Why would a hacker use a proxy server?

A. To create a stronger connection with the

target.
B. To create a ghost server on the network.
C. To obtain a remote access connection.
D. To hide malicious activity on the network.
D. To hide malicious activity on the network.
Attempting to gain access to a network using an
employee’s credentials is called the
_____________ mode of ethical hacking.
A. Local networking
B. Social engineering
C. Physical entry
D. Remote networking
A. Local networking
What is the purpose of a Denial of Service
attack?
A. Exploit a weakness in the TCP/IP stack
B. To execute a Trojan on a system
C. To overload a system so it is no longer
operational
D. To shutdown services by turning them off
C. To overload a system so it is no longer
operational
What are some of the most common vulnerabilities
that exist in a network or system?
A. Changing manufacturer, or recommended,
settings of a newly installed application.
B. Additional unused features on commercial
software packages.
C. Utilizing open source application code
D. Balancing security concerns with functionality
and ease of use of a system
B. Additional unused features on commercial
software packages.
• The first phase of hacking an IT system is
compromise of which foundation of security?
• A. Availability
• B. Confidentiality
• C. Integrity
• D. Authentication
• B. Confidentiality
• Performing hacking activities with the intent
on gaining visibility for an unfair situation is
• called ________.
• A. Cracking
• B. Analysis
• C. Hacktivism
• D. Exploitation
C. Hacktivism
• What is the most important activity in system
hacking?
• A. Information gathering
• B. Cracking passwords
• C. Escalating privileges
• D. Covering tracks
B. Cracking passwords
• Phishing is a form of ____________________.
• A. Spamming
• B. Identify Theft
• C. Impersonation
• D. Scanning
C. Impersonation
• Services running on a system are determined
by _____________.
• A. The system’s IP address.
• B. The Active Directory
• C. The system’s network name
• D. The port assigned
D. The port assigned
• What are the types of scanning?
• A. Port, network, and services
• B. Network, vulnerability, and port
• C. Passive, active, and interactive
• D. Server, client, and network
B. Network, vulnerability, and port
• Enumeration is part of what phase of ethical
hacking?
• A. Reconnaissance
• B. Maintaining Access
• C. Gaining Access
• D. Scanning
C. Gaining Access
• Keyloggers are a form of ______________.
• A. Spyware
• B. Shoulder surfing
• C. Trojan
• D. Social engineering
A. Spyware
• Nmap is abbreviated as Network Mapper.
• a) True
• b) False
a) True
Avoiding Detection
What is the ethics behind training how to hack a
system?
a) To think like hackers and know how to defend
such attacks
b) To hack a system without the permission
c) To hack a network that is vulnerable
d) To corrupt software or service using malware
a) To think like hackers and know how to defend
such attacks
Performing a shoulder surfing in order to check
other’s password is ____________ ethical
practice.
a) a good
b) not so good
c) very good social engineering practice
d) a bad
d) a bad
 ___________ has now evolved to be one of the
most popular automated tools for unethical
hacking.
a) Automated apps
b) Database software
c) Malware
d) Worms
c) Malware
Leaking your company data to the outside
network without prior permission of senior
authority is a crime.
a) True
b) False
a) True
_____________ is the technique used in
business organizations and firms to protect IT
assets.
a) Ethical hacking
b) Unethical hacking
c) Fixing bugs
d) Internal data-breach
a) Ethical hacking
.The legal risks of ethical hacking include
lawsuits due to __________ of personal data.
a) stealing
b) disclosure
c) deleting
d) hacking
b) disclosure
An ethical hacker must ensure that proprietary
information of the firm does not get leaked.
a) True
b) False
a) True
After performing ____________ the ethical
hacker should never disclose client information
to other parties.
a) hacking
b) cracking
c) penetration testing
d) exploiting
c) penetration testing
A penetration tester must identify and keep in
mind the ___________ & ___________
requirements of a firm while evaluating the
security postures.
a) privacy and security
b) rules and regulations
c) hacking techniques
d) ethics to talk to seniors
a) privacy and security
___________ is a weakness that can be
exploited by attackers.
a) System with Virus
b) System without firewall
c) System with vulnerabilities
d) System with a strong password
System with vulnerabilities
 ____________ is the cyclic practice for
identifying & classifying and then solving the
vulnerabilities in a system.
a) Bug protection
b) Bug bounty
c) Vulnerability measurement
d) Vulnerability management
d) Vulnerability management
 Risk and vulnerabilities are the same things.
a) True
b) False
b) False
There are ________ types of exploit.
a) 3
b) 2
c) 5
d) 4
b) 2

