Ethical Hacking Quiz

Questions and Answers

What is the main objective of ethical hacking? (Select all that apply)

To steal confidential data

To cause harm to the target system

To protect the system by identifying vulnerabilities (correct)

To destroy the target’s infrastructure

Which of the following is NOT a type of hacker?

Black Hat

White Hat

Blue Hat (correct)

Red Hat

During which phase of ethical hacking does scanning occur?

Gaining Access

Scanning

Reconnaissance (correct)

Maintaining Access

What is a Zero-Day attack?

An exploit that targets a previously unknown vulnerability

What does a 'payload' refer to in hacking terminology?

The malicious code delivered by an exploit

Which port is commonly used for HTTPS?

443

What type of social engineering attack involves an attacker following someone into a restricted area?

Tailgating

Which scan method is used to identify live hosts by sending ICMP packets?

Ping Sweep

What is the main goal of a 'Dumpster Diving' attack?

To find sensitive information in discarded documents

In password cracking, which attack involves trying every possible combination of characters?

Brute Force Attack

Which tool is commonly used for port scanning?

Nmap

Which payload in Metasploit helps in creating a remote connection with the target system?

Stager Payload

Which of the following is NOT a component of Metasploit?

Nmap

What does VPN stand for?

Virtual Private Network

Which scanning method is designed to bypass firewalls by sending specific TCP flags?

FIN Scan

What is the primary goal of a 'Rootkit'?

To provide unauthorized root-level access to a system

Which of the following is a method of privilege escalation?

Vertical Privilege Escalation

What is the purpose of IP Spoofing?

To mask the source IP address of a malicious packet

Which of the following methods is used to detect open ports on a network?

SYN Scan

What does 'Spear Phishing' target?

A specific organization or group of people

What is the goal of maintaining access in the hacking process?

To retain access to the target system for future use

Which of the following attacks is an example of a Denial-of-Service (DoS) attack?

SYN Flooding

What is a countermeasure to prevent password cracking attacks?

Encrypt passwords and implement multi-factor authentication

Which of the following is considered a human-based social engineering technique?

Tailgating

What does the term 'IP Spoofing' refer to?

Modifying packet headers to conceal the source IP

Study Notes

Ethical Hacking Objectives

• Aimed at protecting systems by identifying vulnerabilities rather than causing harm.
• Distinction between ethical hackers (White Hats) and malicious hackers (Black Hats).

Types of Hackers

• Black Hat: Malicious hackers intending to break the law.
• White Hat: Ethical hackers working to protect systems by finding security flaws.
• Blue Hat: Security professionals hired to test systems.
• Red Hat: Offensive hackers targeting other hackers.

Phases of Ethical Hacking

• Scanning occurs during the scanning phase, crucial for identifying vulnerabilities.

Zero-Day Attacks

• An exploit targeting previously unknown vulnerabilities before they are patched.

Hacking Terminology

• Payload refers to malicious code delivered through an exploit.

Common Network Protocols

• HTTPS typically operates on port 443, ensuring secure web transactions.

Social Engineering Attacks

• Tailgating involves an attacker following someone into a secured area, bypassing access controls.

Scanning Techniques

• Ping Sweep identifies active hosts by sending ICMP packets, useful for network discovery.

Dumpster Diving

• The primary goal is to find sensitive information in discarded documents, often overlooked.

Password Cracking Methods

• Brute Force Attack attempts every possible character combination until the password is discovered.

Port Scanning Tools

• Nmap is a widely used tool for scanning open ports on a network.

Metasploit Framework

• Stager Payload in Metasploit creates a remote connection with the target system.
• Armitage, Payload, and Msfconsole are key components, while Nmap is not part of Metasploit.

VPN Definition

• VPN stands for Virtual Private Network, providing secure communication over the internet.

Firewall Bypassing Techniques

• SYN Scan uses specific TCP flags to navigate past firewalls, ensuring stealthy scanning.

Rootkits

• Rootkits provide unauthorized root-level access, often deployed to maintain control over compromised systems.

Privilege Escalation

• Vertical Privilege Escalation allows unauthorized users to gain higher access levels within a system.

IP Spoofing

• Used to mask the source IP address, misleading identification and bypassing network security.

Open Port Detection

• SYN Scan is commonly employed for detecting open ports on networks, crucial for security assessments.

Spear Phishing

• A targeted attack aimed at specific organizations or groups rather than random individuals.

Maintaining Access

• The goal is to ensure ongoing access to a compromised system for future exploitation.

Denial-of-Service (DoS) Attacks

• SYN Flooding is a classic example of DoS, designed to overwhelm and disrupt network services.

Preventing Password Cracking

• Strong passwords combined with encryption and multi-factor authentication serve as effective countermeasures.

Social Engineering Techniques

• Tailgating represents a direct human-based social engineering method, gaining unauthorized access through deception.

Description

Test your knowledge about ethical hacking concepts and types of hackers. This quiz covers various aspects including objectives, phases, and hacker classifications. Challenge yourself to see how well you understand the ethical hacking landscape!