Ethical Hacking Quiz Bible
You have observed that the bit pattern is 11111111 11111111 10000000 00000000. Which of the following subnet masks will you use? A. 255.255.128.0 B. 255.255.252.0 C. 255.255.0.0 D. 255.128.128.0
A. 255.255.128.0
How many layers in the OSI model map to the top layer in the TCP/IP architecture? A. 3 B. 2 C. 4 D. 1
A. 3
What would you use a security information event manager for? A. Aggregating and providing search for log data B. Managing security projects C. Escalating security events D. Storing open-source intelligence
A. Aggregating and providing search for log data
Your organization has asked you to provide the number of bits in a network prefix. Which of the following notations will you use? A. Classless Inter-Domain Routing B. Subnet Bit Notation C. Classless Subnet Notation D. Subnet Inter-Domain Routing
A. Classless Inter-Domain Routing
Please refer to the FBI Flash card provided to you. After initially gaining access to a victim network, the hackers leave a ransom note stating (Choose all that apply): A. Data has been encrypted B. They cracked all user passwords on the system C. Threatened victim that the data will be leaked if they do not comply D. Victim should contact OnePercent group on TOR
A. Data has been encrypted C. Threatened victim that the data will be leaked if they do not comply D. Victim should contact OnePercent group on TOR
Which of the following statements regarding ethical hacking are true? Each correct answer represents a complete solution. Choose all that apply. A. Ethical hacking should not involve writing to or modifying the target systems. B. An organization should use ethical hackers who do not sell vendor hardware/software or other consulting services. C. Ethical hackers should never use tools or methods that have the potential of exploiting vulnerabilities in an organization's systems.
A. Ethical hacking should not involve writing to or modifying the target systems. B. An organization should use ethical hackers who do not sell vendor hardware/software or other consulting services.
Which protocol is necessary to enable the functionality of traceroute? A. ICMP B. SNMP C. HTTP D. IP
A. ICMP
With what can you stop a process? A. Kill B. Delete C. Stop D. Shutdown
A. Kill
What layer, in the TCP/IP stack, is responsible for routing a packet to a destination address? A. Network B. Transport C. Application D. Internet
A. Network
How would you calculate risk? A. Probability * loss value B. Probability * mitigation factor C. (Loss value + mitigation factor) * (loss value/probability) D. Probability * mitigation factor
A. Probability * loss value
How do you delete a file? A. Rm filename B. Dl filename C. Touch filename D. Less filename
A. Rm filename
What are the messages sent as part of a TCP three-way handshake? A. SYN, SYN/ACK, ACK B. SYN, ACK, SYN, ACK C. SYN, SYN, ACK D. SYN, SYN, ACK, ACK
A. SYN, SYN/ACK, ACK
Kylie and Taylor work as the security administrators at XYZ. Kylie sends a SYN packet to Taylor in a TCP connection. Which packet does Taylor send back in response to Kylie? A. SYN/ACK B. ACK C. RST D. SYN/RST
A. SYN/ACK
Which is the second phase in the ethical hacking methodology? A. Scanning and enumeration B. Covering tracks C. Maintaining access D. Reconnaissance
A. Scanning and enumeration
Which protocol would you use for transport if you needed to ensure that all your messages were received in the right order? A. TCP B. UDP C. ICMP D. IP
A. TCP
What is the purpose of a security policy? A. To provide high-level guidance on the role of security B. To provide specific direction to security workers C. To increase the bottom line of a company D. To align standards and practices
A. To provide high-level guidance on the role of security
What does the acronym TCP represent? A. Transmission Control Protocol B. Transfer Control Protocol C. The Control Protocol D. Transfer Congestion Protocol
A. Transmission Control Protocol
If you wanted a lightweight protocol to send real-time data over, which of these would you use? A. UDP B. ICMP C. HTTP D. TCP
A. UDP