(remote and local)

Remote exploits is that type of exploits acts over
any network to exploit on security vulnerability.
a) True
b) False
a) True
________ type of exploit requires accessing to
any vulnerable system for enhancing privilege
for an attacker to run the exploit.
a) Local exploits
b) Remote exploits
c) System exploits
d) Network exploits
a) Local exploits
A _________ is a software bug that attackers can
take advantage to gain unauthorized access in a
system.
a) System error
b) Bugged system
c) Security bug
d) System virus
c) Security bug
Security bugs are also known as _______
a) security defect
b) security problems
c) system defect
d) software error
a) security defect
A zero-day vulnerability is a type of vulnerability
unknown to the creator or vendor of the system
or software.
a) True
b) False
a) True`
What is the ethics behind training how to hack a
system?
a) To think like hackers and know how to defend
such attacks
b) To hack a system without the permission
c) To hack a network that is vulnerable
d) To corrupt software or service using malware
a) To think like hackers and know how to defend
such attacks
An attacker, who is an employee of your firm
may ___________ to know your system
password.
a) perform network jamming
b) do shoulder surfing
c) steal your laptop
d)none
b) do shoulder surfing
You may throw some confidential file in a
dustbin which contains some of your personal
data. Hackers can take your data from that
thrown-away file also, using the technique
_________
a) Dumpster diving
b) Shoulder surfing
c) Phishing
d) Spamming
a) Dumpster diving
_____________ will encrypt all your system files
and will ask you to pay a ransom in order to
decrypt all the files and unlock the system.
a) Scareware
b) Ransomware
c) Adware
d) Spyware
b) Ransomware
______________ are special malware programs
written by elite hackers and black hat hackers to
spy your mobile phones and systems.
a) Scareware
b) Ransomware
c) Adware
d) Spyware
d) Spyware
The antivirus or PC defender software in a
system helps in detecting virus and Trojans.
a) True
b) False
• a) True
• Clicking a link which is there in your email
which came from an unknown source can
redirect you to ____________ that
automatically installs malware in your system.
a) that vendor’s site
b) security solution site
c) malicious site
d) software downloading site
c) malicious site
_____________ is a malicious method used by
cyber-criminals to trick a user into clicking on
something different from what the user wants.
a) Click-hacking
b) Click-fraud
c) Click Jacking
d) Using torrent links
c) Click Jacking
Through the click jacking attack, the employee’s
confidential ______________ may get leaked or
stolen.
a) information
b) papers
c) hardcopy files
d) media files
a) information
________________ has become a popular
attack since last few years, and the attacker
target board members, high-ranked officials and
managing committee members of an
organization.
a) Spyware
b) Ransomware
c) Adware
d) Shareware
b) Ransomware
________________ important and precious file
is a solution to prevent your files from
ransomware.
a) Deleting all
b) Keeping backup of
c) Not saving
d) Keeping in pen drive
b) Keeping backup of
Which of the following do not comes under
security measures for cloud in firms?
a) Firewall
b) Antivirus
c) Load Balancer
d) Encryption
b) Antivirus
If you’re working in your company’s
system/laptop and suddenly a pop-up window
arise asking you to update your security
application, you must ignore it.
a) True
b) False
b) False
______________ Is the preparation phase. It
seeks to gather information about the target.
a. Reconnaissance
b. Scanning
c. Gaining access
d. Maintaining access
• a. Reconnaissance
Active reconnaissance permits direct interaction
by any mean with the target.
a.True
b.False
a.True
____________ is the pre-attack phase
a. Reconnaissance
b. Scanning
c. Gaining access
d. Maintaining access
b. Scanning
_______________ is the point where the
attacker obtains access to the system or the
application.
a. Reconnaissance
b. Scanning
c. Gaining access
d. Maintaining access
c. Gaining access
______________ is the retention the system’s
owner.
a. Reconnaissance
b. Scanning
c. Gaining access
d. Maintaining access
d. Maintaining access
Hacktivist distribute political and social messages
through their work
a.True
b.False
a.True
__________ Attack govt computers or public utility
infrastructure , such as air traffic control towers.
Cyber terrorist