Category: Cyber Security Objective Questions

Cyber Security Multiple Choice Questions on “Information Security Technologies”.

1. _______ is the practice and precautions taken to protect valuable information from unauthorised access, recording, disclosure or destruction.
a) Network Security
b) Database Security
c) Information Security
d) Physical Security

Answer: c
Clarification: Information Security (abbreviated as InfoSec) is a process or set of processes used for protecting valuable information for alteration, destruction, deletion or disclosure by unauthorised users.

2. From the options below, which of them is not a threat to information security?
a) Disaster
b) Eavesdropping
c) Information leakage
d) Unchanged default password

Answer: d
Clarification: Disaster, eavesdropping and information leakage come under information security threats whereas not changing the default password of any system, hardware or any software comes under the category of vulnerabilities that the user may pose to its system.

3. From the options below, which of them is not a vulnerability to information security?
a) flood
b) without deleting data, disposal of storage media
c) unchanged default password
d) latest patches and updates not done

Answer: a
Clarification: Flood comes under natural disaster which is a threat to any information and not acts as a vulnerability to any system.

4. _____ platforms are used for safety and protection of information in the cloud.
a) Cloud workload protection platforms
b) Cloud security protocols
c) AWS
d) One Drive

Answer: a
Clarification: Nowadays data centres support workloads from different geographic locations across the globe through physical systems, virtual machines, servers, and clouds. Their security can be managed using Cloud workload protection platforms which manage policies regarding security of information irrespective of its location.

5. Which of the following information security technology is used for avoiding browser-based hacking?
a) Anti-malware in browsers
b) Remote browser access
c) Adware remover in browsers
d) Incognito mode in a browser

Answer: b
Clarification: Cyber-criminals target browsers for breaching information security. If a user establishes a remote browsing by isolating the browsing session of end user, cyber-criminals will not be able to infect the system along with browser with malware, ultimately reducing the attack surface area.

6. The full form of EDR is _______
a) Endpoint Detection and recovery
b) Early detection and response
c) Endpoint Detection and response
d) Endless Detection and Recovery

Answer: c
Clarification: It is a collective name for tools that monitor networks & endpoints of systems and record all the activities for further reporting, analysis & detection in a central database. Analyzing the reports generated through such EDR tools, loopholes in a system or any internal, as well as external breaching attempts can be detected.

7. _______ technology is used for analyzing and monitoring traffic in network and information flow.
a) Cloud access security brokers (CASBs)
b) Managed detection and response (MDR)
c) Network Security Firewall
d) Network traffic analysis (NTA)

Answer: d
Clarification: Network traffic analysis (NTA) is an approach of information security for supervising the traffic in any network, a flow of data over the network as well as malicious threats that are trying to breach the network. This technological solution also helps in triage the events detected by Network Traffic Analysing tools.

8. Compromising confidential information comes under _________
a) Bug
b) Threat
c) Vulnerability
d) Attack

Answer: b
Clarification: Threats are anything that may cause damage or harm to a computer system, individual or any information. Compromising of confidential information means extracting out sensitive data from a system by illegal manner.

9. Lack of access control policy is a _____________
a) Bug
b) Threat
c) Vulnerability
d) Attack

Answer: c
Clarification: Access control policies are incorporated to a security system for restricting of unauthorised access to any logical or physical system. Every security compliance program must need this as a fundamental component. Those systems which lack this feature is vulnerable.

10. Possible threat to any information cannot be ________________
a) reduced
b) transferred
c) protected
d) ignored

Answer: d
Clarification: When there lies a threat to any system, safeguards can be implemented, outsourced, distributed or transferred to some other system, protected using security tools and techniques but cannot be ignored.

Cyber Security Question Paper on “Enumerating in Cyber Security”.

1. Attackers commonly target ____________ for fetching IP address of a target or victim user.
a) websites
b) web pages
c) ip tracker
d) emails

Answer: a
Clarification: Enumeration by cyber-attackers is possible through websites also, as the attackers target websites for fetching the IP address of the victim or the target user.

2. Developing a fake or less useful website and is meant to just fetch the IP address is very easily done by attackers.
a) True
b) False

Answer: a
Clarification: Developing a fake or less useful website and is meant to just fetch the IP address is very easily done by attackers. Enumeration by cyber-attackers is possible through websites also, as the attackers target websites for fetching the IP address of the victim or the target user.

