Exam Practice Questions And Correct
Answers (Verified Answers) Plus
Rationales 2025|2026 Q&A | Instant
Download Pdf
1. What is the primary goal of ethical hacking?
To identify and fix security vulnerabilities before malicious hackers exploit
them
Rationale: Ethical hacking focuses on proactive defense by finding
weaknesses legally and responsibly.
2. Which layer of the OSI model does a packet sniffer operate on?
Data Link and Network layers
Rationale: Sniffers capture packets as they traverse the wire, analyzing
headers at Layers 2 and 3.
,3. What is a penetration test?
A simulated cyberattack used to evaluate system security
Rationale: Penetration testing involves controlled exploitation to reveal
vulnerabilities.
4. What is social engineering in cybersecurity?
Manipulating people into revealing confidential information
Rationale: Social engineering attacks target human psychology, not just
technical flaws.
5. Which encryption method uses two different keys?
Asymmetric encryption
Rationale: Asymmetric systems use public and private keys for secure
communication.
6. What is a zero-day vulnerability?
A flaw unknown to vendors and without an available patch
Rationale: Zero-day exploits are dangerous because no official fixes exist
yet.
7. What is the difference between hashing and encryption?
Hashing is one-way, encryption is reversible with a key
Rationale: Hashes verify integrity; encryption ensures confidentiality.
8. Which attack floods a system with traffic to make it unavailable?
Denial-of-Service (DoS) attack
,Rationale: DoS disrupts availability, one of the pillars of security (CIA
triad).
9. What is the CIA triad in cybersecurity?
Confidentiality, Integrity, Availability
Rationale: These three principles form the foundation of information
security.
10. What is a honeypot?
A decoy system designed to lure and study attackers
Rationale: Honeypots provide intelligence while protecting real systems.
11. What does vulnerability scanning do?
Identifies potential weaknesses in systems
Rationale: Scanning tools detect known flaws before attackers exploit
them.
12. What is the primary role of a firewall?
To control incoming and outgoing network traffic based on rules
Rationale: Firewalls enforce access policies between trusted and untrusted
networks.
13. Which port is used for HTTPS traffic?
443
Rationale: Port 443 is the default for encrypted web traffic using SSL/TLS.
, 14. What is the difference between white-hat and black-hat hackers?
White-hats hack legally for defense, black-hats hack illegally for malicious
purposes
Rationale: Motivation and legality distinguish hacker categories.
15. What is SQL injection?
An attack that manipulates database queries through unsanitized input
Rationale: SQL injection allows attackers to bypass authentication and
extract data.
16. What is cross-site scripting (XSS)?
Injecting malicious scripts into trusted websites
Rationale: XSS exploits client-side code execution in users’ browsers.
17. What does the principle of least privilege mean?
Users should only have access necessary for their role
Rationale: Limiting privileges reduces damage from compromised
accounts.
18. What is steganography?
Hiding data within other files or images
Rationale: Steganography conceals information rather than encrypting it.
19. What is a digital certificate used for?
To prove the authenticity of an entity and enable secure communications
Rationale: Certificates validate identities and support SSL/TLS.