Chapter 5

Basics of Hacking (CO5)

--------------------------------------------------------------------------------------------------------------------

1. Ethical Hacking is also known as _____ Hacking.

A. Black Hat
B. White Hat Hacking.
C. Encryption.
D. None of these. Ans. B
2. Tool(s) used by ethical hacker_____.
A. Scanner
B. Decoder
C. Proxy
D. All of these.
Ans. D

3. Vulnerability scanning in Ethical hacking finds_____. A.

Strengths.
B. Weakness.
C. A &B
D. None of these.
Ans. B

4. Ethical hacking will allow to____ all the massive security

breaches.
A. Remove.
B. Measure.
C. Reject.
D. None of these.
Ans. B

5. Sequential step hackers use are: _ _ _ _.

A. Maintaining Access.
B. Reconnaissance
C. Scanning.
D. Gaining Access.

A. B, C, D, A
B. B, A, C, D C. A, B, C, D
D. D, C, B, A
Ans. A
6. ______ is the art of exploiting the human elements to gain
access to the authorized user.
A. Social Engineering.
B.IT Engineering.
C. Ethical Hacking.
D. None of the above.
Ans. A

7. Which hacker refers to ethical hacker?

A. Black hat hacker.
B. White hat hacker.
C. Grey hat hacker.
D. None of the above.
Ans. B

8. The term cracker refers to_____

A. Black hat hacker.
B. White hat hacker.
C. Grey hat hacker.
D. None of the above.
Ans. A

9. Who described a dissertation on fundamentals of hacker’s

attitude?
A. G. Palma.
B. Raymond.
C. Either.
D. Jhon Browman.
Ans. B

10.Computer Hackers have been in existence for more than a____.

A.Decade.
B. Year.
C. Century
D. Era.
Ans. C

11.Hackers do hack for?

A.Fame.
B. Profit.
C. Revenge.
D. All the above
Ans. D

12.The intent of ethical hacker is to discover vulnerabilities from a_____ point of view to
better secure system.
A. Victims.
B. Attackers.
C. Both A & B D. None of these.
Ans. B

13.Security audits are usually based on___

A. Entries.
B. Checklists.
C. Both A & B
D. None of the above
Ans. B

14.Ethical hacking consist of _______

A.Penetration testing.
B. Intrusion testing.
C. Red teaming.
D. All of the above.
Ans. D

15._______ is a person who find and exploits the weakness in computer system.
A. Victim
B. Hacker
C. Developer
D. None of the above.
Ans. B

16. A white hat hacker is the one who _____

A. Fix identifies weakness
B. Steal the data
C. Identifies the weakness and leave message to owner
D. None of the above
Ans. A

17.A black hat hacker is the one who _______

A. Fix identifies weakness
B. Steal the data
C. Identifies the weakness and leave message to owner
D. None of the above. Ans. B
18. A grey hat hacker is the one who_______
A. Fix identifies weakness
B. Steal the data
C. Identifies the weakness and leave message to owner
D. None of the above
Ans. C

19. Keeping information secured can protect an organization image and save and
organization lot of money
A. True
B. False
Ans. A

20.Information is a one of the most valuable assets of organization

A. True
B. False
Ans. A

21. To catch a thief, think like _____

A. Police
B. Forensics
C. Thief
D. Hacker
Ans. C

22._______can create false feeling of safety

A. Firewall
B. Encryption
C. VNPs
D. All the above
Ans. D

23.______ exploits that involves manipulating people and user even your self are the
greatest vulnerability within any computer
A. Nontechnical attacks
B. Network infrastructure attack
C. Operating system attack
D. Application and other specialized attack
Ans. A
24.Connecting into network through a rogue modem attached to computer behind a
firewall is an example of ____-
A. Nontechnical attacks
B. Network infrastructure attack
C. Operating system attack
D. Application and other specialized attack
Ans. B

25.______ comprise of large portion of hacker attacks simply because every computer has
one
and so well know exploits can be used against them
A. Nontechnical attacks
B. Network infrastructure attack
C. Operating system attack
D. Application and other specialized attack
Ans. C

26.______ should be done before ethical hacking process.

A.Data gathering.
B. Attacking C.
Planning
D. Research
Ans. C

27.Which permission is necessary before ethical hacking?

A.Written permission.
B. Decision maker permission C.
Privacy permission D. Risk
permission.
Ans. A

28. Which tool is used to crack the password?

A. Nmap
B. LC4
C. ToneLOC
D. Nessus
Ans. B
29. Which tool is used for depth analysis of a web application?
A. Whisker
B. Super scan
C. Nikto
D. Kismet Ans. A
30. Which tool is used to encrypt Email?
A. WebInspect
B. QualyGuard
C. PGP (pretty good privacy)
D. None of the above.
Ans. C

31.Malicious attacker often think like?

