EMILLECT 2024/2025 ACADEMIC YEAR ©2024 EMILLECT. ALL RIGHTS RESERVED. FIRST PUBLISH OCTOBER 2024.
Ethical Hacking Essentials Complete
Practice Test Questions and Answers
The assurance that the systems responsible for delivering, storing, and processing information
are accessible when required by authorized users is referred to by which of the following
elements of information security? - Answer✔✔-Available
Identify the element of information security that refers to the quality of being genuine or
uncorrupted as a characteristic of any communication, documents, or any data. - Answer✔✔-
Authenticity
Mark, a professional hacker, targets his opponent's website. He finds susceptible user inputs,
injects malicious SQL code into the database, and tampers with critical information.
Which of the following types of attack did Mark perform in the above scenario? - Answer✔✔-
Active Attack
Ruby, a hacker, visited her target company disguised as an aspiring candidate seeking a job. She
noticed that certain sensitive documents were thrown in the trash near an employee's desk.
She collected these documents, which included critical information that helped her to perform
further attacks.
Identify the type of attack performed by Ruby in the above scenario. - Answer✔✔-Close in
Attack
Page 1/87
,EMILLECT 2024/2025 ACADEMIC YEAR ©2024 EMILLECT. ALL RIGHTS RESERVED. FIRST PUBLISH OCTOBER 2024.
James, a malware programmer, intruded into a manufacturing plant that produces computer
peripheral devices. James tampered with the software inside devices ready to be delivered to
clients. The tampered program creates a backdoor that allows unauthorized access to the
systems.
Identify the type of attack performed by James in the above scenario to gain unauthorized
access to the delivered systems. - Answer✔✔-Distribution Attack
Williams, an employee, was using his personal laptop within the organization's premises. He
connected his laptop to the organization's internal network and began eavesdropping on the
communication between other devices connected to the internal network. He sniffed critical
information such as login credentials and other confidential data passing through the network.
Identify the type of attack performed by Williams in the above scenario. - Answer✔✔-Insider
Attack
David, a professional hacker, has initiated a DDoS attack against a target organization. He
developed a malicious code and distributed it through emails to compromise the systems. Then,
all the infected systems were grouped together to launch a DDoS attack against the
organization.
Identify the type of attack launched by David on the target organization. - Answer✔✔-Botnet
Jack is working as a malware analyst in an organization. He was assigned to inspect an attack
performed against the organization. Jack determined that the attacker had restricted access to
Page 2/87
,EMILLECT 2024/2025 ACADEMIC YEAR ©2024 EMILLECT. ALL RIGHTS RESERVED. FIRST PUBLISH OCTOBER 2024.
the main computer's files and folders and was demanding an online payment to remove these
restrictions.
Which of the following type of attack has Jack identified in the above scenario? - Answer✔✔-
Ransomware
Identify the type of attack vector that focuses on stealing information from the victim machine
without its user being aware and tries to deliver a payload affecting computer performance. -
Answer✔✔-APT Attack
Andrew, a professional hacker, drafts an email that appears to be legitimate and attaches
malicious links to lure victims; he then distributes it through communication channels or mails
to obtain private information like account numbers.
Identify the type of attack vector employed by Andrew in the above scenario. - Answer✔✔-
Phishing
Identify the civilian act designed to protect investors and the public by increasing the accuracy
and reliability of corporate disclosures. - Answer✔✔-Sarbanes - Oxley Act
Which of the following ISO/IEC standard specifies the requirements for establishing,
implementing, maintaining, and continually improving an information security management
system within the context of an organization? - Answer✔✔-ISO/IEC 27001:2013
An organization located in Europe maintains a large amount of user data by following all the
security-related laws. It also follows GDPR protection principles, one of which states that the
organization should only collect and process data necessary for the specified task.
Page 3/87
, EMILLECT 2024/2025 ACADEMIC YEAR ©2024 EMILLECT. ALL RIGHTS RESERVED. FIRST PUBLISH OCTOBER 2024.
Which of the following GDPR protection principle is discussed in the above scenario? -
Answer✔✔-Data Minimization
Which of the following titles in The Digital Millennium Copyright Act (DMCA) allows the owner
of a copy of a program to make reproductions or adaptations when these are necessary to use
the program in conjunction with a system? - Answer✔✔-Title III: Computer Maintenance or
Repair
Which of the following countries has implemented "The Copyright Act 1968" and "The Patents
Act 1990"? - Answer✔✔-Australia
Given below are the various phases involved in the cyber kill chain methodology.
