Chapter 5&6

1. Obtaining information that has been discarded as garbage in dumpsters or at

recycling locations

a. Hardening

b. Masquerading

c. CORRECT: Dumpster diving

d. Hacktivism

2. Is usually a young individual without programming skills who uses attack

software that is freely available on the Internet and from other sources.(No
Answer)

a. Scanning

b. CORRECT: Script/Kiddie

c. Exploit

d. Cracker

3. A high-level statement of management intent regarding the control of access

to information and the personnel authorized to receive that information(No
Answer)

a. CORRECT: Organizational Security Policy

b. Information Gathering

c. Availability

d. Internal Consistency

4. Involves probing the network to discover individual hosts, IP addresses, and

services on the network.

(Usually involves more risk of detection than passive reconnaissance and is

sometimes called Rattling the Doorknobs)(No Answer)

a. Internal Consistency

b. Passive Recconaissance

c. CORRECT: Active Reconnaissance:

d. Covering Tracks

5. Malicious, unauthorized penetration into information systems(No Answer)

a. Foot-printing
 b. Data-diddling

c. Theft of passwords

d. CORRECT: Network intrusions

6. Is the process of using Internet searches, social engineering, dumpster diving,

and survelliance to gather information about a target system.(No Answer)

a. Social engineering

b. Information warfare

c. Penetration Test

d. CORRECT: Information Gathering

7. Process in which a hacker covers their traces to avoid detection, continue to

use the owned system, remove evidence that hacking occurred, or to avoid
legal action.

(Tools: Steganography, the use of tunneling protocols, and altering log files)
(No Answer)

a. Software piracy

b. Zero-Day Attack

c. CORRECT: Covering Tracks

d. Grey hats

8. Involves taking the information discovered during the reconnaissance and

using it to examine the network.

(Tools involved: Dialers, Port Scanners, network mappers, sweepers, and

vulnerability scanners.)(No Answer)

a. Cracker

b. Whacker

c. Hardening

d. CORRECT: Scanning

9. 1. Preventing the modification of information by unauthorized users 2.

Preventing the unauthorized or unintentional modification of information by
authorized users 3. Preserving internal and external consistency(No Answer)

a. Known as owning the system

b. Partial knowledge (Graybox) test

c. Internal Consistency

d. CORRECT: Integrity is achieved by accomplishing the following three goals:

10. Is the process of discovering vulnerabilities and design weaknesses that
could lead an attack on a system.(No Answer)

a. Authenticity

b. Penetration Test

c. Zero-Day Attack

d. CORRECT: Vulnerability Research

11. A defined way to breach the security of an IT system through vulnerability.

(No Answer)

a. Local Exploit

b. CORRECT: Exploit

c. Attack

d. Threat

12. A group of ethical hackers that conduct security audits for hire.(No Answer)

a. CORRECT: Tiger Team

b. Threat

c. Grey hats

d. Phreaker

13. Is an environment or situation that could lead to a potential breach of

security.(No Answer)

a. Phreaker

b. Attack

c. Fraud

d. CORRECT: Threat

14. An IT system, product, or component that is identified/subjected to a

required security evaluation.(No Answer)

a. Identification

b. Hack value

c. CORRECT: Target of evaluation

d. Authentication

15. Pretending to be someone else, usually to gain higher access privileges to

information that is resident on networked systems(No Answer)

a. CORRECT: Masquerading

b. Foot-printing
 c. Daisy Chaining

d. Hardening

16. Protection of individually identifiable information(No Answer)

a. CORRECT: Privacy

b. Cracker

c. Threat

d. Fraud

17. The testing team has knowledge that might be relevant to a specific type of
attack by a person internal to the organization. It determines what areas and
resources that might be accessed and available to an insider. (No Answer)

a. CORRECT: Partial knowledge (Graybox) test

b. Social engineering

c. Owned system

d. Full knowledge (Whitebox) test

18. Good guys, who use their hacking skills for defensive purposes.

(Usually security professionals)(No Answer)

a. CORRECT: White Hats

b. Threat

c. Grey hats

d. Black Hats

19. Ensures that a system's authorized users have timely and uninterrupted
access to the information in the system.(No Answer)

a. Exploit

b. CORRECT: Availability

c. Vulnerability

d. Authenticity

20. Is the process of testing the security of a system or network.(No Answer)

a. Phreaker

b. Vulnerability

c. CORRECT: Penetration Test

d. Authentication
21. Means information gathering about competitor's products, marketing, and
technologies.(No Answer)