A. Thieves
B. Kidnapper
C. Both A & B
D. None of the above
Ans. C

32.Which hacker try to distribute political or social message through their work?
A. Black hat hacker
B. Hactivist
C. Script kiddes
D. White hat hacker
Ans. B

33._______ are part of organized crime on internet.

A. Criminal
B. Antinationalist
C. Hacker for hire
D. None of the above
Ans. C

34. Which magazines releases the latest hacking methods?

A. 2600
B. Hackin9
C. PHRACK
D. All the above
Ans. D
35. Performing a shoulder surfing in order to check other’s password is ____________
ethical
practice.
A. a good
B. not so good
C. very good social engineering practice
D. a bad Ans. D
36. ___________ has now evolved to be one of the most popular automated tools for
unethical hacking.
A. Automated apps
B. Database software
C. Malware
D. Worms
Ans. C

37. Leaking your company data to the outside network without prior permission of senior
authority is a crime.
A. True
B. False
Ans. A

38. A penetration tester must identify and keep in mind the ___________ & ___________
requirements of a firm while evaluating the security postures.
A. privacy and security
B. rules and regulations
C. hacking techniques
D. ethics to talk to seniors
Ans. A

39. The legal risks of ethical hacking include lawsuits due to __________ of personal data.
A.stealing
B. disclosure
C. deleting
D. hacking
Ans. B

40. Before performing any penetration test, through legal procedure, which key points
listed below is not mandatory?
A. Know the nature of the organization
B. Characteristics of work done in the firm
C. System and network
D. Type of broadband company used by the firm
Ans. D

Chapter-6
Types of Hacking (CO6)
--------------------------------------------------------------------------------------------------------------------

1. SNMP stands for_____

A. Simple Network Messaging Protocol
B. Simple Network Mailing Protocol
C. Simple Network Management Protocol
D. Simple Network Master Protocol
Ans: C

2. Which of the following tool is used for Network Testing and port Scanning______
A. NetCat
B. SuperScan
C. NetScan
D. All of above
Ans: D

3. Banner grabbing is used for

A. White Hat Hacking
B. Black Hat Hacking
C. Grey Hat Hacking
D. Script Kiddies
Ans: A

4. An attacker can create an________attack by sending hundreds or thousands of e-mails a

with very large attachments.
A. Connection Attack
B. Auto responder Attack
C. Attachment Overloading Attack
D. All the above
Ans: B
5. Which of the following tool is used for Windows for network queries from DNS lookups
to trace routes?
A. Sam Spade
B. SuperScan
C. NetScan
D. Netcat
Ans: A

6. Which tool is used for ping sweeps and port scanning?

A. Netcat
B. SamSpade
C. SuperScan
D. All the above
Ans: C

7. Which of the following tool is used for security checks as port scanning and firewall
testing?
A. Netcat
B. Nmap
C. Data communication
D. Netscan
Ans: A

8. What is the most important activity in system cracking?

A. Information gathering
B. Cracking password
C. Escalating privileges
D. Covering tracks
Ans: B

9. Which Nmap scan is does not completely open a TCP connection?

A. SYN stealth scan
B. TCP scan
C. XMAS tree scan
D. ACK scan
Ans: A

10.Key loggers are form of

A. Spyware
B. Shoulder surfing
C. Trojan
D. Social engineering
Ans: A

11. Nmap is abbreviated as Network Mapper.

A. True
B. False
Ans: A

12. _________is a popular tool used for discovering network as well as security auditing.
A. Ettercap
B. Metasploit
C. Nmap
D. Burp Suit Ans: C
13. Which of this Nmap do not check?
A. Services different hosts are offering
B. On what OS they are running.
C. What kind of firewall in use?
D. What type of antivirus in use?
Ans: D

14. What is purpose of Denial of Service attacks?

A. Exploit weakness in TCP/IP attack.
B. To execute a trojan horse on a system.
C. To overload a system so it is no longer operational.
D. To shutdown services by turning them off.
Ans: C

15. What are the some of the most common vulnerabilities that exist in a network system?
A.Changing manufacturer, or recommended settings of newly installed application.
B. Additional unused feature on commercial software package.
C. Utilizing open source application code.
D. Balancing security and ease of use of system.
Ans: B