3. What common web scripting languages are used by attackers to fetch various details from its surfing users?
a) Tcl and C#
b) C++ and HTML
c) HTML and Python
d) Perl and JavaScript

Answer: d
Clarification: Various scripting languages are used by attackers, such as Perl and JavaScript, that are programmed to fetch not only the IP address from the site but also other user’s personal information.

4. ______________ is the first phase of ethical hacking.
a) DNS poisoning
b) Footprinting
c) ARP-poisoning
d) Enumeration

Answer: b
Clarification: Footprinting is the first phase of Ethical Hacking where a gathering of information is done for the process of hacking or attacking any victim or system. Here that attacker tries to discover as much attack vectors as possible. Footprinting is also known as Reconnaissance.

5. Enumeration is done to gain information. Which of the following cannot be achieved using enumeration?
a) IP Tables
b) SNMP data, if not secured appropriately
c) Private chats
d) List of username and password policies

Answer: c
Clarification: Enumeration is an information gaining technique used in ethical hacking to achieve data regarding victim’s IP table, SNMP data, lists of username and passwords of different systems etc but not private chats.

6. Enumeration does not depend on which of the following services?
a) DNS enumeration
b) SNMP enumeration
c) NTP enumeration
d) HTTPS enumeration

Answer: d
Clarification: Enumerations depend on the different services that the system offers. These services are – SMB enumeration, DNS enumeration, SNMP numeration, NTP enumeration, and Linux/Windows enumeration.

7. __________ suite is used for NTP enumeration.
a) DNS
b) NTP
c) HTTP
d) SNMP

Answer: b
Clarification: NTP Suite is employed for NTP enumeration. This is significant for a network environment; where anyone can discover other primary servers which assist the hosts to update their time, and the entire process can be done without authenticating.

8. enum4linux is used to enumerate _______________
a) Linux systems
b) Windows systems
c) Chrome systems
d) Mac systems

Answer: a
Clarification: ‘enum4linux’ is implemented for enumerating the Linux systems. Using this, the attacker can examine and establish the usernames that are present in a target host.

9. ___________ is used that tries for guessing the usernames by using SMTP service.
a) smtp-user-enum
b) smtp-enum
c) snmp-enum
d) snmp-user-enum

Answer: a
Clarification: SNMP-user-enum is used that tries to guess the usernames by using SMTP service. Using this, an attacker can examine and establish the usernames that are present in a target host.

10. To stop your system from getting enumerated, you have to disable all services.
a) True
b) False

Answer: a
Clarification: To stop your system from getting enumerated, it is recommended to disable all services that are not in use. It lessens the potential of OS enumeration of your system.

11. Even our emails contain the IP address of the sender which helps in the enumeration. We can get this IP from ___________ from within the email.
a) ‘forward’ option
b) ‘show original’ option
c) ‘Show full email’
d) ‘View Original’ option

Answer: b
Clarification: It is possible to know the IP address of the sender of your email by opening the email and going to the ‘more’ button and then selecting the ‘show original’ option. In this way, one can find the IP address and do enumeration.

12. Network enumeration is the finding of __________ or devices on a network.
a) hosts
b) servers
c) network connection
d) cloud storage

Answer: a
Clarification: Network enumeration is the detection of hosts or devices on a particular network. Network enumeration is a computing action used in which usernames & info about user-groups, shares as well as services of networked computers can be regained.

13. A _______________ is a computer program implemented for recovering usernames & info on groups, shares as well as services of networked computers.
a) hardware enumerator
b) software enumerator
c) network enumerator
d) cloud enumerator

Answer: c
Clarification: A network enumerator is a computer program implemented for recovering usernames & info on groups, shares as well as services of networked computers. These type of programs are used for network enumeration in order to detect hosts or devices on a particular network.

14. Network enumerator is also known as ________________
a) hardware scanner
b) software enumerator
c) program enumerator
d) network scanner

Answer: d
Clarification: Network enumerator is also known as Network scanner which is a computer program implemented for recovering usernames & info on groups, shares as well as services of networked computers.

Cyber Security online test on “Security Phases – Data Leakage and Prevention”.

