Ethical Hacking Essentials Complete |\ |\ |\ |\
Practice Test QUESTIONS WITH |\ |\ |\ |\
ANSWERS
The assurance that the systems responsible for delivering,
|\ |\ |\ |\ |\ |\ |\ |\
storing, and processing information are accessible when required
|\ |\ |\ |\ |\ |\ |\ |\
by authorized users is referred to by which of the following
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
elements of information security? - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\
✔✔Available
Identify the element of information security that refers to the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
quality of being genuine or uncorrupted as a characteristic of any
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
communication, documents, or any data. - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔Authenticity
Mark, a professional hacker, targets his opponent's website. He
|\ |\ |\ |\ |\ |\ |\ |\ |\
finds susceptible user inputs, injects malicious SQL code into the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
database, and tampers with critical information. |\ |\ |\ |\ |\
Which of the following types of attack did Mark perform in the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
above scenario? - CORRECT ANSWERS ✔✔Active Attack
|\ |\ |\ |\ |\ |\
Ruby, a hacker, visited her target company disguised as an
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
aspiring candidate seeking a job. She noticed that certain
|\ |\ |\ |\ |\ |\ |\ |\ |\
sensitive documents were thrown in the trash near an
|\ |\ |\ |\ |\ |\ |\ |\ |\
employee's desk. She collected these documents, which included
|\ |\ |\ |\ |\ |\ |\
critical information that helped her to perform further attacks.
|\ |\ |\ |\ |\ |\ |\ |\ |\
,Identify the type of attack performed by Ruby in the above
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
scenario. - CORRECT ANSWERS ✔✔Close in Attack
|\ |\ |\ |\ |\ |\
James, a malware programmer, intruded into a manufacturing
|\ |\ |\ |\ |\ |\ |\ |\
plant that produces computer peripheral devices. James
|\ |\ |\ |\ |\ |\ |\
tampered with the software inside devices ready to be delivered
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
to clients. The tampered program creates a backdoor that allows
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
unauthorized access to the systems. |\ |\ |\ |\
Identify the type of attack performed by James in the above
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
scenario to gain unauthorized access to the delivered systems. -
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
CORRECT ANSWERS ✔✔Distribution Attack |\ |\ |\
Williams, an employee, was using his personal laptop within the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
organization's premises. He connected his laptop to the |\ |\ |\ |\ |\ |\ |\ |\
organization's internal network and began eavesdropping on the |\ |\ |\ |\ |\ |\ |\ |\
communication between other devices connected to the internal |\ |\ |\ |\ |\ |\ |\ |\
network. He sniffed critical information such as login credentials
|\ |\ |\ |\ |\ |\ |\ |\ |\
and other confidential data passing through the network.
|\ |\ |\ |\ |\ |\ |\
Identify the type of attack performed by Williams in the above
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
scenario. - CORRECT ANSWERS ✔✔Insider Attack
|\ |\ |\ |\ |\
David, a professional hacker, has initiated a DDoS attack against
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
a target organization. He developed a malicious code and
|\ |\ |\ |\ |\ |\ |\ |\ |\
distributed it through emails to compromise the systems. Then,
|\ |\ |\ |\ |\ |\ |\ |\ |\
all the infected systems were grouped together to launch a DDoS
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
attack against the organization.
|\ |\ |\ |\
Identify the type of attack launched by David on the target
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
organization. - CORRECT ANSWERS ✔✔Botnet |\ |\ |\ |\
,Jack is working as a malware analyst in an organization. He was
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
assigned to inspect an attack performed against the organization.
|\ |\ |\ |\ |\ |\ |\ |\
Jack determined that the attacker had restricted access to the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
main computer's files and folders and was demanding an online
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
payment to remove these restrictions.|\ |\ |\ |\
Which of the following type of attack has Jack identified in the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
above scenario? - CORRECT ANSWERS ✔✔Ransomware
|\ |\ |\ |\ |\
Identify the type of attack vector that focuses on stealing
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
information from the victim machine without its user being aware
|\ |\ |\ |\ |\ |\ |\ |\ |\
and tries to deliver a payload affecting computer performance. -
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
CORRECT ANSWERS ✔✔APT Attack |\ |\ |\
Andrew, a professional hacker, drafts an email that appears to be
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
legitimate and attaches malicious links to lure victims; he then
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
distributes it through communication channels or mails to obtain
|\ |\ |\ |\ |\ |\ |\ |\ |\
private information like account numbers.