a. Foot-printing

b. CORRECT: Competitive Intelligence

c. Network intrusions

d. Confidentiality

22. A Zombie system.(No Answer)

a. Tiger Team

b. Whacker

c. Hacktivism

d. CORRECT: Owned system

23. Refers to hacking for a cause. Usually driven by a political or social agenda.
(No Answer)

a. Black Hats

b. CORRECT: Hacktivism

c. Whacker

d. Scanning

24. Refers to a logical connection among objects in the real world and their
representations in the system.

(Using the example previously discussed, external consistency means that the
number of items recorded in the database for each department is equal to the
number of items that physically exist in that department.)(No Answer)

a. Active Reconnaissance:

b. CORRECT: External Consistency

c. Cyber-terrorist(s)

d. Internal Consistency

25. Refers to a logical connection among data in the system.

(Example: assume that an internal database holds the number of units of a

particular item in each department of an organization. The sum of the number
of units in each department should equal the total number of units that the
database has recorded internally for the whole organization.)(No Answer)

a. External Consistency

b. Penetration Test
 c. Information warfare

d. CORRECT: Internal Consistency

26. Attacking the information infrastructure of a nation — including

military/government networks, communication systems, power grids, and the
financial community — to gain military and/or economic advantages(No
Answer)

a. CORRECT: Information warfare

b. Information Gathering

c. Internal Consistency

d. Penetration Test

27. Is an attack on a cryptographic cipher: The attacker changes the ciphertext

in such as a way as to result in a predictable change of the plaintext, although
the attacker doesn't learn the plaintext itself. This type of attack isn't directly
against the cipher but against a message or series of messages.(No Answer)

a. Data-diddling

b. CORRECT: Bit-Flipping

c. Foot-printing

d. Scanning

28. Using computers or the Internet to commit crimes (for example, by not
delivering goods paid for by a customer)(No Answer)

a. Attack

b. Threat

c. CORRECT: Fraud

d. Privacy

29. The confirmation and reconciliation of evidence of a user's identity (No

Answer)

a. Identification

b. Authenticity

c. CORRECT: Authentication

d. Accountability

30. Inserting a false IP address into a message to disguise the original location
of the message or to impersonate an authorized source(No Answer)

a. Sniffing the Network

b. Social engineering
 c. CORRECT: Spoofing of IP addresses

d. Theft of passwords

31. Overwhelming a system's resources so that it is unable to provide the

required services; in the distributed mode, messages to a target computer can
be launched from large numbers of hosts where software has been planted to
become active at a particular time or upon receiving a particular command (No
Answer)

a. Competitive Intelligence

b. Passive Recconaissance

c. CORRECT: Denial of Service (DoS) and Distributed Denial of Service

d. Security, functionality, and ease of use Triangle

32. Programs (such as viruses, Trojan horses, and worms) that, when activated,
cause harm to information systems(No Answer)

a. Hack value

b. Tiger Team

c. CORRECT: Malicious code

d. Black Hats

33. Is a piece of software that takes an advantage of a bug, glitch, or

vulnerability, leading to an unauthorized access, privilege escalation, or denial
of service on a computer system.(No Answer)

a. Threat

b. Local Exploit

c. CORRECT: Exploit

d. Remote Exploit

34. Is classified as an authentication attack because it allows an unauthorized

device to connect to the network when MAC filtering is in place, such as on a
wireless network.(No Answer)

a. Daisy Chaining

b. CORRECT: Mack Address Spoofing

c. Local Exploit

d. Hardening

35. Securing the system from other hackers or security personnel by securing
their exclusive access with back-doors, root-kits, and Trojans.(No Answer)

a. Threat
 b. Hacktivism

c. CORRECT: Hardening

d. Whacker

36. The testing team is provided with no information and begins the testing by
gathering information on its own initiative. This type of test simulates attacks
perpetrated by outsiders. Because the ethical hacking team has to begin from
scratch to gather knowledge about the target information system, this type of
test usually takes longer to execute and, consequently, costs more to
implement.(No Answer)

a. Partial knowledge (Graybox) test

b. Full knowledge (Whitebox) test

c. Penetration Test

d. CORRECT: Zero knowledge (Blackbox) test

37. Involves gathering information regarding a potential target without the

targeted individual's or company's knowledge.(No Answer)

a. Active Reconnaissance:

b. CORRECT: Passive Recconaissance

c. Internal Consistency

d. External Consistency

38. Is the notion among hackers that something is worth doing or is interesting.
(No Answer)

a. Cracker

b. Hacktivism

c. CORRECT: Hack value

d. Hardening

39. Gaining Access.(No Answer)

a. CORRECT: Known as owning the system

b. Information Gathering

c. Owned system

d. Sniffing the Network

40. Is a hacker who focuses on communication systems to steal calling card

numbers, make free phone calls, attack PBXs, and acquire access, illegally, to
communication devices.(No Answer)

a. Cracker
 b. Whacker

c. CORRECT: Phreaker

d. Threat

41. Security, Functionality, Ease of Use.

The principle highlighted here is that security is reduced when functionality

and ease of use are increased.(No Answer)

a. CORRECT: Security, functionality, and ease of use Triangle

b. Active Reconnaissance:

c. Information Gathering

d. Sniffing the Network

42. Reconnaissance, Scanning, Gaining Access, Maintaining Access, and

Covering Tracks(No Answer)

a. Target of evaluation

b. Theft of passwords

c. Competitive Intelligence

d. CORRECT: Five stages of an attack

(Really-Should-Get-More-Codes)

43. Illegally acquiring funds, usually through the manipulation and falsification
of financial statements(No Answer)

a. Phreaker

b. CORRECT: Embezzlement

c. Hardening

d. Exploit

44. Using social skills to obtain information, such as passwords or PIN numbers,
to be used in an attack against computer based systems(No Answer)

a. Scanning

b. Hardening

c. Local Exploit

d. CORRECT: Social engineering

45. Can yield useful information such as IP addresses ranges, naming

conventions, hidden servers or networks, and other available services on the
system or network.
 Example: A hacker watches the flow of data to see what time certain
transactions take place and where the traffic is going.(No Answer)

a. CORRECT: Sniffing the Network

b. Identification

c. Social engineering

d. White Hats

46. Is a system, program, or network that is the subject of a security analysis or

attack.(No Answer)

a. Tiger Team

b. CORRECT: Target of Evaluation

c. Authentication

d. Identification

47. Illegal copying and use of software(No Answer)

a. White Hats

b. Covering Tracks

c. CORRECT: Software piracy

d. Foot-printing

48. Illegally acquiring a password to gain unauthorized access to an information

system(No Answer)

a. Target of Evaluation

b. White Hats

c. CORRECT: Theft of passwords

d. Grey hats

49. Defined as the process of creating a blueprint or map of an organization's

network and systems.(No Answer)

a. Bit-Flipping

b. CORRECT: Foot-printing

c. Hardening

d. Masquerading

50. Hackers who get away with the database theft usually complete their task,
then backtrack to cover their tracks by destroying logs, etc.(No Answer)

a. Data-diddling

b. Scanning
 c. CORRECT: Daisy Chaining

d. Hardening

51. Is an existence of a software flaw, logic design, or implementation error that

can lead to an unexpected and undesirable event executing bad or damaging
instructions to the system.(No Answer)

a. Masquerading

b. Vulnerability Research

c. CORRECT: Vulnerability

d. Availability

52. Scripts that have been developed by others and are readily available through
the Internet, which can be employed by unskilled individuals to launch attacks
on networks and computing resources(No Answer)

a. Zero knowledge (Blackbox) test

b. Full knowledge (Whitebox) test

c. CORRECT: Use of readily available attack scripts on the Internet

d. Competitive Intelligence

53. An attack that exploits computer application vulnerabilities before the

software developer releases a patch for the vulnerability.(No Answer)

a. Attack

b. CORRECT: Zero-Day Attack

c. Covering Tracks

d. Grey hats

54. Are hackers who either are offense or defensive as the situation requires. (No
Answer)

a. Tiger Team

b. Hack value

c. CORRECT: Grey hats

d. Privacy

55. Confidentiality, Integrity, and Availability(No Answer)

a. Information Gathering

b. Security, functionality, and ease of use Triangle

c. Use of readily available attack scripts on the Internet

 d. CORRECT: The basic tenets of information system security (Known as the
CIA triad)

