrupts data within the heap
b) The attacker sends data to a too-small stack buffer and inserts malicious code by using
108 How does a stack-based buffer-overflow attack work? a "push" or "pop" function
c) The attacker floods the buffer with a large amount of data to cause it to crash
d) The attacker sends a virus to the buffer to infect the program
a) An attack that targets the stack buffer of a program
b) An attack that floods a buffer with a large amount of data
109 What is a heap-based buffer-overflow attack?
c) An attack that corrupts data within the heap and forces the system to overwrite important dat
d) An attack that steals personal data from the program's buffer
a) Complex software systems for managing database
b) Simple software systems for management database
110 What are database management systems?
c) Hardware systems for managing databases
d) Network systems for managing databases
a) To ignore the potential security problems
What is the role of a security professional in managing b) To asses and manage the potential security problems
111
potential security problem in database management systems? c) To create more security problems
d) To delegate the security problems to someone else
a) Strong access permissions
What is one of the vulnerabilities in database management b) Implementation of cryptography as an access control
112
systems? c) Keeping sensitive data for a short time
d) Loose access permissions
a) It reduces the impact of a security breach
What is the impact of excessive retention of sensitive data in b) It increases the impact of a security breach
113
database management systems? c) It has no impact on the security breach
d) It helps prevent security breaches
a) The practice of collecting only non-sensitive data
What is aggregation of personally identifiable information in b) The practice of keeping data in separate data warehouses
114
database management systems? c) The practice of combining data about citizens from various sources into a data warehouse
d) The practice of deleting all sensitive data
a) A technique to identify vulnerabilities in a system or network
b) A technique to exploit vulnerabilities in a system or network
115 What is SQL injection?
c) A technique to fix vulnerabilities in a system or network
d) A technique to steal sensitive information from a system or network
a) Authorized
Email bomb can crash a server and provide ……….. b) Unauthorized
116
administrator access c) Both A and B
d) None of the above
a) HTTP
b) FTP
117 Hackers attacks against insecure Web Application via…….
c) HTTPS
d) UDP
a) Web Application vulnerability
b) Security vulnerability
118 SQL Injection is which type of vulnerability?
c) Windows vulnerability
d) All of the above
a) Google Tracking
b) Google Hacking
119 Google Dorking is also known as
c) Google fetching
d) None of the above
a) intitle
b) allintitle
120 Which of the following is/are Google Dork operator?
c) inurl
d) All of the above
a) It allows a hacker to search for pages based on the text contained in the URL
b) It searches for specific text in the HTML title of a page
121 What is the intitle operator in Google Dorks?
c) It helps a hacker narrow down search results to specific file types
d) It searches for files based on their file extension.
122 What is the inurl operator in Google Dorks?
d) It searches for files based on their file extension
a) To search for pages with specific text in their HTML title
What is the purpose of the filetype operator in Google b) To search for pages based on the text contained in the URL
123
Dorks? c) To help a hacker narrow down search results to specific file types
d) To search for files based on their file extension
a) To search for pages with specific text in their HTML titl
b) To search for pages based on the text contained in the URL
124 What is the purpose of the ext operator in Google Dorks?
c) To help a hacker narrow down search results to specific file type
d) To search for files based on their file extension
125 What is the intext operator in Google Dorks?
d) It searches the entire content of a given page for keywords supplied by the hacker
a) intitle
Which operator allows a hacker to search for pages based on b) allintitle
126
the text contained in the URL? c) inurl
d) allinurl
a) intitle
Which operator searches the entire content of a given page b) allintitle
127
for keywords supplied by the hacker? c) intext
d) allintext
a) intitle
Which operator requires a page to match all of the given b) allintitle
128
keywords? c) inurl
d) allinurl
a) intitle
Which operator limits the scope of a query to a single b) allintitle
129
website? c) site
d) allintext
a) DoS, Remote Code Execution, and SQL Injection
What are some common vulnerability found in all versions b) Buffer Overflow, Cross-site Scripting, and Directory Traversal.
130
of Windows? c) CSRF File Inclusion, Http Response Splitting, and Gain Information/Privileges.
d) All of the above.
a) Because Microsoft doesn't care about security as much as other OS vendors.
b) Because it has the most vulnerabilities.
131 Why is Microsoft Windows OS the most widely hacked?
c) Because it is the most widely used OS in the world.
d) None of the above.
a) They are driving the requirement for better security.
b) They are exposing vulnerabilities in operating systems.
132 What is the one positive thing about hackers?
c) They are making it easier for software vendors to fix their products.
a) DoS.
What type of vulnerability has the maximum impact on b) Remote Code Execution.
133
confidentiality and integrity? c) Memory Corruption.
d) Gaining Privileges.
a) DoS.
What type of vulnerability was used by the Blaster worm in b) Remote Code Execution.
134
UNIX and Linux systems? c) Remote Procedure Call
d) SQL Injection.
a) To damage Internet-connected computers.
b) To violate the privacy of email users.
135 What is the primary purpose of email attacks?
c) To render Internet services inoperable.
a) Because it is a universal service used by a large number of people worldwide.
Why has email become a major vulnerability to users and b) Because it is not secure and can be easily hacked.
136
organizations? c) Because it contains sensitive information that can be exploited.
a) Gathering public information, scanning, and enumerating your systems.
What are the basic hacking methodologies used in some b) Capturing network traffic and exploiting vulnerabilities.
137
email attacks? c) Brute-force password cracking and phishing.
data
ant data
ouse

Eti Unit 6

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Eti Unit 6

Uploaded by

Copyright:

Available Formats

Government Polytechnic, Ratnagiri

Computer Engineering Department

a) For database security

You might also like