What TCP/IP protocol is fast, unreliable, and operates at the Transport layer? A. UDP B. FTP C. TCP D. POP3
A. UDP
Please refer to Responsible Use of University Computing Resources. Please select all that apply to students: A. University Computing Resources are intended for University-related use B. Limit the personal use of University Computing Resources C. Use only those University Computing Resources that they are authorized to use D. Respect the finite capacity of University Computing Resources E. Do not send unsolicited bulk email ("spam") or email designed to trick users
A. University Computing Resources are intended for University-related use B. Limit the personal use of University Computing Resources C. Use only those University Computing Resources that they are authorized to use D. Respect the finite capacity of University Computing Resources E. Do not send unsolicited bulk email ("spam") or email designed to trick users
Which of these is an example of an application layer gateway? A. Web application firewall B. Runtime application self-protection C. Java applet D. Intrusion prevention system
A. Web application firewall
A hacker uses his skills and knowledge for defensive purposes. Which of the following types of threat actors is the hacker? A. White hat B. Gray hat C. Hacktivist D. Script kiddie
A. White hat
Which statement resumes the next iteration of a for, while, select, or until loop? A. continue B. break C. complete D. command
A. continue
What is the logical component of a TCP connection that can be assigned to a process that requires network connectivity? A. port B. IP C. ISN D. SYN
A. port
To copy a line in vim, you can use which shortcuts? A. yy B. p C. cp D. Y E. copy
A. yy D. Y
Which of the following actions are prohibited under the code of ethics? Each correct answer represents a complete solution. Choose all that apply. A. Disclosing potential dangers to the Internet community B. Participating in an underground hacking community C. Being convicted of a felony D. Engaging in bribery
B. Participating in an underground hacking community C. Being convicted of a felony D. Engaging in bribery
With what command you can see what folder you are in? A. Whereami B. Pwd C. Place D. Map
B. Pwd
What are the three steps in the TCP handshake as described by the flags set? A. SYN, SYN/URG, RST B. SYN, SYN/ACK, ACK C. RST, SYN, ACK D. SYN, SYN/ACK, ACK/URG
B. SYN, SYN/ACK, ACK
A hacker is conducting the following on the target workstation: nmap -sT 192.33.10.5 The attacker is in which phase? A. Covering tracks B. Scanning and enumeration C. Gaining access D. Reconnaissance
B. Scanning and enumeration
Swan, a penetration tester, has gathered a lot of valuable information on her target. She has used some different tools and determined that on her target's network, a computer named XYZ Worsoft has port 548 open. Which of the following steps in the ethical hacking methodology is she performing? A. Gaining access B. Scanning and enumeration C. Reconnaissance D. Maintaining access
B. Scanning and enumeration
The PDU for TCP is called a _____. A. Frame B. Segment C. Datagram D. Packet
B. Segment
Which of the following layers manages the communication between the endpoints when it comes to maintaining the communication of the applications (the client or server)? A. Presentation B. Session C. Network D. Transport
B. Session
Joseph, a network administrator, wants to create dynamic connections on an Ethernet network by using a switch. Which of the following topologies will he use? A. Mesh B. Star C. Bus D. Ring
B. Star
Which of the following is used to determine whether a destination system is on the same network as the source? A. IP address B. Subnet mask C. Multicast address D. Source port
B. Subnet mask
You are asked about the ethics behind training on how to hack a system to an ethical hacker. Which of the following will you suggest? A. Corrupt software or service using malware. B. Think like hackers and know how to defend such attacks. C. Hack a system without permission. D. Hack a network that is vulnerable.