56. Occurs when a system is compromised based on a vulnerability. (Many are

perpetrated via an Exploit)(No Answer)

a. Cracker

b. CORRECT: Attack

c. Fraud

d. Whacker

57. Ensures that the information is not disclosed to unauthorized persons or

processes.(No Answer)

a. CORRECT: Confidentiality

b. Authentication

c. Authenticity

d. Availability

58. The confirmation of the origin and identity of an information source (No
Answer)

a. CORRECT: Authenticity

b. Vulnerability

c. Availability

d. Authentication

59. Describes a hacker who uses their hacking skills and tool set for destructive
or offensive purposes such as disseminating viruses or performing DoS attacks
to compromise or bring down systems and networks.(No Answer)

a. Fraud

b. Privacy

c. CORRECT: Cracker

d. Phreaker

60. Is a novice hacker who attacks Wide Area Networks (WANs) and wireless
networks.(No Answer)

a. Cracker

b. CORRECT: Whacker

c. Threat

d. Attack
61. The modification of data(No Answer)

a. Daisy Chaining

b. Masquerading

c. CORRECT: Data-diddling

d. Bit-Flipping

62. Works over a network and exploits security vulnerabilities without any prior
access to the vulnerable system.(No Answer)

a. White Hats

b. Local Exploit

c. Exploit

d. CORRECT: Remote Exploit

63. The team has as much knowledge as possible about the network and
computing resources to be evaluated.(No Answer)

a. CORRECT: Full knowledge (Whitebox) test

b. Zero knowledge (Blackbox) test

c. Known as owning the system

d. Penetration Test

64. Bad guys, the malicious hackers or crackers who use their skills for illegal
purposes.(No Answer)

a. Hack value

b. CORRECT: Black Hats

c. Cracker

d. White Hats

65. Is an individual or group of individuals who work for a government or

terrorist group that is engaged in sabotage, espionage, financial theft, and
attacks on a nation's critical infrastructure.(No Answer)

a. CORRECT: Cyber-terrorist(s)

b. Penetration Test

c. Covering Tracks

d. Internal Consistency

66. Assigning responsibility for a user's actions(No Answer)

a. Authenticity

b. Availability
 c. CORRECT: Accountability

d. Vulnerability

67. A user claiming an identity to an information system(No Answer)

a. Exploit

b. Hacktivism

c. Confidentiality

d. CORRECT: Identification

68. Requires prior access to the vulnerable system to increase privileges.(No

Answer)

a. Availability

b. Confidentiality

c. Exploit

d. CORRECT: Local Exploit

Which of the following statements best describes a white-hat hacker?

 A. Security professional
 B. Former black hat
 C. Former grey hat
 D. Malicious hacker

A security audit performed on the internal network of an organization by the

network administration is also known as ___________.

 A. Grey-box testing
 B. Black-box testing
 C. White-box testing
 D. Active testing
 What is the first phase of hacking?

 A. Attack
 B. Maintaining access
 C. Gaining access
 D. Reconnaissance
What type of ethical hack tests access to the physical infrastructure?

 A. Internal network
 B. Remote network
 C. External network
 D. Physical access
 The security, functionality, and ease of use triangle illustrates which concept?

 A. As security increases, functionality and ease of use increase.

 B. As security decreases, functionality and ease of use increase.
 C. As security decreases, functionality and ease of use decrease.
 D. Security does not affect functionality and ease of use.
Which type of hacker represents the highest risk to your network?

 A. Disgruntled employees
 B. Black-hat hackers
 C. Grey-hat hackers
 D. Script kiddies
Hacking for a cause is called __________________.

 A. Active hacking
 B. Hacktivism
 C. Activism
 D. Black-hat hacking
Which federal law is most commonly used to prosecute hackers?

 A. Title 12
 B. Title 18
 C. Title 20
 D. Title 2
 When a hacker attempts to attack a host via the Internet it is known as what type
of attack?

 A. Remote attack
 B. Physical access
 C. Local access
 D. Internal attack
Which of the following is a tool for performing footprinting undetected?

 A. Whois search
 B. Traceroute
 C. Ping sweep
 D. Host scanning
What is the next step to be performed after footprinting?

 A. Scanning
 B. Enumeration
 C. System hacking
 D. Active information gathering
What is footprinting?

 A. Measuring the shoe size of an ethical hacker

 B. Accumulation of data by gathering information on a target
  C. Scanning a target network to detect operating system types
 D. Mapping the physical layout of a target’s network
Nslookup can be used to gather information regarding which of the following?

 A. Host names and IP addresses

 B. Whois information
 C. DNS server locations
 D. Name server types and operating systems
What is the best way to prevent a social-engineering attack?

