1. Which of the following is an example of passive reconnaissance?
a) Telephonic calls to target victim
b) Attacker as a fake person for Help Desk support
c) Talk to the target user in person
d) Search about target records in online people database
Explanation: Passive reconnaissance is all about acquiring of information about the target indirectly, hence searching any information about the target on online people database is an example of passive reconnaissance.
2. ________ phase in ethical hacking is known as the pre-attack phase.
a) Reconnaissance
b) Scanning
c) Gaining access
d) Maintaining access
Explanation: In the scanning phase, the hacker actively scans for the vulnerabilities or specific information in the network which can be exploited.
3. While looking for a single entry point where penetration testers can test the vulnerability, they use ______ phase of ethical hacking.
a) Reconnaissance
b) Scanning
c) Gaining access
d) Maintaining access
Explanation: Scanning is done to look for entry points in a network or system in order to launch an attack and check whether the system is penetrable or not.
4. Which of them does not comes under scanning methodologies?
a) Vulnerability scanning
b) Sweeping
c) Port Scanning
d) Google Dorks
Explanation: Google dork is used for reconnaissance, which uses special search queries for narrowing down the search results. The rest three scanning methodologies are used for scanning ports (logical), and network vulnerabilities.
5. Which of them is not a scanning tool?
a) NMAP
b) Nexpose
c) Maltego
d) Nessus
Explanation: NMAP is used for both reconnaissance and scanning purposes. Nepose and Nessus are fully scanning tool. Maltego is an example of a reconnaissance tool used for acquiring information about target user.
6. Which of the following comes after scanning phase in ethical hacking?
a) Scanning
b) Maintaining access
c) Reconnaissance
d) Gaining access
Explanation: Gaining access is the next step after scanning. Once the scanning tools are used to look for flaws in a system, it is the next phase where the ethical hackers or penetration testers have to technically gain access to a network or system.
7. In __________ phase the hacker exploits the network or system vulnerabilities.
a) Scanning
b) Maintaining access
c) Reconnaissance
d) Gaining access
Explanation: Penetration testers after scanning the system or network tries to exploit the flaw of the system or network in “gaining access” phase.
8. Which of the following is not done in gaining access phase?
a) Tunnelling
b) Buffer overflow
c) Session hijacking
d) Password cracking
Explanation: Tunnelling is a method that is followed to cover tracks created by attackers and erasing digital footprints. Buffer overflow, session hijacking and password cracking are examples of gaining access to test the flaw in system or network.
9. Which of the below-mentioned penetration testing tool is popularly used in gaining access phase?
a) Maltego
b) NMAP
c) Metasploit
d) Nessus
Explanation: Metasploit is a framework and the most widely used penetration testing tool used by ethical hackers for testing the vulnerabilities in a system or network.
10. In general how many key elements constitute the entire security structure?
a) 1
b) 2
c) 3
d) 4
Explanation: The 4 key elements that constitute the security are: confidentiality, integrity, authenticity & availability. Authenticity is not considered as one of the key elements in some other security models, but the popular CIA Triad eliminates this as authenticity at times comes under confidentiality & availability.