Ethical Hacking

Sample Exam V022024

1. Which of these was a famous hacktivist group?

A. Fan7a5ma
B. The Hackers
C. Anonymous

2. What is netcat?

A. It is a command line tool for writing and reading data over the network. Netcat uses TCP/IP
and UDP network protocols for data transmission.
B. It is a hacking tool for Windows.
C. It is a hacking tool for Linux.

3. What is MITRE ATT&CK?

A. It is a widely recognized and widely used cybersecurity framework developed by the MITRE
Corporation. It is intended to provide a detailed and structured framework describing
tactics, techniques, and procedures.
B. It is a widely recognized and widely used cybercriminal work process developed by the
NMAP Corporation. It is intended to provide a detailed framework of reference.
C. It is a widely recognized and widely used cybercriminal work process developed by the Kali
Linux Corporation. It is intended to provide a detailed framework.

4. What are PETS?

A. PETS is a set of tools, methods, practices and approaches designed to safeguard and
enhance the privacy and security of personal information in digital environments.
B. PETS are standards and practices for breaching computer equipment and stealing
information.
C. PETS are controlled environments where we can practice hacking are machines prepared to
be hacked.

5. What is a router?

A. It is a network device that is used to route and forward data traffic between computer
networks.
B. It is a device that functions as an antivirus on servers.
C. It is a network protocol for exchanging data in a secure manner.
6. What is a Honeypot?

A. It is a hacking tool designed to penetrate and vulnerate computer equipment.

B. It is a cybersecurity tool designed to attract and detect potential computer attacks, as well
as to divert attackers' attention away from a network's actual critical systems and assets.
C. It is a method for hacking Wi-Fi networks.

7. What is Denial-of-Service?

A. Commonly known as DoS (Dos of Service), it is a type of computer protection designed to

enable, or make accessible, the services, resources or systems of a network, server or device,
preventing legitimate users from accessing them.
B. It is a very powerful phishing attack.
C. Commonly known as DoS (Denial of Service) or DDoS (Distributed Denial of Service), it is a
type of computer attack designed to disrupt, disable, or render inaccessible the services,
resources, or systems of a network, server, or device, preventing legitimate users from
accessing them.

8. What is a threat?

A. It is any event, action, person, entity or situation that may jeopardize the confidentiality,
integrity or availability of an organization's or user's systems, data, networks or digital
information.
B. It is any event that can protect users within our organization.
C. It is any event, action, person, entity or situation that may compromise the integrity or
availability of an organization's or user's systems, data, networks or digital information.

9. What is a vulnerability?

A. It is the problems presented by system administrators in terms of documentation.

B. It refers to a configuration problem in the antivirus with which it cannot connect to the
Internet.
C. Refers to a weakness, flaw, or error in a system, application, software, or device that can be
exploited by an attacker to compromise the security of that system and perform
unauthorized actions.

10. How can I protect a system?

A. Keep firewall enabled, software and operating systems constantly updated.

B. Do not update anything on the computer.
C. Use MAC are very safe and there are no viruses.
11. What is Script kiddies?

A. They are inexperienced hackers who use automated tools to carry out attacks, without
having a deep knowledge of how computer systems and networks work.
B. They are hackers who are experts in the field and have in-depth knowledge.
C. They are hacking tool developers, always on the cutting edge.

12. What is Network Penetration Testing?

A. It focuses on evaluating the cabling and nodes of a site.

B. It focuses on evaluating the security of the network infrastructure, looking for possible
vulnerabilities that could be exploited by attackers.
C. Focuses on evaluating the activity on a cloud web server.

13. What is Web Application Penetration Testing?

A. It focuses on evaluating the security of the network infrastructure, looking for possible
vulnerabilities that could be exploited by attackers.
B. It is focused on evaluating organizations for the proper functioning of these organizations.
C. Focuses on evaluating the security of web applications, looking for possible vulnerabilities in
their code, such as SQL injections, XSS, CSRF, among others.