B. Think like hackers and know how to defend such attacks.
What would be necessary for a TCP conversation to be considered ESTABLISHED by a stateful firewall? A. Final acknowledgment message B. Three-way handshake complete C. Sequence numbers aligned D. SYN message received
B. Three-way handshake complete
What layer, in the TCP/IP protocol stack, is responsible for encapsulating data into segments? A. Application layer B. Transport layer C. Network layer D. Internet layer
B. Transport layer
Which command sets up shorthand for command or command line? A. set B. alias C. new D. echo
B. alias
What port does the Hypertext Transfer Protocol, or HTTP service use? A. 53 B. 25 C. 80 D. 69
C. 80
What layer, in the TCP/IP stack, do applications and protocols, such as HTTP and Telnet, operate? A. Transport B. Internet C. Application D. Network
C. Application
In which phase within the ethical hacking framework is log information altered or deleted? A. Scanning and enumeration B. Reconnaissance C. Covering tracks D. Gaining access
C. Covering tracks
A breach was caused in which a customer's personal information was compromised. Jordan, a security analyst, is asked to determine which vulnerabilities the attacker used to access company resources. Which of the following should he use to remediate the vulnerabilities? A. Root cause analyzer B. Behavioral analytics C. Data leak prevention D. Protocol analyzer
C. Data leak prevention
How do you find out what's your shell? A. Whomami B. Pwd C. Echo $SHELL D. $sh
C. Echo $SHELL
An intrusion detection system can perform which of the following functions? A. Block traffic B. Filter traffic based on headers C. Generate alerts on traffic D. Log system messages
C. Generate alerts on traffic
What TCP/IP protocol is used to send messages related to network operations and can be used to troubleshoot network connectivity? A. UDP B. ARP C. ICMP D. TCP
C. ICMP
An attacker has successfully compromised a machine on the network and found a server that is alive on the same network. The attacker tries to ping it but didn't get any response back. Which of the following is responsible for this scenario? A. TCP/IP doesn't support ARP. B. TCP/IP doesn't support ICMP. C. ICMP is disabled on the target server. D. ARP is disabled on the target server.
C. ICMP is disabled on the target server.
In Shell scripting what is $*? A. Its mainly used for showing up all params. This show few parameter values passed in shell script. B. Its mainly used for showing up all params. This show all values returned. C. Its mainly used for showing up all params. This show all parameter values passed in shell script. D. None of the above is correct.
C. Its mainly used for showing up all params. This show all parameter values passed in shell script.
What order, from bottom to top, does the TCP/IP architecture use? A. Physical, Network, Session, Application B. Data Link, Internet, Transport, Application C. Link, Network, Transport, Application D. Network Access, Network, Transport, Application
C. Link, Network, Transport, Application
Mapping open ports and grabbing banners are part of what attack phase? A. Reconnaissance B. Placing backdoors C. Scanning and enumeration D. Escalation of privilege
C. Scanning and enumeration
What is the number one defense against reconnaissance attacks? A. Confidentiality agreements B. Shredding sensitive documents C. Security policies D. Physical security systems such as doors, locks, and alarms
C. Security policies
Which network topology are you most likely to run across in a large enterprise network? A. Full mesh B. Bus topology C. Star-bus hybrid D. Ring topology
C. Star-bus hybrid
Joseph, a security analyst, analyzes the network traffic and notices that the SYN flag is set on a packet. Which of the following protocols is in use? A. HTTPS B. UDP C. TCP D. HTTP
C. TCP
What connection-oriented protocol is utilized by the Transport layer? A. HTTPS B. SSL C. TCP D. UDP
C. TCP
Which information would a packet filter use to make decisions about what traffic to allow into the network? A. HTTP REQUEST message B. Ethernet type C. UDP source port D. SNMP OID
C. UDP source port
To remove malware from the network before it gets to the endpoint, you would use which of the following? A. Packet filter B. Application layer gateway C. Unified threat management appliance D. Stateful firewall
C. Unified threat management appliance
What additional properties does the Parkerian hexad offer over the CIA triad? A. Confidentiality, awareness, authenticity B. Utility, awareness, possession C. Utility, possession, authenticity D. Possession, control, authenticity
C. Utility, possession, authenticity
What is the role of an individual who interrogates a system with permission? A. Black hat hacker B. Red hat hacker C. White hat hacker D. Gray hat hacker
C. White hat hacker