1. ______________ is the unauthorized movement of data.
a) Data exfiltration
b) Data infiltration
c) Data cracking
d) Database hacking

Answer: a
Clarification: Data exfiltration is the unauthorized movement of data. It comprises data exportation, data extrusion, data leakage, and data theft and all of them come under data hacking.

2. Which of them is an example of physical data leakage?
a) Dumpster diving
b) MiTM
c) DDoS
d) Phishing

Answer: a
Clarification: Physical data leakage can be done intentionally by criminal-minded people who can fetch data from dumpster diving, shoulder surfing, data mentioned in printed papers or taken out of photocopiers.

3. Which of them is not an example of data leakage done using electronic communication with malicious intent?
a) Phishing
b) Spoofed Email
c) Attacks using malware
d) Dumpster diving

Answer: d
Clarification: Many organizations provide employees right to use the internet, emails as well as instant messaging as part of their role. But these are prior targets of hackers for data leaking using techniques such as phishing, spoofing and attacking target victim using malware.

4. The three steps of data loss prevention are – Identify, Discover and______________
a) Classify
b) Clarify
c) Deletion
d) Detection

Answer: a
Clarification: The three steps of data loss prevention are – Identify, Discover and Classify. First, you have to identify the systems of records. Then you’ve to classify what comprises of sensitive data on those systems & discover the data elements which are sensitive depending on those classifications.

5. Which of the following is not a step of data-loss prevention?
a) Identify
b) Manage
c) Classify
d) Discover

Answer: b
Clarification: The three steps of data loss prevention are – Identify, Discover and Classify. First, you have to identify the systems of records. Then you’ve to classify what comprises of sensitive data on those systems & discover the data elements which are sensitive depending on those classifications.

6. Mapping of data-flow in an organization is very useful in understanding the risk better due to actual & potential data leakage.
a) True
b) False

Answer: a
Clarification: Mapping of data-flow in an organization from different systems (to record the downstream and upstream sources) is very useful in understanding the risk better due to actual & potential data leakage.

7. Data leakage prevention is based on factors like access controls, persistent, encryption, alerting, tokenization, blocking dynamic data masking, etc.
a) True
b) False

Answer: a
Clarification: Data leakage prevention is based on factors like access controls, persistent, encryption, alerting, tokenization, blocking dynamic data masking, etc. Like data loss prevention, data leakage also needs concern and care for data safety.

8. Data leakage threats are done by internal agents. Which of them is not an example of an internal data leakage threat?
a) Data leak by 3rd Party apps
b) Data leak by partners
c) Data leak by employees
d) Data leak from stolen credentials from the desk

Answer: a
Clarification: Data leak by 3rd Party apps is an example of malicious outsider threat that falsely gained access by masquerading itself. Data leak by business partners, employees or from stolen credentials are insider’s data-leakage threats.

9. _____________ on the detection & prevention of sensitive data exfiltration and lost data.
a) Data loss prevention
b) Data loss measurement
c) Data stolen software
d) Data leak prevention

Answer: a
Clarification: Data loss prevention on the detection & prevention of sensitive data exfiltration and lost data. It also deals with lost & stolen thumb drive or data blocked by ransomware attacks.

Cyber Security Multiple Choice Questions on “Attack Vectors – Digital Privacy”.

1. _______________deals with the protection of an individual’s information which is implemented while using the Internet on any computer or personal device.
a) Digital agony
b) Digital privacy
c) Digital secrecy
d) Digital protection

Answer: b
Clarification: Digital Privacy deals with the protection of an individual’s information which is implemented while using the Internet on any computer or personal device.

2. _______________ is a combined term which encompasses 3 sub-pillars; information privacy, individual privacy, and communication privacy.
a) Digital Integrity
b) Digital privacy
c) Digital secrecy
d) Digital protection

Answer: b
Clarification: Digital Privacy is a combined term which encompasses 3 sub-pillars; information privacy, individual privacy, and communication privacy where all of them deal with the protection of an individual’s information.

3. Which of the following do not comes under the three pillars of digital privacy?
a) Information privacy
b) Individual privacy
c) Communication privacy
d) Family privacy

Answer: d
Clarification: Digital Privacy encompasses 3 sub-pillars; information privacy, individual privacy, and communication privacy. Family privacy is not a part of its 3-pillars.