16. Which of the following is not a characteristic of ethical hacker?

A. Excellent knowledge of Windows.
B. Understands the process of exploiting network vulnerabilities.
C. Patience, persistence and perseverance.
D. Has the highest level of security for the organization.
Ans: D
17. Attempting to gain access to a network using an employee’s credentials is called the
_____________ mode of ethical hacking.
A. Local networking
B. Social engineering
C. Physical entry
D. Remote networking
Ans: A

18. The first phase of hacking an IT system is compromise of which foundation of security?
A. Availability
B. Confidentiality
C. Integrity
D. Authentication Ans: B
19. Why would a ping sweep be used?
A. To identify live systems
B. To locate live systems
C. To identify open ports
D. To locate firewalls
Ans: A

20. What are the port states determined by Nmap?

A. Active, inactive, standby
B. Open, half-open, closed
C. Open, filtered, unfiltered
D. Active, closed, unused
Ans: C

21. What port does Telnet use?

A. 22 B. 80
C. 20
D. 23
Ans: D

22. Which of the following will allow foot printing to be conducted without detection?
A. PingSweep
B. Traceroute
C. War Dialers
D. ARIN
Ans: D
23. Performing hacking activities with the intent on gaining visibility for an unfair situation
is called ________.
A. Cracking
B. Analysis
C. Hacktivism
D. Exploitation
Ans: C

24. Why would a hacker use a proxy server?

A. To create a stronger connection with the target.
B. To create a ghost server on the network.
C. To obtain a remote access connection
D. To hide malicious activity on the network Ans: A

25. Which phase of hacking performs actual attack on a network or system?

A. Reconnaissance
B. Maintaining Access
C. Scanning
D. Gaining Access
Ans: D

26. Sniffing is used to perform ______________ fingerprinting.

A. Passive stack
B. Active stack
C. Passive banner grabbing
D. Scanned
Ans: A

27. Services running on a system are determined by _____________.

A. The system’s IP address
B. The Active Directory
C. The system’s network name
D. The port assigned
Ans: D

28. What are the types of scanning? A. Port, network, and services
B. Network, vulnerability, and port
C. Passive, active, and interactive
D. Server, client, and network
Ans: B
29. Enumeration is part of what phase of ethical hacking?
A. Reconnaissance
B. Maintaining Access
C. Gaining Access
D. Scanning
Ans: C

30. ______________ framework made cracking of vulnerabilities easy like point and click.
A. Net
B. Metasploit
C. Zeus
D. Ettercap
Ans: B
31.__________ is a popular IP address and port scanner.
A. Cain and Abel
B. Snort
C. Angry IP Scanner
D. Ettercap
Ans: C

32.________ is a popular tool used for network analysis in multiprotocol diverse network
A. Snort
B. SuperScan
C. Burp Suit
D. EtterPeak
Ans: D

33___________ scans TCP ports and resolves different hostnames.

A. SuperScan
B. Snort
C. Ettercap D. QualysGuard .
Ans: A

34. What tool can be used to perform SNMP enumeration?

A. DNSlookup
B. Whois
C. Nslookup
D. IP Network Browser
Ans: D

35. Wireshark is a ____________ tool.

A. network protocol analysis
B. network connection security
C. connection analysis
D. defending malicious packet-filtering
Ans: A

36. Aircrack-ng is used for ____________

A. Firewall bypassing
B. Wi-Fi attacks
C. Packet filtering
D. System password cracking
Ans: B

37. Phishing is a form of ____________________.

A. Spamming
B. Identify Theft
C. Impersonation
D. Scanning
Ans: C

38. What are the types of scanning?

A. Port, network, and services
B. Network, vulnerability, and port
C. Passive, active, and interactive
D. Server, client, and network
Ans: B

39 _____ is used for searching of multiple hosts in order to target just one specific open
port.
A. Ping Sweep
B. Port scan
C. Ipconfig
D. Spamming
Ans: A

40. ARP spoofing is often referred to as_____

A. Man-in-the-Middle attack
B. Denial-of-Service attack
C. Sniffing
D. Spoofing
Ans: A

41. ______is a tool that allows you to look into network and analyze data going across the
wire for network optimization, security and troubleshooting purposes.
A. Network analyzer
B. Crypt tool
C. John-the -Ripper
D.
Ans: A
Back track

42. _________ is not a function of network analyzer tool.