With what command you can see your user name? A. pwd B. I C. Whoami D. Me
C. Whoami
Shawn works as a penetration tester at XYZ. He was asked to get the network route to a destination. Which network diagnostics utility will he use? A. dig B. ifconfig C. traceroute D. Wireshark
C. traceroute
How many host computers can be assigned a valid IPv4 address when using a CIDR /24 prefix? A. 65,000 B. 512 C. 16 million D. 254
D. 254
A user has created a VPC having the CIDR /22 network. Which of the following subnet masks will the user use to indicate the same network? A. 255.255.254.0 B. 255.255.240.0 C. 255.255.248.0 D. 255.255.252.0
D. 255.255.252.0
Which of the following is one factor of a defense in depth approach to network design? A. Switches B. Using Linux on the desktop C. Optical cable connections D. Access control lists on routers
D. Access control lists on routers
What layer protocols operate as the front end to the lower-layer protocols in the TCP/IP stack? A. Transport B. Internet C. Network D. Application
D. Application
In the methodology used to secure an organization, which step includes the process of ethical hacking? A. Training B. Audit C. Implementation D. Assessment E. Policy development
D. Assessment
If you were on a client engagement and discovered that you left an external hard drive with essential data on it at home, which security principle would you be violating? A. Confidentiality B. Integrity C. Non-repudiation D. Availability
D. Availability
The packet indicates the physical destination address as ff.ff.ff.ff.ff.ff. What type of MAC address is this? A. Unicast B. Anycast C. Multicast D. Broadcast
D. Broadcast
What command do you have to use to go to the parent directory? A. Cd - B. Cd /up C. Cd ~ D. Cd ..
D. Cd ..
The UDP headers contain which of the following fields? A. Length, checksum, flags, address B. Flags, source port, destination port, checksum C. Source address, destination address, checksum, length D. Destination port, source port, checksum, length
D. Destination port, source port, checksum, length
Which of the below commands NOT used to view the contents of a file? A. Less command B. Cat command C. More command D. Disp command
D. Disp command
You are an attacker who has successfully infiltrated your target's web server. You performed a web defacement on the targeted organization's website, and you were able to create your own credentials with administrative privileges. Before conducting data exfiltration, what will you do? A. Ensure that you migrate to a different session and log out. B. Ensure that you log out of the session. C. Log in to the new user account that you created. D. Go back and delete or edit the logs.
D. Go back and delete or edit the logs.
Please refer to the FBI Flash card provided to you. The attackers infected the victim systems with ________ A. Stuxnet B. MyDoom virus C. Slammer virus D. IceID trojan
D. IceID trojan
A black hat hacker was able to install a device at an unattended workstation and was able to recover passwords, account information, and other information the next day. What did the black hat hacker install? A. Botnet B. Trojan C. Rootkit D. Keylogger
D. Keylogger
Which of these would be an example of a loss of integrity? A. User making changes to a file and saving it B. Bad blocks flagged on disk C. Credit cards passed in cleartext D. Memory failures causing disk drivers to run incorrectly
D. Memory failures causing disk drivers to run incorrectly
If you were looking for the definitive documentation on a protocol, what would you consult? A. IEEE B. Standards C. Manual pages D. Request for Comments (RFC)
D. Request for Comments (RFC)
Which header field is used to ensure that TCP packets are in order? A. Identification B. Acknowledgment number C. Source port D. Sequence number
D. Sequence number
Which of the following indicates how long a message can live on the network before it is considered to be expired? A. None of these B. Tos C. RFC D. TTL
D. TTL
In the TCP/IP stack, what layer is concerned with controlling the flow of data, sequencing packets for reassembly, and encapsulating the segment with a TCP or UDP header? A. Network B. Internet C. Application D. Transport
D. Transport
What important event can be exposed by enabling auditing? A. System shutdown B. Service startup C. Package installation D. User login
D. User login
Please refer to the FBI Flash card provided to you. How did the hacker gain access to the victim networks? A. By attempting Logging in with random passwords B. Cross-site scripting attack C. SQL Injection attack D. Heartbleed attack E. Sending phishing emails with malicious zip file
E. Sending phishing emails with malicious zip file
What does the following code print? if true; then echo "woo hoo" fi
woo hoo
Say you want to move to line 17 in vim. What is the command to move your cursor to line 17?
17G
What is the vim command to view line numbers?
