Ethical Hacking Quiz

Questions and Answers

What is the main objective of ethical hacking? (Select all that apply)

• To steal confidential data
• To cause harm to the target system
• To protect the system by identifying vulnerabilities (correct)
• To destroy the target’s infrastructure

Which of the following is NOT a type of hacker?

• Black Hat
• White Hat
• Blue Hat (correct)
• Red Hat

During which phase of ethical hacking does scanning occur?

• Gaining Access
• Scanning
• Reconnaissance (correct)
• Maintaining Access

What is a Zero-Day attack?

An exploit that targets a previously unknown vulnerability (D)

What does a 'payload' refer to in hacking terminology?

The malicious code delivered by an exploit (D)

Which port is commonly used for HTTPS?

443 (B)

What type of social engineering attack involves an attacker following someone into a restricted area?

Tailgating (C)

Which scan method is used to identify live hosts by sending ICMP packets?

Ping Sweep (C)

What is the main goal of a 'Dumpster Diving' attack?

To find sensitive information in discarded documents (A)

In password cracking, which attack involves trying every possible combination of characters?

Brute Force Attack (A)

Which tool is commonly used for port scanning?

Nmap (B)

Which payload in Metasploit helps in creating a remote connection with the target system?

Stager Payload (C)

Which of the following is NOT a component of Metasploit?

Nmap (D)

What does VPN stand for?

Virtual Private Network (D)

Which scanning method is designed to bypass firewalls by sending specific TCP flags?

FIN Scan (D)

What is the primary goal of a 'Rootkit'?

To provide unauthorized root-level access to a system (A)

Which of the following is a method of privilege escalation?

Vertical Privilege Escalation (B)

What is the purpose of IP Spoofing?

To mask the source IP address of a malicious packet (B)

Which of the following methods is used to detect open ports on a network?

SYN Scan (D)

What does 'Spear Phishing' target?

A specific organization or group of people (C)

What is the goal of maintaining access in the hacking process?

To retain access to the target system for future use (B)

Which of the following attacks is an example of a Denial-of-Service (DoS) attack?

SYN Flooding (D)

What is a countermeasure to prevent password cracking attacks?

Encrypt passwords and implement multi-factor authentication (A)

Which of the following is considered a human-based social engineering technique?

Tailgating (D)

What does the term 'IP Spoofing' refer to?

Modifying packet headers to conceal the source IP (B)

Flashcards are hidden until you start studying

Study Notes

Ethical Hacking Objectives

• Aimed at protecting systems by identifying vulnerabilities rather than causing harm.
• Distinction between ethical hackers (White Hats) and malicious hackers (Black Hats).

Types of Hackers

• Black Hat: Malicious hackers intending to break the law.
• White Hat: Ethical hackers working to protect systems by finding security flaws.
• Blue Hat: Security professionals hired to test systems.
• Red Hat: Offensive hackers targeting other hackers.

Phases of Ethical Hacking

• Scanning occurs during the scanning phase, crucial for identifying vulnerabilities.

Zero-Day Attacks

• An exploit targeting previously unknown vulnerabilities before they are patched.

Hacking Terminology

• Payload refers to malicious code delivered through an exploit.

Common Network Protocols

• HTTPS typically operates on port 443, ensuring secure web transactions.

Social Engineering Attacks

• Tailgating involves an attacker following someone into a secured area, bypassing access controls.

Scanning Techniques

• Ping Sweep identifies active hosts by sending ICMP packets, useful for network discovery.

Dumpster Diving

• The primary goal is to find sensitive information in discarded documents, often overlooked.

Password Cracking Methods

• Brute Force Attack attempts every possible character combination until the password is discovered.

Port Scanning Tools

• Nmap is a widely used tool for scanning open ports on a network.

Metasploit Framework

• Stager Payload in Metasploit creates a remote connection with the target system.
• Armitage, Payload, and Msfconsole are key components, while Nmap is not part of Metasploit.

VPN Definition

• VPN stands for Virtual Private Network, providing secure communication over the internet.

Firewall Bypassing Techniques

• SYN Scan uses specific TCP flags to navigate past firewalls, ensuring stealthy scanning.

Rootkits

• Rootkits provide unauthorized root-level access, often deployed to maintain control over compromised systems.

Privilege Escalation

• Vertical Privilege Escalation allows unauthorized users to gain higher access levels within a system.

IP Spoofing

• Used to mask the source IP address, misleading identification and bypassing network security.

Open Port Detection

• SYN Scan is commonly employed for detecting open ports on networks, crucial for security assessments.

Spear Phishing

• A targeted attack aimed at specific organizations or groups rather than random individuals.

Maintaining Access

• The goal is to ensure ongoing access to a compromised system for future exploitation.

Denial-of-Service (DoS) Attacks

• SYN Flooding is a classic example of DoS, designed to overwhelm and disrupt network services.

Preventing Password Cracking

• Strong passwords combined with encryption and multi-factor authentication serve as effective countermeasures.

Social Engineering Techniques

• Tailgating represents a direct human-based social engineering method, gaining unauthorized access through deception.