certified ethical hacker exam
1. Which of the following is the act intended to prevent spam emails?
A. 1990 Computer Misuse Act
B. Spam Prevention Act
C. US-Spam 1030 Act
D. CANSPAM Act
D
2. Which of the following is a tool for performing footprinting undetected?
A. Whois search
B. Traceroute
C. Ping sweep
D. Host scanning
A
3. Which of the following tools are used for footprinting? (Choose 3.)
A. Whois
B. Sam Spade
C. NMAP
D. SuperScan
E. NSlookup
A,B,E
4. What is the next immediate step to be performed after footprinting?
A. Scanning
B. Enumeration
C. System hacking
D. Bypassing an IDS
A
5. Which are good sources of information about a company or its employees? (Choose all that
apply.)
A. Newsgroups
B. Job postings
C. Company website
D. Press releases
A,B,C,D
6. How does traceroute work?
A. It uses an ICMP destination-unreachable message to elicit the name of a router.
B. It sends a specially crafted IP packet to a router to locate the number of hops from the
sender to the destination network.
C. It uses a protocol that will be rejected by the gateway to determine the location.
D. It uses the TTL value in an ICMP message to determine the number of hops from the
sender to the router.
D
,7. What is footprinting?
A. Measuring the shoe size of an ethical hacker
B. Accumulation of data by gathering information on a target
C. Scanning a target network to detect operating system types
D. Mapping the physical layout of a target's network
B
8. NSlookup can be used to gather information regarding which of the following?
A. Hostnames and IP addresses
B. Whois information
C. DNS server locations
D. Name server types and operating systems
A
9. Which of the following is a type of social engineering?
A. Shoulder surfing
B. User identification
C. System monitoring
D. Face-to-face communication
A
10. Which is an example of social engineering?
A. A user who holds open the front door of an office for a potential hacker
B. Calling a help desk and convincing them to reset a password for a user account
C. Installing a hardware keylogger on a victim's system to capture passwords
D. Accessing a database with a cracked password
B
11. What is the best way to prevent a social-engineering attack?
A. Installing a firewall to prevent port scans
B. Configuring an IDS to detect intrusion attempts
C. Increasing the number of help desk personnel
D. Employee training and education
D
12. Which of the following is the best example of reverse social engineering?
A. A hacker pretends to be a person of authority in order to get a user to give them information.
B. A help desk employee pretends to be a person of authority.
C. A hacker tries to get a user to change their password.
D. A user changes their password.
A
13. Using pop-up windows to get a user to give out information is which type of social-engineering
attack?
A. Human-based
, B. Computer-based
C. Nontechnical
D. Coercive
B
14. What is it called when a hacker pretends to be a valid user on the system?
A. Impersonation
B. Third-person authorization
C. Help desk
D. Valid user
A
15. What is the best reason to implement a security policy?
A. It increases security.
B. It makes security harder to enforce.
C. It removes the employee's responsibility to make judgments.
D. It decreases security.
C
16. Faking a website for the purpose of getting a user's password and username is which type
of social-engineering attacks?
A. Human-based
B. Computer-based
C. Web-based
D. User-based
B
17. Dumpster diving can be considered which type of social-engineering attack?
A. Human-based
B. Computer-based
C. Physical access
D. Paper-based
A
18. What information-gathering tool will give you information regarding the operating system
of a web server?
A. NSlookup
B. DNSlookup
C. tracert
D. Netcraft
D
19. What tool is a good source of information for employees' names and addresses?
A. NSlookup
B. Netcraft
C. Whois
D. tracert
C
1. Which of the following is the act intended to prevent spam emails?
A. 1990 Computer Misuse Act
B. Spam Prevention Act
C. US-Spam 1030 Act
D. CANSPAM Act
D
2. Which of the following is a tool for performing footprinting undetected?
A. Whois search
B. Traceroute
C. Ping sweep
D. Host scanning
A
3. Which of the following tools are used for footprinting? (Choose 3.)
A. Whois
B. Sam Spade
C. NMAP
D. SuperScan
E. NSlookup
A,B,E
4. What is the next immediate step to be performed after footprinting?
A. Scanning
B. Enumeration
C. System hacking
D. Bypassing an IDS
A
5. Which are good sources of information about a company or its employees? (Choose all that
apply.)
A. Newsgroups
B. Job postings
C. Company website
D. Press releases
A,B,C,D
6. How does traceroute work?
A. It uses an ICMP destination-unreachable message to elicit the name of a router.
B. It sends a specially crafted IP packet to a router to locate the number of hops from the
sender to the destination network.
C. It uses a protocol that will be rejected by the gateway to determine the location.
D. It uses the TTL value in an ICMP message to determine the number of hops from the
sender to the router.
D
,7. What is footprinting?
A. Measuring the shoe size of an ethical hacker
B. Accumulation of data by gathering information on a target
C. Scanning a target network to detect operating system types
D. Mapping the physical layout of a target's network
B
8. NSlookup can be used to gather information regarding which of the following?
A. Hostnames and IP addresses
B. Whois information
C. DNS server locations
D. Name server types and operating systems
A
9. Which of the following is a type of social engineering?
A. Shoulder surfing
B. User identification
C. System monitoring
D. Face-to-face communication
A
10. Which is an example of social engineering?
A. A user who holds open the front door of an office for a potential hacker
B. Calling a help desk and convincing them to reset a password for a user account
C. Installing a hardware keylogger on a victim's system to capture passwords
D. Accessing a database with a cracked password
B
11. What is the best way to prevent a social-engineering attack?
A. Installing a firewall to prevent port scans
B. Configuring an IDS to detect intrusion attempts
C. Increasing the number of help desk personnel
D. Employee training and education
D
12. Which of the following is the best example of reverse social engineering?
A. A hacker pretends to be a person of authority in order to get a user to give them information.
B. A help desk employee pretends to be a person of authority.
C. A hacker tries to get a user to change their password.
D. A user changes their password.
A
13. Using pop-up windows to get a user to give out information is which type of social-engineering
attack?
A. Human-based
, B. Computer-based
C. Nontechnical
D. Coercive
B
14. What is it called when a hacker pretends to be a valid user on the system?
A. Impersonation
B. Third-person authorization
C. Help desk
D. Valid user
A
15. What is the best reason to implement a security policy?
A. It increases security.
B. It makes security harder to enforce.
C. It removes the employee's responsibility to make judgments.
D. It decreases security.
C
16. Faking a website for the purpose of getting a user's password and username is which type
of social-engineering attacks?
A. Human-based
B. Computer-based
C. Web-based
D. User-based
B
17. Dumpster diving can be considered which type of social-engineering attack?
A. Human-based
B. Computer-based
C. Physical access
D. Paper-based
A
18. What information-gathering tool will give you information regarding the operating system
of a web server?
A. NSlookup
B. DNSlookup
C. tracert
D. Netcraft
D
19. What tool is a good source of information for employees' names and addresses?
A. NSlookup
B. Netcraft
C. Whois
D. tracert
C