:set number
How do you read arguments in a shell program? A. $0 would be the first line argument, $1 would be the Second command line argument, $2 the Third, and so on B. $1 would be the first command line argument, $2 the second, and so on $0 is the name of the script or function C. Both are correct D. Both are incorrect
B. $1 would be the first command line argument, $2 the second, and so on $0 is the name of the script or function
If you were to see the subnet mask 255.255.252.0, what CIDR notation (prefix) would you use to indicate the same thing? A. /23 B. /22 C. /21 D. /20
B. /22
Camila, a network administrator, observes the subnet mask 255.255.255.252. Which CIDR notation will she use to indicate the subnet mask? A. /23 B. /30 C. /21 D. /22
B. /30
What is a MAC address used for? A. Addressing systems through a tunnel B. Addressing systems on the local network C. Addressing systems over a VPN D. Addressing systems over TCP
B. Addressing systems on the local network
What can an intrusion prevention system do that an intrusion detection system can't? A. Generate alerts B. Block or reject network traffic C. Complete the three-way handshake to bogus messages D. Log packets
B. Block or reject network traffic
Your organization has asked you to connect all the computers to a single backbone. Which of the following topologies will you use? A. Hybrid B. Bus C. Ring D. Tree
B. Bus
Your organization has asked you to connect all the computers to a single backbone. Which of the following topologies will you use? A. Ring B. Bus C. Tree D. Hybrid
B. Bus
How can you append the output of a command to a file? A. Command > file B. Command >> file C. Command file D. Command < file
B. Command >> file
Which design concept limits access to systems from outside users while protecting users and systems inside the LAN? A. Multihomed firewall B. DMZ C. Bastion host D. Screened subnet
B. DMZ
What does the command ls do? A. Shows a calendar B. Display of files and folders, present in the folder where you are C. Opening a file D. Display of the contents of a file
B. Display of files and folders, present in the folder where you are
How would you ensure that confidentiality is implemented in an organization? A. Watchdog processes B. Encryption C. Cryptographic hashes D. Web servers
B. Encryption
Please refer to the FBI Flash card provided to you. What are the recommended mitigations? Choose all that do NOT apply. A. Ensure copies of critical data are in the cloud or on an external hard drive or storage device. B. Enforce VPN access to all users C. Secure your back-ups and ensure data is not accessible for modification or deletion from the system where the original data resides. D. Back-up critical data offline. E. Consider adding an email banner to emails received from outside your organization. F. Audit user accounts with administrative privileges and configure access controls with least privilege in mind. G. Ensure administrators are not using "Admin Approval" mode. H. Use multi-factor authentication with strong passphrases. I. Enable remote desktop protocol. J. Keep computers, devices, and applications patched and up-to-date.
B. Enforce VPN access to all users I. Enable remote desktop protocol.
Katy, a penetration tester, observes illegal activities on a client's computer. Which of the following actions should she take? A. Ignore the finding and continue with the penetration test. B. Immediately stop the test and report the finding to the authorities. C. Delete the finding and continue with the penetration test. D. Stop the test, inform the client, and let them handle it.
B. Immediately stop the test and report the finding to the authorities.
How can you display a list of all files, including the hidden files? A. Find -a B. Ls -a C. Find all D. All
B. Ls -a
Why do attackers look for down-level software? A. Systems of employees below the executive level are likelier to be less restricted because they don't handle highly confidential information. B. Older software often has vulnerabilities that may not have been patched. C. High-level programming languages are likely to have built-in security features. D. Invading the root level of an operating system gives an attacker access to more files.
B. Older software often has vulnerabilities that may not have been patched.
No matter what medium connects computers on network-copper wires, fiber-optic cables, or a wireless setup; the same protocol must be running on all computers if communication is going to function correctly.
True
Unix identifies every process by a Process Identification Number (PID) which is assigned when the process is initiated. When we want to perform an operation on a process, we refer to it by its PID or ProcessId.
True
What does the following code print? if test 55 -lt 44; then echo 'i love numbers' else echo 'nooooooo' fi
nooooooo