Ethical Hacking Module 4 Practice
Questions and Correct Answers
When a penetration tester starts gathering details about employees, vendors, business
processes, and physical security, which phase of testing are they in?
Scanning
Reconnaissance
Covering tracks
Gaining access ✅Reconnaissance
Which of the following elements of penetration testing includes the use of web surfing,
social engineering, dumpster diving, and social networking?
Information types
Maintaining access
Information gathering techniques
Permission and documentation ✅Information gathering techniques
MinJu, a penetration tester, is testing a client's security. She notices that every
Wednesday, a few employees go to a nearby bar for happy hour. She goes to the bar
and starts befriending one of the employees with the intention of learning the
employee's personal information. Which information gathering technique is MinJu
using?
Dumpster diving
Social networking
Social engineering
Web surfing ✅Social engineering
A penetration tester is trying to extract employee information during the reconnaissance
phase. What kinds of data is the tester collecting about the employees?
Intellectual property, critical business functions, and management hierarchy
Contact names, phone numbers, email addresses, fax numbers, and addresses
Operating systems, applications, security policies, and network mapping
Geographical information, entry control systems, employee routines, and vendor traffic
✅Contact names, phone numbers, email addresses, fax numbers, and addresses
Which of the following is the difference between an ethical hacker and a criminal
hacker?
A criminal hacker is easily detected, but an ethical hacker isn't
An ethical hacker is nice, clean, and polite, but a criminal hacker isn't
Questions and Correct Answers
When a penetration tester starts gathering details about employees, vendors, business
processes, and physical security, which phase of testing are they in?
Scanning
Reconnaissance
Covering tracks
Gaining access ✅Reconnaissance
Which of the following elements of penetration testing includes the use of web surfing,
social engineering, dumpster diving, and social networking?
Information types
Maintaining access
Information gathering techniques
Permission and documentation ✅Information gathering techniques
MinJu, a penetration tester, is testing a client's security. She notices that every
Wednesday, a few employees go to a nearby bar for happy hour. She goes to the bar
and starts befriending one of the employees with the intention of learning the
employee's personal information. Which information gathering technique is MinJu
using?
Dumpster diving
Social networking
Social engineering
Web surfing ✅Social engineering
A penetration tester is trying to extract employee information during the reconnaissance
phase. What kinds of data is the tester collecting about the employees?
Intellectual property, critical business functions, and management hierarchy
Contact names, phone numbers, email addresses, fax numbers, and addresses
Operating systems, applications, security policies, and network mapping
Geographical information, entry control systems, employee routines, and vendor traffic
✅Contact names, phone numbers, email addresses, fax numbers, and addresses
Which of the following is the difference between an ethical hacker and a criminal
hacker?
A criminal hacker is easily detected, but an ethical hacker isn't
An ethical hacker is nice, clean, and polite, but a criminal hacker isn't