A. Captures all network traffic
B. Interprets or decodes what is found into a human-readable format.
C. Displays it all in chronological order.
D. Banner grabbing
Ans: D
43. _____ protocol is used for network monitoring.
A. FTP
B. SNMP
C. RELNET
D. ARP
Ans: A

44. What is the attack called “evil twin”?

A. rouge access point
B. ARP poisoning
C. session hijacking
D. MAC spoofing
Ans: A

45.What is the primary goal of an ethical hacker?

A. avoiding detection
B. testing security controls
C. resolving security vulnerabilities
D. determining return on investment for security measures
Ans: C

46. What are the forms of password cracking technique?

A. Attack syllable
B. Attack brute forcing
C. Attacks hybrid
D. All the above
Ans: D

45.Which type of hacker represents the highest risk to your network?

A. black-hat hackers
B. grey-hat hackers
C. script kiddies
D. disgruntled employees
Ans: D

46. Hacking for a cause is called______

A. hacktivism
B. black-hat hacking
C. active hacking
D. activism
Ans: A

47. When a hacker attempts to attack a host via the internet it is known as what type of
attack?
A.local access
B. remote attack
C. internal attack
D. physical access
Ans: B

49. A type of attack that overloads the resources of a single system to cause it to crash or
hang.
A. Resource Starvation
B. Active Sniffing
C. Passive Sniffing
D. Session Hijacking
Ans. C

50.In computer networking, ____ is any technical effort to manipulate the normal behavior
of network connections and connected systems.
A. Hacking
B. Evidence
C. Tracing
D. None of above
Ans:-A

51._____ generally refers to unauthorized intrusion into a computer or a network.

A. Hacking
B. Evidence
C. Tracing
D. None of above

Ans:-A

52.We can eliminate many well-known network vulnerabilities by simply patch-ing your
network hosts with their latest ______and______.
A. Hckers and Prackers
B. Vendor software and firmware patches
C. Software amd Hardware
D. None of above
Ans:-B

53.Network consist devices such as routers, firewalls, hosts that you must assess as a part of
______ process.

A. Prackers
B. Black hat hacking C. Grey hat hacking process
D. Ethical hacking process.
Ans:-D

54. Network infrastructure vulnerabilities are the foundation for most technical security
issues in your information systems.
A. Operating system vulnerabilities
B. Web vulnerabilities
C. Wireless network vulnerabilities
D. Network infrastructure vulnerabilities
Ans:-D

55.____ attack, which can take down your Internet connection or your entire network.
A. MAC
B. DOS
C. IDS
D. None of above
Ans:-B
56.DOS stands for
A. Detection of system
B. Denial of Service
C. Detection of service
D. None of above
Ans:-B

57.IDS stands for ____

A. Intrusion detection system
B. Information documentation service
C. Intrusion documentation system
D. None of above
Ans:-A

58. Which protocols are in use is vulnerable

A. TCL
B. SSL
C. FTP
D. SMTP
Ans:-B

59. SSL stands for_____ A. Secure Sockets Layer

B. Software Security Layer
C. Socket security layer
D. System software layer
Ans:-A

60. ____ include phishing, SQL injection, hacking, social engineering, spamming, denial of
service attacks, Trojans, virus and worm attacks.
A. Operating system vulnerabilities
B. Web vulnerabilities
C. Wireless network vulnerabilities
D. Network infrastructure vulnerabilities
Ans:-D

61.Who invent worm attack___

A. Brightn Godfrey
B. Alan yeung
C. Robert Morris
D. None of above
Ans:-C

62. Which of the following is not a typical characteristic of an ethical hacker?

A. Excellent knowledge of Windows.
B. Understands the process of exploiting network vulnerabilities.
C. Patience, persistence and perseverance.
D. Has the highest level of security for the organization.
Ans:-D
63. What is the purpose of a Denial of Service attack?
A. Exploit a weakness in the TCP/IP stack
B. To execute a Trojan on a system
C. To overload a system so it is no longer operational
D. To shutdown services by turning them off
Ans:- C

64.What are some of the most common vulnerabilities that exist in a network or system?
A. Changing manufacturer, or recommended, settings of a newly installed application.
B. Additional unused features on commercial software packages.
C. Utilizing open source application code
D. Balancing security concerns with functionality and ease of use of a system. Ans:B

65. What is the sequence of a TCP connection?

A. SYN-ACK-FIN
B. SYN-SYN ACK-ACK
C. SYN-ACK
D. SYN-SYN-ACK
Ans:B

66. Why would a ping sweep be used?

A. To identify live systems
B. To locate live systems
C. To identify open ports
D. To locate firewalls
Ans:-A

67. A packet with no flags set is which type of scan?

A. TCP
B. XMAS
C. IDLE
D. NULL
Ans:-D