Ethical Hacker Mini Quiz


Thirty Five questions and answers every Ethical Hacker should know.

Click the back button or arrow to return to this page.

1.) What is the focus of a security audit or vulnerability assessment?

A. Locating vulnerabilities
B. Locating threats
C. Enacting threats
D. Exploiting vulnerabilities
answer

2.) What kind of physical access device restricts access to a single individual at any onetime?

A. Checkpoint
B. Perimeter security
C. Security zones
D. Mantrap
answer

3.) Which is a mechanism for managing digital certificates through a system of trust?

A. PKI
B. PKCS
C. ISA
D. SSL
answer

4.) Which protocol is used to create a secure environment in wireless networks?

A. WAP
B. WPA
C. WTLS
D. WML
answer

5.) What exercise is conducted with full knowledge of the target environment?

A. White Box
B. Gray Box
C. Black Box
D. Glass Box
answer

6.) Which technology would establish a network connection between two LANs using the Internet?

A. L2TP
B. IPSEc
C. SLIP
D. PPP
answer

7.) Which design concept limits access to systems from outside users while protecting users and systems inside the LAN?

A. Router
B. I&A
C. VLAN
D. DMZ
answer

8.) In the key recovery process, which key must be recoverable?

A. Escrow
B. Previous
C. Secret
D. Rollover
answer

9.) What attack is designed to overload a system or resource taking it offline?

A. SYN Flood
B. Trojan
C. Man In The Middle
D. Spoofing
answer

10.) Which component of an NIDS collects data?

A. Analyzer
B. Event
C. Sensor
D. Data Source
answer

11.) What is the process of making an operating system secure from attack?

A. Locking Down
B. Sealing
C. Tuning
D. Hardening
answer

12.) The integrity component provides which feature of the CIA triad?

A. Verification that information is accurate
B. Verification that ethics are properly maintained
C. Establishment of clear access control of data
D. Verification that data is kept private and secure
answer

13.) Which mechanism is used by PKI to allow immediate verification of a certificate’s validity?

A. CRL
B. MD5
C. SSHA
D. OCSP
answer

14.) Which of the following is used to create a VLAN from a physical security perspective?

A. Hub
B. Switch
C. Router
D. Firewall
answer

15.) A user downloads an account.doc a file from a client using IM, and the system starts acting unusual. What is the most likely event that occurred?

A. Your user inadvertently downloaded a macro virus using IM
B. Your user may have downloaded a rootkit
C. Your user may have accidently changed a setting on the system
D. The system is unstable due to the use of IM
answer

16.) Which is used to enable or disable access to a network resource based on attacks that have been detected?

A. NIDS
B. NIPS
C. NITS
D. NADS
answer

17.) Which of the following provides extra security to an Internet web server?

A. Changing the default port for traffic to 80
B. Changing the default port for traffic to 1019
C. Changing the default port for traffic to 443
D. Changing the default port for traffic to 161
answer

18.) What type of program propagates and spreads itself to other systems without interaction from users?

A. Virus
B. Trojan Horse
C. Logic Bomb
D. Worm
answer

19.) You're at the office and a stranger claims to be a service technician asking about apps, hardware, and other employess. What kind of attack would this be?

A. Social Engineering
B. Access Control
C. Perimeter Screening
D. Behavioral Engineering
answer

20.) Which of the following is a major security problem with FTP?

A. Password files are stored in an unsecure area on disk
B. Memory traces can corrupt file access
C. User IDs and passwords are unencrypted
D. FTP sites are unregistered
answer

21.) Which system would you install to provide detective capabilities within a network?

A. NIDS
B. HIDS
C. NIPS
D. HIPS
answer

22.) The process of maintaining the integrity of evidence and ensuring no gaps in possession occur is known as what?

A. Security Investigation
B. Chain of Custody
C. Three As of Investigation
D. Security Policy
answer

23.) What encryption process uses one piece of information as a carrier for another?

A. Steganography
B. Hashing
C. MD5
D. Cryptointelligence
answer

24.) Which policy dictates how assets can be used by employees of a company?

A. Security Policy
B. User Policy
C. Use Policy
D. Enforcement Policy
E. Acceptable Use Policy
answer

25.) Which algorithm is an asymmetric encryption protocol?

A. RSA
B. AES
C. DES
D. 3DES
answer

26.) Which of the following is an example of a hashing algorithm?

A. ECC
B. PKI
C. SHA
D. MD5
answer

27.) Which of the following creates a fixed-length output from a variable-length input?

A. MD5
B. MD7
C. SHA12
D. SHA8
answer

28.) A retina scan to grant access is an example of what authentication method?

A. Smart Card
B. I&A
C. Biometrics
D. CHAP
answer

29.) Which is referred to as a physical address to a computer system?

A. MAC
B. DAC
C. RBAC
D. STAC
answer

30.) What is the process of investigating a computer system for information relating to asecurity incident?

A. Computer Forensics
B. Virus Scanning
C. Security Policy
D. Evidence Gathering
answer

31.) Which protocol should be used in place of Telnet and FTP?

A. SSL
B. SCP
C. Telnet2
D. SSH
answer

32.) Which of the following is commonly used to create thumb prints for digital certificates?

A. MD5
B. MD7
C. SHA12
D. SHA8
answer

33.) Granting access to a system based on a factor such as a password is an example of what?

A. Something You Have
B. Something You Know
C. Something You Are
D. Something You Smell
answer

34.) What item is also referred to as a logical address to a computer system?

A. IP Address
B. IPX Address
C. MAC Address
D. SMAC Address
answer

35.) How many bits are in an IPv6 address?

A. 32
B. 64
C. 128
D. 256
answer

Every CompTIA CEH assessment ask similar questions. As an Ethical Hacker or IT Tech Support person you need to be well versed in each topic.