1. Installation
2. Delivery
3. Reconnaissance
4. Actions on objectives
5. Weaponization
6. Exploitation
7. Command and control
What is the correct sequence of phases involved in the cyber kill chain methodology? -
Answer✔✔-3 -> 5 -> 2 -> 6 -> 1 -> 7 -> 4
Page 4/87
Ethical Hacking Essentials Complete
Practice Test Questions and Answers
The assurance that the systems responsible for delivering, storing, and processing information
are accessible when required by authorized users is referred to by which of the following
elements of information security? - Answer✔✔-Available
Identify the element of information security that refers to the quality of being genuine or
uncorrupted as a characteristic of any communication, documents, or any data. - Answer✔✔-
Authenticity
Mark, a professional hacker, targets his opponent's website. He finds susceptible user inputs,
injects malicious SQL code into the database, and tampers with critical information.
Which of the following types of attack did Mark perform in the above scenario? - Answer✔✔-
Active Attack
Ruby, a hacker, visited her target company disguised as an aspiring candidate seeking a job. She
noticed that certain sensitive documents were thrown in the trash near an employee's desk.
She collected these documents, which included critical information that helped her to perform
further attacks.
Identify the type of attack performed by Ruby in the above scenario. - Answer✔✔-Close in
Attack
Page 1/87
,EMILLECT 2024/2025 ACADEMIC YEAR ©2024 EMILLECT. ALL RIGHTS RESERVED. FIRST PUBLISH OCTOBER 2024.
James, a malware programmer, intruded into a manufacturing plant that produces computer
peripheral devices. James tampered with the software inside devices ready to be delivered to
clients. The tampered program creates a backdoor that allows unauthorized access to the
systems.
Identify the type of attack performed by James in the above scenario to gain unauthorized
access to the delivered systems. - Answer✔✔-Distribution Attack
Williams, an employee, was using his personal laptop within the organization's premises. He
connected his laptop to the organization's internal network and began eavesdropping on the
communication between other devices connected to the internal network. He sniffed critical
information such as login credentials and other confidential data passing through the network.
Identify the type of attack performed by Williams in the above scenario. - Answer✔✔-Insider
Attack
David, a professional hacker, has initiated a DDoS attack against a target organization. He
developed a malicious code and distributed it through emails to compromise the systems. Then,
all the infected systems were grouped together to launch a DDoS attack against the
organization.
Identify the type of attack launched by David on the target organization. - Answer✔✔-Botnet
Jack is working as a malware analyst in an organization. He was assigned to inspect an attack
performed against the organization. Jack determined that the attacker had restricted access to
Page 2/87
,EMILLECT 2024/2025 ACADEMIC YEAR ©2024 EMILLECT. ALL RIGHTS RESERVED. FIRST PUBLISH OCTOBER 2024.
the main computer's files and folders and was demanding an online payment to remove these
restrictions.
Which of the following type of attack has Jack identified in the above scenario? - Answer✔✔-
Ransomware
Identify the type of attack vector that focuses on stealing information from the victim machine
without its user being aware and tries to deliver a payload affecting computer performance. -
Answer✔✔-APT Attack
Andrew, a professional hacker, drafts an email that appears to be legitimate and attaches
malicious links to lure victims; he then distributes it through communication channels or mails
to obtain private information like account numbers.
Identify the type of attack vector employed by Andrew in the above scenario. - Answer✔✔-
Phishing
Identify the civilian act designed to protect investors and the public by increasing the accuracy
and reliability of corporate disclosures. - Answer✔✔-Sarbanes - Oxley Act
Which of the following ISO/IEC standard specifies the requirements for establishing,
implementing, maintaining, and continually improving an information security management
system within the context of an organization? - Answer✔✔-ISO/IEC 27001:2013
An organization located in Europe maintains a large amount of user data by following all the
security-related laws. It also follows GDPR protection principles, one of which states that the
organization should only collect and process data necessary for the specified task.
Page 3/87
, EMILLECT 2024/2025 ACADEMIC YEAR ©2024 EMILLECT. ALL RIGHTS RESERVED. FIRST PUBLISH OCTOBER 2024.
Which of the following GDPR protection principle is discussed in the above scenario? -
Answer✔✔-Data Minimization
Which of the following titles in The Digital Millennium Copyright Act (DMCA) allows the owner
of a copy of a program to make reproductions or adaptations when these are necessary to use
the program in conjunction with a system? - Answer✔✔-Title III: Computer Maintenance or
Repair
Which of the following countries has implemented "The Copyright Act 1968" and "The Patents
Act 1990"? - Answer✔✔-Australia
Given below are the various phases involved in the cyber kill chain methodology.
1. Installation
2. Delivery
3. Reconnaissance
4. Actions on objectives
5. Weaponization
6. Exploitation
7. Command and control
What is the correct sequence of phases involved in the cyber kill chain methodology? -
Answer✔✔-3 -> 5 -> 2 -> 6 -> 1 -> 7 -> 4
Page 4/87