|\ |\ |\ |\
Identify the type of attack vector employed by Andrew in the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
above scenario. - CORRECT ANSWERS ✔✔Phishing
|\ |\ |\ |\ |\
Identify the civilian act designed to protect investors and the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
public by increasing the accuracy and reliability of corporate
|\ |\ |\ |\ |\ |\ |\ |\ |\
disclosures. - CORRECT ANSWERS ✔✔Sarbanes - Oxley Act |\ |\ |\ |\ |\ |\ |\
Which of the following ISO/IEC standard specifies the
|\ |\ |\ |\ |\ |\ |\ |\
requirements for establishing, implementing, maintaining, and |\ |\ |\ |\ |\ |\
continually improving an information security management
|\ |\ |\ |\ |\ |\
system within the context of an organization? - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\
ANSWERS ✔✔ISO/IEC 27001:2013 |\ |\
, An organization located in Europe maintains a large amount of
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
user data by following all the security-related laws. It also follows
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
GDPR protection principles, one of which states that the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
organization should only collect and process data necessary for |\ |\ |\ |\ |\ |\ |\ |\ |\
the specified task.
|\ |\
Which of the following GDPR protection principle is discussed in
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
the above scenario? - CORRECT ANSWERS ✔✔Data Minimization
|\ |\ |\ |\ |\ |\ |\
Which of the following titles in The Digital Millennium Copyright
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
Act (DMCA) allows the owner of a copy of a program to make
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
reproductions or adaptations when these are necessary to use |\ |\ |\ |\ |\ |\ |\ |\ |\
the program in conjunction with a system? - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔Title III: Computer Maintenance or Repair
|\ |\ |\ |\ |\
Which of the following countries has implemented "The Copyright
|\ |\ |\ |\ |\ |\ |\ |\
Act 1968" and "The Patents Act 1990"? - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔Australia
Given below are the various phases involved in the cyber kill
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
chain methodology. |\
1. Installation
|\
2. Delivery
|\
3. Reconnaissance
|\
4. Actions on objectives
|\ |\ |\
5. Weaponization
|\
6. Exploitation
|\
7. Command and control
|\ |\ |\
Practice Test QUESTIONS WITH |\ |\ |\ |\
ANSWERS
The assurance that the systems responsible for delivering,
|\ |\ |\ |\ |\ |\ |\ |\
storing, and processing information are accessible when required
|\ |\ |\ |\ |\ |\ |\ |\
by authorized users is referred to by which of the following
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
elements of information security? - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\
✔✔Available
Identify the element of information security that refers to the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
quality of being genuine or uncorrupted as a characteristic of any
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
communication, documents, or any data. - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔Authenticity
Mark, a professional hacker, targets his opponent's website. He
|\ |\ |\ |\ |\ |\ |\ |\ |\
finds susceptible user inputs, injects malicious SQL code into the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
database, and tampers with critical information. |\ |\ |\ |\ |\
Which of the following types of attack did Mark perform in the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
above scenario? - CORRECT ANSWERS ✔✔Active Attack
|\ |\ |\ |\ |\ |\
Ruby, a hacker, visited her target company disguised as an
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
aspiring candidate seeking a job. She noticed that certain
|\ |\ |\ |\ |\ |\ |\ |\ |\
sensitive documents were thrown in the trash near an
|\ |\ |\ |\ |\ |\ |\ |\ |\
employee's desk. She collected these documents, which included
|\ |\ |\ |\ |\ |\ |\
critical information that helped her to perform further attacks.
|\ |\ |\ |\ |\ |\ |\ |\ |\
,Identify the type of attack performed by Ruby in the above
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
scenario. - CORRECT ANSWERS ✔✔Close in Attack
|\ |\ |\ |\ |\ |\
James, a malware programmer, intruded into a manufacturing
|\ |\ |\ |\ |\ |\ |\ |\
plant that produces computer peripheral devices. James
|\ |\ |\ |\ |\ |\ |\
tampered with the software inside devices ready to be delivered
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
to clients. The tampered program creates a backdoor that allows
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
unauthorized access to the systems. |\ |\ |\ |\
Identify the type of attack performed by James in the above
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
scenario to gain unauthorized access to the delivered systems. -
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
CORRECT ANSWERS ✔✔Distribution Attack |\ |\ |\
Williams, an employee, was using his personal laptop within the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
organization's premises. He connected his laptop to the |\ |\ |\ |\ |\ |\ |\ |\
organization's internal network and began eavesdropping on the |\ |\ |\ |\ |\ |\ |\ |\
communication between other devices connected to the internal |\ |\ |\ |\ |\ |\ |\ |\
network. He sniffed critical information such as login credentials
|\ |\ |\ |\ |\ |\ |\ |\ |\
and other confidential data passing through the network.