14. What is a BlackBox test?

A. Black box testing involves performing a security assessment with all the prior knowledge of
the network infrastructure.
B. Black box testing involves performing a security assessment and testing without prior
knowledge of the infrastructure or network infrastructure approve.
C. It is the test where you are given all the company's information to test all accesses.

15. What is the GrayBox test?

A. GrayBox testing involves user evaluation.

B. GrayBox testing involves user group evaluation.
C. GrayBox testing involves security assessment and internal testing.

16. What does a Vulnerability Analysis perform?

A. It checks that the systems are patched and have no critical and exploitable vulnerabilities.
B. It reviews the protocols to be followed by the IT area to solve problems.
C. Exploitation of all vulnerabilities is performed.
17. What is Post - Exploitation?

A. In this phase all the systems are exploited with the purpose of selling the information.
B. In this phase we have access to the system, so we will execute the activities that will allow
us to obtain the control of the equipment in a total way, to generate users, to elevate
privileges, to enter to the information.
C. At this point, we will violate everything we can, leaving the information exposed to the
entire Internet.

18. What is Google hacking?

A. It is a technique that uses Google's advanced search to search for sensitive or confidential
information on the web.
B. It is the search for information in books.
C. It is searching for videos on TikTok and YouTube.

19. What is VMware?

A. It is a malware with which you can encrypt the entire network.

B. It is a platform that is used to virtualize operating systems.
C. It is a very famous hacker.

20. What do we use Mash Phish for?

A. To hide a malicious link.

B. To hack into Windows computers.
C. Software to encrypt files.

21. What do we use Hidden Eye for?

A. To clone IP.
B. To clone web pages.
C. To clone DNS.

22. What is OSINT Framework?

A. It is a social network where hackers from all over the world interact.
B. It is a blog where hacking and security techniques for companies are shared.
C. It is an online platform that acts as a compilation of open-source tools and resources to
perform open-source intelligence.
23. What is end-to-end encryption?

A. A method of protecting information only on central servers.

B. A technique for encrypting data from source to destination.
C. A cloud security protocol.
D. A biometric authentication system.

24. What is Spear phishing?

A. It is a social engineering attack that targets large companies or specific individuals.

B. It is a brute force attack on email accounts.
C. It is a hacker cryptocurrency.

25. What is a "keylogger" in the field of hacking?

A. A program that records keystrokes.

B. A virus that destroys important files.
C. An advanced encryption system.
D. A Wi-Fi password cracking device.

26. What does an "ethical hacker" do?

A. Accesses systems illegally to obtain information.

B. Uses their skills to help protect systems and networks.
C. Distributes viruses to damage computers.
D. Performs cyber-attacks for financial gain.

27. What is "pharming" in terms of hacking?

A. A social engineering attack aimed at obtaining confidential information.

B. Identity theft on social networks.
C. Redirection of legitimate web traffic to a fake website.

28. Which of the following is a type of attack that uses multiple compromised devices to
perform the attack?

A. Phishing
B. DDoS.
C. Pharming.
29. What is "SQL Injection" in terms of hacking?

A. An attack that uses email to obtain confidential information.

B. A technique to inject malicious code into a database through user input.
C. Identity theft in a network environment.
D. An attack that blocks legitimate access to a system.

30. What does "DoS" mean in a computer attack?

A. Denial of Software.
B. Detection of Systems.
C. Denial of Service.

31. Which of the following best defines "wardriving"?

A. Port scanning on a network.

B. Scanning for vulnerable wireless networks while roaming.
C. Technique for obtaining network access passwords.

32. What is a dictionary?

A. It is a list of keywords to brute force.

B. It is a list of methods for breaking into web pages.
C. It is an exploit method for cell phones.

33. Do Google dorks show hacked computers?

A. NO, Google dorks works to search for specific topics.

B. YES, Google dorks hacks pages for us in order to access data.
C. YES, Google dorks works as a backdoor to all web pages.

