Introduction

Nicolas just found a vulnerability on a public-facing system that is considered a

zero-day vulnerability. He sent an email to the owner of the public system
describing the problem and how the owner can protect themselves from that
vulnerability. He also sent an email to Microsoft informing them of the
problem that their systems are exposed to.
What type of hacker is Nicolas?

• A. Black hat
• B. White hat
• C. Gray hat
• D. Red hat
1. If you have been contracted to perform an attack against a target system,
you are what type of hacker?
• A) White hat
• B) Gray hat
• C) Black hat
• D) Red hat

2. Which of the following describes an attacker who goes after a target to draw
attention to a cause?
• A) Terrorist
• B) Criminal
• C) Hacktivist
• D) Script kiddie

3. What level of knowledge about hacking does a script kiddie have?

• A) Low
• B) Average
• C) High
• D) Advanced
4. Which of the following does an ethical hacker require to start evaluating a
system?
• A) Training
• B) Permission
• C) Planning
• D) Nothing

5. A white-box test means the tester has which of the following?

• A) No knowledge
• B) Some knowledge
• C) Complete knowledge
• D) Permission

6. Which of the following describes a hacker who attacks without regard for
being caught or punished?
• A) Hacktivist
• B) Terrorist
• C) Criminal
• D) Suicide hacker

7. What is a code of ethics?

• A) A law for expected behavior
• B) A description of expected behavior
• C) A corporate policy
• D) A standard for civil conduct

8. The group Anonymous is an example of what?

• A) Terrorists
• B) Script kiddies
• C) Hacktivists
• D) Grayware

9. Companies may require a penetration test for which of the following

reasons?
• A) Legal reasons
 • B) Regulatory reasons
• C) To perform an audit
• D) To monitor network performance

10. What should a pentester do prior to initiating a new penetration test?

• A) Plan
• B) Study the environment
• C) Get permission
• D) Study the code of ethics

11. Which of the following best describes what a hacktivist does?

• A) Defaces websites
• B) Performs social engineering
• C) Hacks for political reasons
• D) Hacks with basic skills

12. Which of the following best describes what a suicide hacker does?
• A) Hacks with permission
• B) Hacks without stealth
• C) Hacks without permission
• D) Hacks with stealth

13. Which type of hacker may use their skills for both benign and malicious
goals at different times?
• A) White hat
• B) Gray hat
• C) Black hat
• D) Suicide hacker

14. What separates a suicide hacker from other attackers?

• A) A disregard for the law
• B) A desire to be helpful
• C) The intent to reform
 • D) A lack of fear of being caught

15. Which of the following would most likely engage in the pursuit of
vulnerability research?
• A) White hat
• B) Gray hat
• C) Black hat
• D) Suicide hacker

16. Vulnerability research deals with which of the following?

• A) Actively uncovering vulnerabilities
• B) Passively uncovering vulnerabilities
• C) Testing theories
• D) Applying security guidance

17. How is black-box testing performed?

• A) With no knowledge
• B) With full knowledge
• C) With partial knowledge
• D) By a black hat

18. A contract is important because it does what?

• A) Gives permission
• B) Gives test parameters
• C) Gives proof
• D) Gives a mission

19. What does TOE stand for?

• A) Target of evaluation
• B) Time of evaluation
• C) Type of evaluation
• D) Term of evaluation

20. Which of the following best describes a vulnerability?

 • A) A worm
• B) A virus
• C) A weakness
• D) A rootkit

Which of the following is an example of a black box testing technique?

a) Fuzz testing
b) Penetration testing
c) Vulnerability scanning
d) Source code review

1. Which technique does an attacker use to secretly listen to

communication between users or devices and collect private
information to launch passive attacks?

A) Eavesdropping
B) Session hijacking
C) Spoofing
D) Privilege escalation

2. Which security element includes a checksum and access control to

ensure that data is not changed during transfer and that only authorized
people can modify it?

A) Integrity
B) Availability
C) Confidentiality
D) Non-repudiation
3. Which type of information warfare involves sensor-based technology
that directly disrupts technological systems?

A) Intelligence-based warfare
B) Economic warfare
C) Electronic warfare
D) Command-and-control warfare (C2 warfare)

4. In which phase of the cyber kill chain does an attacker create a

customized malicious payload using an exploit and a backdoor before
sending it to the victim?

A) Delivery
B) Reconnaissance
C) Weaponization
D) Installation

5. Which type of hacker raises awareness about social or political causes

while also increasing their online or offline reputation?