|\ |\ |\ |\ |\ |\ |\
Identify the type of attack performed by Williams in the above
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
scenario. - CORRECT ANSWERS ✔✔Insider Attack
|\ |\ |\ |\ |\
David, a professional hacker, has initiated a DDoS attack against
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
a target organization. He developed a malicious code and
|\ |\ |\ |\ |\ |\ |\ |\ |\
distributed it through emails to compromise the systems. Then,
|\ |\ |\ |\ |\ |\ |\ |\ |\
all the infected systems were grouped together to launch a DDoS
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
attack against the organization.
|\ |\ |\ |\
Identify the type of attack launched by David on the target
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
organization. - CORRECT ANSWERS ✔✔Botnet |\ |\ |\ |\
,Jack is working as a malware analyst in an organization. He was
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
assigned to inspect an attack performed against the organization.
|\ |\ |\ |\ |\ |\ |\ |\
Jack determined that the attacker had restricted access to the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
main computer's files and folders and was demanding an online
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
payment to remove these restrictions.|\ |\ |\ |\
Which of the following type of attack has Jack identified in the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
above scenario? - CORRECT ANSWERS ✔✔Ransomware
|\ |\ |\ |\ |\
Identify the type of attack vector that focuses on stealing
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
information from the victim machine without its user being aware
|\ |\ |\ |\ |\ |\ |\ |\ |\
and tries to deliver a payload affecting computer performance. -
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
CORRECT ANSWERS ✔✔APT Attack |\ |\ |\
Andrew, a professional hacker, drafts an email that appears to be
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
legitimate and attaches malicious links to lure victims; he then
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
distributes it through communication channels or mails to obtain
|\ |\ |\ |\ |\ |\ |\ |\ |\
private information like account numbers.
|\ |\ |\ |\
Identify the type of attack vector employed by Andrew in the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
above scenario. - CORRECT ANSWERS ✔✔Phishing
|\ |\ |\ |\ |\
Identify the civilian act designed to protect investors and the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
public by increasing the accuracy and reliability of corporate
|\ |\ |\ |\ |\ |\ |\ |\ |\
disclosures. - CORRECT ANSWERS ✔✔Sarbanes - Oxley Act |\ |\ |\ |\ |\ |\ |\
Which of the following ISO/IEC standard specifies the
|\ |\ |\ |\ |\ |\ |\ |\
requirements for establishing, implementing, maintaining, and |\ |\ |\ |\ |\ |\
continually improving an information security management
|\ |\ |\ |\ |\ |\
system within the context of an organization? - CORRECT
|\ |\ |\ |\ |\ |\ |\ |\ |\
ANSWERS ✔✔ISO/IEC 27001:2013 |\ |\
, An organization located in Europe maintains a large amount of
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
user data by following all the security-related laws. It also follows
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
GDPR protection principles, one of which states that the
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
organization should only collect and process data necessary for |\ |\ |\ |\ |\ |\ |\ |\ |\
the specified task.
|\ |\
Which of the following GDPR protection principle is discussed in
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
the above scenario? - CORRECT ANSWERS ✔✔Data Minimization
|\ |\ |\ |\ |\ |\ |\
Which of the following titles in The Digital Millennium Copyright
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
Act (DMCA) allows the owner of a copy of a program to make
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
reproductions or adaptations when these are necessary to use |\ |\ |\ |\ |\ |\ |\ |\ |\
the program in conjunction with a system? - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔Title III: Computer Maintenance or Repair
|\ |\ |\ |\ |\
Which of the following countries has implemented "The Copyright
|\ |\ |\ |\ |\ |\ |\ |\
Act 1968" and "The Patents Act 1990"? - CORRECT ANSWERS
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
✔✔Australia
Given below are the various phases involved in the cyber kill
|\ |\ |\ |\ |\ |\ |\ |\ |\ |\ |\
chain methodology. |\
1. Installation
|\
2. Delivery
|\
3. Reconnaissance
|\
4. Actions on objectives
|\ |\ |\
5. Weaponization
|\
6. Exploitation
|\
7. Command and control
|\ |\ |\