34. Does Wpscan work to perform scans of WordPress pages?

A. YES, wpscan performs this task.

B. NO, for that we use shodan.
C. NO, for that we use hydra.
35. Is an outdated operating system secure?

A. YES, cyber-criminals are no longer interested in them.

B. NO, it is more prone to be attacked because it no longer has security patches.
C. YES, they are systems that are no longer used and no one cares about them.
36. Are the use of cracks good for the equipment?

A. YES, you permanently activate the programs without paying for them.
B. NO, since the cracks come previously installed for the best operation of Windows servers.
C. NO, since they are loaded with malicious software.

37. Can an FTP protocol be breached?

A. NO, it is very secure.

B. YES, with the right techniques.
C. YES, by asking the administrator for the username and password.

38. What is a reverse Shell?

A. A common Linux command console.

B. It refers to a process in which the victim's machine connects to the attacker's machine to
receive commands.
C. Refers to when the terminal is run with root.

39. What is Nessus used for?

A. To watch videos on a blocked network.

B. To scan a network or system for vulnerabilities.
C. For automated hacking.

40. Can Kali Linux only be used by criminals?

A. YES, it is a forbidden system.

B. NO, it can be used by cybersecurity enthusiasts.
C. YES, with this, criminal acts are carried out.

41. What are zero-days?

A. It is the time between December 31 and January 1.

B. It is a very important computer event.
C. It is a vulnerability discovered without a patch or update.

42. As a pentester we can exploit any vulnerability regardless of its effects:

A. YES, we have all the freedom.

B. NO, since performing these acts without consent is a crime.
C. YES, we have all the power to perform these processes without consent.
43. What is a security breach?

A. It is a breakdown on the Internet.

B. Is a cyber security incident that affects personal or corporate data in different ways.
C. It is the hacking of the entire Internet.

44. What is a keylogger?

A. A database registry key.

B. They track and record every key pressed on a computer, often without the user's permission
or knowledge.
C. A free antivirus on Linux.

45. What does SQLMAP do?

A. It is an open-source tool that allows you to automate the process of a SQL injection attack.
B. It is a paid tool to manage sql databases.
C. It is Google Chrome's competitor.

46. What is spoffing?

A. It is a network analysis method such as nmap.

B. It consists of usurping an electronic identity to hide one's own identity in order to commit
crimes on the Internet.
C. It is a method of registering a name on the Internet that cannot be duplicated.

47. What is a WAF?

A. A Web Application Firewall (WAF) protects the web application server from multiple
attacks.
B. A Web Application Form (WAF) protects printers from multiple attacks.
C. A Web Application Functional (WAF) protects computers from multiple attacks.

48. What is a firewall?

A. A computer program that monitors all computers on the network.

B. Software that controls access from a computer to the network and from network elements
to the computer for security purposes.
C. Software that controls the domain of an organization.
49. What is a flag? Inside the machines that we breach

A. A common flag with a pirate skull in meaning of hackers.

B. A list of commands used as a guide to hack the machine.
C. A file inside the machine with a keyword or key letters to prove that it was successfully
breached.

50. Is it illegal to practice with vulnhub machines?

A. YES, you are hacking into a system without authorization.

B. NO, since these machines are in a local environment and have no contact with any
organization.
C. NO, since these machines do not have existing vulnerabilities and are only used to view
them.

51. What is ethical responsibility in hacking?

A. Perform the scanning with knowledge.

B. Ensure that the scanning is performed without permission and for illegitimate purposes.
C. Ensure that the scanning is performed with permission and for legitimate purposes.

52. What is a vulnerability scan?

A. It is the process of identifying, quantifying and prioritizing vulnerabilities in computer

systems.
B. It is the process of mapping the network and nodes in a building for better distribution.
C. It is the process of identifying and exploiting breaches no matter what.

53. What is a public IP?

A. Public IP addresses are assigned by Internet service providers.

B. It is the IP address assigned to devices by the modem.
C. It is an IP that everyone uses.

54. What is a private IP?

A. It is an IP that no one can use.

B. Private IP addresses are used to enable communication between devices within a local
network.
C. It is the IP address assigned by the service provider.
55. What system is Kali Linux based on?