A) Suicide hackers
B) White hats
C) Hacktivists
D) Script kiddies

6. Which category of information warfare targets the virtual identities of

individuals or groups and includes cyber terrorism, semantic attacks,
and simulation-based warfare?

A) Cyberwarfare
B) Intelligence-based warfare
C) Economic warfare
D) Command-and-control warfare
 7. Sam, an attacker, was hired to disrupt an organization’s operations and
gain access to its remote system. During the attack, Sam tampered with
data in transit to break into the organization’s network. What type of
attack did Sam perform?

A) Insider attack
B) Passive attack
C) Active attack
D) Distribution attack

8. Which type of information warfare involves sensor-based technology

that directly corrupts technological systems?

A) Intelligence-based warfare
B) Economic warfare
C) Electronic warfare
D) Command-and-control warfare (C2 warfare)

In which phase of the cyber kill chain does the attacker’s malicious code
exploit a vulnerability in the operating system, application, or server on a
target system?

At this stage, the organization may face threats such as authentication and
authorization attacks, arbitrary code execution, phishing, security threats, and
security misconfiguration.

A) Weaponization
B) Exploitation
C) Reconnaissance
D) Installation

RECONNAISSANCE & FOOTPRINTING

Which of the following Google advanced search operators helps an attacker
in gathering information about websites that are similar to a specified target
URL?

• A. [inurl:]
• B. [info:]
• C. [site:]
• D. [related:]

You are a penetration tester working to test the user awareness of the
employees of the client XYZ. You harvested two employees’ emails from
some public sources and are creating a client-side backdoor to send it to the
employees via email.
Which stage of the cyber kill chain are you at?

• A. Reconnaissance
• B. Weaponization
• C. Command and control
• D. Exploitation
1. Which of the following best describes footprinting?
• A) Enumeration of services
• B) Discovery of services
• C) Discussion with people
• D) Investigation of a target

2. Which of the following is not typically used during footprinting?

• A) Search engines
• B) Email
• C) Port scanning
• D) Google hacking

3. Why use Google hacking?

• A) To fine-tune search results
• B) To speed up searches
• C) To target a domain
• D) To look for information about Google

4. What is the role of social engineering?

• A) To gain information about computers
• B) To gain information about social media
• C) To gain information from human beings
• D) To gain information about posts and cameras

5. What is EDGAR used to do?

• A) Validate personnel
• B) Check financial filings
• C) Verify a website
• D) Gain technical details
6. Which of the following can be used to tweak or fine-tune search results?
• A) Archiving
• B) Operators
• C) Hacking
• D) Refining

7. Which of the following can an attacker use to determine the technology and
structure within an organization?
• A) Job boards
• B) Archives
• C) Google hacking
• D) Social engineering

8. Which of the following can be used to assess physical security?

• A) Web cams
• B) Satellite photos
• C) Street views
• D) Interviews

9. Which of the following can help you determine business processes of your
target through human interaction?
• A) Social engineering
• B) Email
• C) Website
• D) Job boards

10. The Wayback Machine is used to do which of the following?

 • A) Get job postings
• B) View websites
• C) View archived versions of websites
• D) Backup copies of websites

11. Which record will reveal information about a mail server for a domain?
• A) A
• B) Q
• C) MS
• D) MX

12. Which tool can be used to view web server information?

• A) Netstat
• B) Netcraft
• C) Warcraft
• D) Packetcraft

13. What can be configured in most search engines to monitor and alert you of
changes to content?
• A) Notifications
• B) Schedules
• C) Alerts
• D) HTTP

14. What phase comes after footprinting?

• A) System hacking
• B) Enumeration
• C) Scanning
• D) Transfer files
15. If you can’t gain enough information directly from a target, what is another
option?
• A) EDGAR
• B) Social engineering
• C) Scanning
• D) Competitive analysis

16. What is the purpose of social engineering?

• A) Gain information from a computer through networking and other tools
• B) Gain information from the web looking for employee names
• C) Gain information from a job site using a careful eye
• D) Gain information from a human being through face-to-face or
electronic means

17. Which of the following would be a very effective source of information as

it relates to social engineering?
• A) Social networking
• B) Port scanning
• C) Websites
• D) Job boards

18. Footprinting can determine all of the following except __________?

• A) Hardware types
• B) Software types
• C) Business processes
• D) Distribution and number of personnel

19. Footprinting has two phases. What are they?

 • A) Active and pseudonymous
• B) Active and passive
• C) Social and anonymous
• D) Scanning and enumerating

20. Which tool can trace the path of a packet?

• A) Ping
• B) Tracert
• C) Whois
• D) DNS

1. Which of the following is a type of social engineering attack?

a) SQL injection
b) Cross-site scripting
c) Phishing
d) Buffer overflow

Which of the following tools can be used for passive OS fingerprinting?