 A. Installing a firewall to prevent port scans

 B. Configuring an IDS to detect intrusion attempts
 C. Increasing the number of help-desk personnel
 D. Employee training and education
Which of the following is the best example of reverse social engineering?

 A. A hacker pretends to be a person of authority in order to get a user to give them

information.
 B. A help-desk employee pretends to be a person of authority.
 C. A hacker tries to get a user to change their password.
 D. A user changes their password.
Using pop-up windows to get a user to give out information is which type of
social engineering attack?

 A. Human-based
 B. Computer-based
 C. Nontechnical
 D. Coercive
What is it called when a hacker pretends to be a valid user on the system?

 A. Impersonation
 B. Third-person authorization
 C. Help desk
 D. Valid user
What is the best reason to implement a security policy?

 A. It increases security.
 B. It makes security harder to enforce.
 C. It removes the employee’s responsibility to make judgments.
 D. It decreases security.
Faking a website for the purpose of getting a user’s password and username is
which type of social engineering attack?

 A. Human-based
 B. Computer-based
 C. Web-based
 D. User-based
Dumpster diving can be considered which type of social engineering attack?

 A. Human-based
 B. Computer-based
 C. Physical access
 D. Paper-based
What port number does FTP use?

 A. 21
 B. 25
 C. 23
 D. 80
hat port number does HTTPS use?

 A. 443
 B. 80
 C. 53
 D. 21
What is war dialing used for?

 A. Testing firewall security

 B. Testing remote access system security
 C. Configuring a proxy filtering gateway
 D. Configuring a firewall
Banner grabbing is an example of what?

 A. Passive operating system fingerprinting

 B. Active operating system fingerprinting
 C. Footprinting
 D. Application analysis
 What are the three types of scanning?

 A. Port, network, and vulnerability

 B. Port, network, and services
 C. Grey, black, and white hat
 D. Server, client, and network

What is the main problem with using only ICMP queries for scanning?

 A. The port is not always available.

 B. The protocol is unreliable.
 C. Systems may not respond because of a firewall.
 D. Systems may not have the service running.
Why would an attacker want to perform a scan on port 137?

 A. To locate the FTP service on the target host

 B. To check for file and print sharing on Windows systems
 C. To discover proxy servers on a network
 D. To discover a target system with the NetBIOS null session vulnerability
SNMP is a protocol used to manage network infrastructure devices. What is the
SNMP read/write community name used for?

 A. Viewing the configuration information

 B. Changing the configuration information
 C. Monitoring the device for errors
 D. Controlling the SNMP management station
Which step comes after enumerating users in the CEH hacking cycle?

 A. Crack password
 B. Escalate privileges
 C. Scanning
 D. Covering tracks
What is enumeration?

 A. Identifying active systems on the network

 B. Cracking passwords
 C. Identifying users and machine names
 D. Identifying routers and firewalls
What is a command-line tool used to look up a username from a SID?

 A. UsertoSID
 B. Userenum
 C. SID2User
 D. Getacct
Which tool can be used to perform a DNS zone transfer on Windows?

 A. nslookup
 B. DNSlookup
 C. whois
 D. ipconfig
What is the ethics behind training how to hack a system?
a) To think like hackers and know how to defend such attacks
b) To hack a system without the permission
c) To hack a network that is vulnerable
d) To corrupt software or service using malware

Performing a shoulder surfing in order to check other’s password is ____________ ethical

practice.
a) a good
b) not so good
c) very good social engineering practice
d) a bad

___________ has now evolved to be one of the most popular automated tools for unethical
hacking.
a) Automated apps
b) Database software
c) Malware
d) Worms

_____________ is the technique used in business organizations and firms to protect IT

assets.
a) Ethical hacking
b) Unethical hacking
c) Fixing bugs
d) Internal data-breach

he legal risks of ethical hacking include lawsuits due to __________ of personal data.
a) stealing
b) disclosure
c) deleting
d) hacking

Before performing any penetration test, through legal procedure, which key points listed
below is not mandatory?
a) Know the nature of the organization
b) Characteristics of work done in the firm
c) System and network
d) Type of broadband company used by the firm

After performing ____________ the ethical hacker should never disclose client information to
other parties.
a) hacking
b) cracking
c) penetration testing
d) exploiting

__________ is the branch of cyber security that deals with morality and provides different
theories and a principle regarding the view-points about what is right and wrong.
a) Social ethics
b) Ethics in cyber-security
c) Corporate ethics
d) Ethics in black hat hacking