4. Which of the following is not an appropriate solution for preserving privacy?
a) Use privacy-focussed SE
b) Use private Browser-window
c) Disable cookies
d) Uninstall Antivirus

Answer: d
Clarification: Preserving data privacy needs some appropriate which are by using privacy-focussed search engines, using private browser window and by disabling cookies.

5. Which of the following is not an appropriate solution for preserving privacy?
a) Use privacy-focussed SE
b) Close all logical ports
c) Do not use malicious sites and torrent sites
d) Use VPN

Answer: b
Clarification: Closing of all logical ports is done to secure system from Trojans. Some appropriate way out for preserving privacy is by using VPNs, using private browser window & by disabling cookies also.

6. Which of the following is not a private Search-engine?
a) Yahoo
b) DuckDuckGo
c) StartPage
d) Wolfram Alpha

Answer: a
Clarification: Digital Privacy includes information privacy, individual privacy & communication privacy. One appropriate solution for preserving privacy is by using privacy-focussed search engines like DuckDuckGo, StartPage and Wolfram Alpha.

7. Which of the following is a private Search-engine and do not track our searching data?
a) Google
b) Search Encrypt
c) Bing
d) Yahoo

Answer: b
Clarification: Digital Privacy can be preserved in different ways. Few suitable solutions for preserving privacy are by using privacy-focussed search engines like Search Encrypt, DuckDuckGo, StartPage and Wolfram Alpha.

8. It is necessary to use ________________ for maintaining searched data privacy.
a) Private email services
b) Private search engines
c) Tor Browser
d) Private Browser window

Answer: b
Clarification: It is necessary to use private search engines for maintaining searched data privacy. They do not keep track of your searched terms or your browsing behaviour and habits. Examples are like Search Encrypt, DuckDuckGo, StartPage and Wolfram Alpha.

9. Which of the following browser is used for Privacy purpose?
a) Chrome
b) Firefox
c) Opera
d) Tor

Answer: d
Clarification: In the complex world where e-privacy is a concern, one should preserve their online privacy. Some appropriate measures for preserving privacy are by using browsers like Tor and by disabling cookies.

10. The Tor browser protects your privacy by bouncing your connection and links around a distributed network over the globe run by volunteers. It gives three layers of anonymity.
a) True
b) False

Answer: a
Clarification: The Tor browser protects your privacy by bouncing your connection and links around a distributed network over the globe run by volunteers. It gives three layers of anonymity.

11. The __________________ protects your privacy by bouncing your connection and links around a distributed network over the globe run by volunteers. It gives three layers of anonymity.
a) Cookie removers
b) Private Search Engines
c) Tor browser
d) VPNs

Answer: c
Clarification: Privacy of data and communication is a major concern nowadays. The Tor browser protects your privacy by bouncing your connection and links around a distributed network over the globe run by volunteers.

12. Which of the following is not an example of privacy-browser?
a) Tor
b) Brave
c) Epic
d) Opera

Answer: d
Clarification: Digital Privacy gets eliminated if you are using usual browsers that do not have encrypted security measures to preserve your piracy. One appropriate solution for preserving privacy is by using browsers like Tor, Brave and Epic.

13. ____________ allow its users to attach to the internet via a remote or virtual server which preserves privacy.
a) Cookie removers
b) VPNs
c) Tor browser
d) Private Search Engines

Answer: b
Clarification: There is a suitable solution for preserving privacy is by using privacy-focussed search engines, and by using VPNs. VPNs allow its users to attach to the internet via a remote or virtual server which preserves privacy.

14. The ____________ transferred between your device & the server is securely encrypted if you are using VPNs.
a) data
b) virus
c) music files
d) document files

Answer: a
Clarification: VPNs allow its users to attach to the internet via a remote or virtual server which preserves privacy. The data transferred between your device & the server is securely encrypted if you are using VPNs.

15. The data transferred between your device & the server is securely _____________ if you’re using VPNs.
a) locked
b) sealed
c) packed
d) encrypted

Answer: d
Clarification: VPNs allow its users to attach to the internet via a remote or virtual server which preserves privacy. If you are using VPN, the data between your device & the server gets securely transmitted.

Cyber Security Problems on “Types of Cryptography”.