A) Nmap
B) tcpdump
C) tracert
D) ping

What kind of OS fingerprinting approach examines the answer received after

sending specially constructed packets to the distant OS?
A. Passive
B. Reflective
C. Active
D. Distributive

Which of the following is NOT an example of a social engineering technique?

a) Pretexting
b) Phishing
c) Shoulder surfing
d) SQL injection
Which of the following is an example of a passive network reconnaissance
technique?

a) Port scanning
b) Ping sweep
c) Banner grabbing
d) Sniffing

NETWORK SCANNING
What is the main purpose of a port scanner?

a) To identify vulnerabilities in software

b) To encrypt network traffic
c) To identify open ports on a network
d) To monitor network traffic
1. Which of the following is used for banner grabbing?
• A) Telnet
• B) FTP
• C) SSH
• D) Wireshark

2. Which of the following is used for identifying a web server OS?

• A) Telnet
• B) Netcraft
• C) Fragroute
• D) Wireshark

3. Which of the following is used to perform customized network scans?

• A) Nessus
• B) Wireshark
• C) AirPcap
• D) nmap

4. Which of the following is not a flag on a packet?

• A) URG
• B) PSH
• C) RST
• D) END

5. An SYN attack uses which protocol?

• A) TCP
• B) UDP
• C) HTTP
• D) Telnet

6. Which of the following types of attack has no flags set?

• A) SYN
• B) NULL
 • C) Xmas tree
• D) FIN

7. What is missing from a half-open scan?

• A) SYN
• B) ACK
• C) SYN-ACK
• D) FIN

8. During an FIN scan, what indicates that a port is closed?

• A) No return response
• B) RST
• C) ACK
• D) SYN

9. During a Xmas tree scan what indicates a port is closed?

• A) No return response
• B) RST
• C) ACK
• D) SYN

10. What is the three-way handshake?

• A) The opening sequence of a TCP connection
• B) A type of half-open scan
• C) A Xmas tree scan
• D) Part of a UDP scan

11. A full-open scan means that the three-way handshake has been completed.
What is the difference between this and a half-open scan?
• A) A half-open uses TCP.
• B) A half-open uses UDP.
• C) A half-open does not include the final ACK.
• D) A half-open includes the final ACK.
12. What is the sequence of the three-way handshake?
• A) SYN, SYN-ACK, ACK
• B) SYN, SYN-ACK
• C) SYN, ACK, SYN-ACK
• D) SYN, ACK, ACK

13. What is an ICMP echo scan?

• A) A ping sweep
• B) A SYN scan
• C) A Xmas tree scan
• D) Part of a UDP scan

14. Which best describes a vulnerability scan?

• A) A way to find open ports
• B) A way to diagram a network
• C) A proxy attack
• D) A way to automate the discovery of vulnerabilities

15. What is the purpose of a proxy?

• A) To assist in scanning
• B) To perform a scan
• C) To keep a scan hidden
• D) To automate the discovery of vulnerabilities

16. What is Tor used for?

• A) To hide web browsing
• B) To hide the process of scanning
• C) To automate scanning
• D) To hide the banner on a system

17. Why would you need to use a proxy to perform scanning?

• A) To enhance anonymity
• B) To fool firewalls
 • C) Perform half-open scans
• D) To perform full-open scans

18. A vulnerability scan is a good way to do what?

• A) Find open ports
• B) Find weaknesses
• C) Find operating systems
• D) Identify hardware

19. A banner can do what?

• A) Identify an OS
• B) Help during scanning
• C) Identify weaknesses
• D) Identify a service

20. Nmap is required to perform what type of scan?

• A) Port scan
• B) Vulnerability scan
• C) Service scan
• D) Threat scan

What is the way to decide how a packet will move from an untrusted outside
host to a protected inside that is behind a firewall, which permits the hacker
to determine which ports are open and if the packets can pass through the
packet-filtering of the firewall?
A. Session hijacking
B. Firewalking
C. Man-in-the middle attack
D. Network sniffing