A. Windows.
B. Ubuntu.
C. Debian.

56. Besides Kali Linux, what other operating system is used for hacking?

A. Parrot OS.
B. Hannah Montana Linux.
C. Windows XP.

57. What is a SQL Injection?

A. Manipulation of SQL queries to access, modify or delete data in a database.

B. It is a database used by hackers.
C. It is an execution of SQL code that only the administrator can perform.

58. Which command would you use in Nmap to scan the entire 192.168.100.1 network and
view operating system and ports?

A. nmap -sV -O 192.168.100.1/24

B. nmap -SV -O 192.168.100.1
C. sqlmap -u 192.168.100.1 - -dbs

59. What is the objective of Pentesting?

A. Hacking into unauthorized systems

B. The main purpose of penetration testing is to find weaknesses in security before they can be
exploited by real attackers.
C. Exploiting vulnerabilities in order to sell information to the highest bidder.

60. What is most vulnerable within an organization?

A. Servers.
B. Wi-Fi network.
C. People.

61. When critical vulnerabilities are detected, what should be done?

A. Exploit it and extract as much information as possible.

B. Inform the corresponding area for a prompt solution.
C. Document the problem and do nothing.

62. What is a Reverse Shell?

A. It is a technique used in cybersecurity and ethical hacking that allows an attacker to gain
access to a remote machine and control it from an external location.
B. It is a technique used in cybersecurity and ethical hacking that allows a hacker to gain access
to the Wi-Fi network remotely and control traffic from an external location.
C. It is a technique used for port scanning.

63. What is a black hat hacker?

A. They use their computer skills to steal confidential information, to infect computer systems,
to restrict access to a system.
B. They use their computer skills to protect confidential information in order to restrict access
to a system.
C. They check the wiring of facilities, support users and are aware of servers in small
businesses.

64. What is a hacktivist?

A. It refers to politicians who get involved in social issues by facing the consequences in the
news.
B. It refers to hacking into a computer system for political or social purposes. A hacktivist
breaks into a computer system, but always for the purpose of influencing ideological,
religious, political or social causes.
C. They use their computing skills to steal confidential information, to infect computer systems,
to restrict access to a system.

65. What is a brute force dictionary?

A. It is a document where passwords are stored that could possibly be the correct ones to
enter the system.
B. A common dictionary, it contains words and their meaning.
C. A plain text document where passwords are usually stored.

66. The Wikileaks group. What type of hackers are they?

A. Back Hat.
B. Hacktivists.
C. Ethical Hackers.
67. Are all Wi-Fi networks secure?

A. Yes.
B. No.

68. Which vulnerability times should be solved with the highest priority?

A. High.
B. Medium.
C. Low.

69. What does ransomware do to a system?

A. It removes viruses.
B. It improves performance.
C. Encrypts all files.

70. Is it possible to clone a web page?

A. Yes.
B. No.

71. If a web page has HTTPS, does it mean that it is legitimate?

A. No, because HTTPS only indicates that the connection is encrypted.

B. Yes, since it shows the padlock.
C. Yes, the HTTPS connection always appears on 100% secure sites.
 Answers
37. B
1. C 38. B
2. A 39. B
3. A 40. B
4. A 41. C
5. A 42. B
6. B 43. B
7. C 44. B
8. A 45. A
9. C 46. B
10. A 47. A
11. A 48. B
12. B 49. C
13. C 50. B
14. B 51. C
15. C 52. A
16. A 53. A
17. B 54. B
18. A 55. C
19. B 56. A
20. A 57. A
21. B 58. A
22. C 59. B
23. B 60. C
24. A 61. B
25. A 62. A
26. B 63. A
27. C 64. B
28. B 65. A
29. B 66. B
30. C 67. B
31. B 68. A
32. A 69. C
33. A 70. A
34. A 71. A
35. B
36. C