1. _____________________ is the art & science of cracking the cipher-text without knowing the key.
a) Cracking
b) Cryptanalysis
c) Cryptography
d) Crypto-hacking

Answer: b
Clarification: Cryptanalysis is the art & science of cracking the cipher-text without knowing the key. This technique is also implemented for designing new cryptographic algorithms or to test their strengths.

2. The process of disguising plaintext in such a way that its substance gets hidden (into what is known as cipher-text) is called _________________
a) cryptanalysis
b) decryption
c) reverse engineering
d) encryption

Answer: d
Clarification: Cryptography is a means of storing & transmitting information in a specific format so that only those for whom it is planned can understand or process it. The process of disguising plaintext in such a way that its substance gets hidden (into what is known as cipher-text) is called encryption.

3. The method of reverting the encrypted text which is known as cipher text to its original form i.e. plain text is known as ________________
a) cryptanalysis
b) decryption
c) reverse engineering
d) encryption

Answer: b
Clarification: Cryptography helps in securing a specific format so that only intended users can understand or process it. The method of reversing the encrypted text which is known as cipher text to its original form i.e. plain text is known as decryption.

4. Which of the following is not the primary objective of cryptography?
a) Confidentiality
b) Data Integrity
c) Data Redundancy
d) Authentication

Answer: c
Clarification: The key intent of implementing cryptography is to offer the following 4 fundamental information security features. These are Confidentiality, Data Integrity, Authentication and non-repudiation.

5. Which of the following is not the primary objective of cryptography?
a) Confidentiality
b) Data Redundancy
c) Non-repudiation
d) Authentication

Answer: b
Clarification: Cryptography offers 4 fundamental information security features. These are Confidentiality, Data Integrity, Authentication and non-repudiation.

6. Cryptography offers a set of required security services. Which of the following is not among that 4 required security services?
a) Encryption
b) Message Authentication codes
c) Hash functions
d) Steganography

Answer: d
Clarification: There are 4 desired & necessary security services are encryption, Message Authentication Codes (MAC), digital signatures and hash functions. These help in securing the transmission of data.

7. A cryptosystem is also termed as ______________
a) secure system
b) cipher system
c) cipher-text
d) secure algorithm

Answer: b
Clarification: Cryptography is a means of storing & transmitting information in a specific format so that only those for whom it is planned can understand or process it. Cryptosystem which is also known as a cipher system is execution of cryptographic algorithms & techniques.

8. ______________ is the mathematical procedure or algorithm which produces a cipher-text for any specified plaintext.
a) Encryption Algorithm
b) Decryption Algorithm
c) Hashing Algorithm
d) Tuning Algorithm

Answer: a
Clarification: Encryption Algorithm is the mathematical procedure or algorithm which produces a cipher-text for any specified plaintext. Inputs it takes are the plain text and the key.

9. _______________ takes the plain text and the key as input for creating cipher-text.
a) Decryption Algorithm
b) Hashing Algorithm
c) Tuning Algorithm
d) Encryption Algorithm

Answer: a
Clarification: Encryption Algorithm is the mathematical procedure or algorithm which produces a cipher-text for any specified plaintext. Inputs it takes are the plain text and the key.

10. ____________________ is a mathematical algorithm that produces a unique plain text for a given cipher text along with a decryption key.
a) Decryption Algorithm
b) Hashing Algorithm
c) Tuning Algorithm
d) Encryption Algorithm

Answer: a
Clarification: Decryption Algorithm is a mathematical algorithm that produces a unique plain text for a given cipher text along with a decryption key. Inputs it takes are the cipher-text & the decryption key.

11. A set of all probable decryption keys are collectively termed as ____________
a) key-stack
b) key bunch
c) key space
d) key pack

Answer: c
Clarification: A set of all probable decryption keys are collectively termed as key space. A mathematical algorithm which produces a unique plain text for a given cipher text along with a decryption key is called a decryption algorithm.

12. Encryption-decryption in cryptosystem is done in ______ ways.
a) 4
b) 3
c) 5
d) 2

Answer: d
Clarification: Cryptosystem which is also known as cipher system is the execution of cryptographic algorithms & techniques. Encryption-decryption in a cryptosystem is done in two ways. These are by Symmetric Key Encryption and by Asymmetric Key Encryption.

13. In _____________________ same keys are implemented for encrypting as well as decrypting the information.
a) Symmetric Key Encryption
b) Asymmetric Key Encryption
c) Asymmetric Key Decryption
d) Hash-based Key Encryption

Answer: a
Clarification: Encryption-decryption in a cryptosystem is done in two ways. These are by Symmetric Key Encryption and by Asymmetric Key Encryption. In Symmetric Key Encryption, same keys are implemented for encrypting as well as decrypting the information.

14. In __________________ 2 different keys are implemented for encrypting as well as decrypting that particular information.
a) Symmetric Key Encryption
b) Asymmetric Key Encryption
c) Asymmetric Key Decryption
d) Hash-based Key Encryption

Answer: b
Clarification: In Asymmetric Key Encryption 2 different keys are implemented for encrypting as well as decrypting that particular information. Inputs it takes are the plain text and 2 different key.

15. A set of all probable decryption keys are collectively termed as key space.
a) True
b) False

Answer: a
Clarification: Decryption Algorithm is a mathematical algorithm that produces a unique plain text for a given cipher text along with a decryption key. A set of all probable decryption keys are collectively termed as key space.

Cyber Security Multiple Choice Questions on “Generic Steps for Security”.

1. How many basic processes or steps are there in ethical hacking?
a) 4
b) 5
c) 6
d) 7

Answer: c
Clarification: According to the standard ethical hacking standards, the entire process of hacking can be divided into 6 steps or phases. These are: Reconnaissance, Scanning, Gaining Access, Maintaining Access, Tracks clearing, reporting.

2. ____________ is the information gathering phase in ethical hacking from the target user.
a) Reconnaissance
b) Scanning
c) Gaining access
d) Maintaining access

Answer: a
Clarification: Reconnaissance is the phase where the ethical hacker tries to gather different kinds of information about the target user or the victim’s system.

3. Which of the following is not a reconnaissance tool or technique for information gathering?
a) Hping
b) NMAP
c) Google Dorks
d) Nexpose

Answer: d
Clarification: Hping, NMAP & Google Dorks are tools and techniques for reconnaissance. Nexpose is a tool for scanning the network for vulnerabilities.

4. There are ______ subtypes of reconnaissance.
a) 2
b) 3
c) 4
d) 5

Answer: a
Clarification: Reconnaissance can be done in two different ways. 1^st, Active Reconnaissance which involves interacting with the target user or system directly in order to gain information; 2^nd, Passive Reconnaissance, where information gathering from target user is done indirectly without interacting with the target user or system.

5. Which of the following is an example of active reconnaissance?
a) Searching public records
b) Telephone calls as a help desk or fake customer care person
c) Looking for the target’s details in the database
d) Searching the target’s details in paper files

Answer: b
Clarification: As active reconnaissance is all about interacting with target victim directly, hence telephonic calls as a legitimate customer care person or help desk person, the attacker can get more information about the target user.

6. Which of the following is an example of passive reconnaissance?
a) Telephonic calls to target victim
b) Attacker as a fake person for Help Desk support
c) Talk to the target user in person
d) Search about target records in online people database

Answer: d
Clarification: Passive reconnaissance is all about acquiring of information about the target indirectly, hence searching any information about the target on online people database is an example of passive reconnaissance.

7. ________ phase in ethical hacking is known as the pre-attack phase.
a) Reconnaissance
b) Scanning
c) Gaining access
d) Maintaining access

Answer: b
Clarification: In the scanning phase, the hacker actively scans for the vulnerabilities or specific information in the network which can be exploited.

8. While looking for a single entry point where penetration testers can test the vulnerability, they use ______ phase of ethical hacking.
a) Reconnaissance
b) Scanning
c) Gaining access
d) Maintaining access

Answer: b
Clarification: Scanning is done to look for entry points in a network or system in order to launch an attack and check whether the system is penetrable or not.

9. Which of them does not comes under scanning methodologies?
a) Vulnerability scanning
b) Sweeping
c) Port Scanning
d) Google Dorks

Answer: d
Clarification: Google dork is used for reconnaissance, which uses special search queries for narrowing down the search results. The rest three scanning methodologies are used for scanning ports (logical), and network vulnerabilities.

10. Which of them is not a scanning tool?
a) NMAP
b) Nexpose
c) Maltego
d) Nessus

Answer: c
Clarification: NMAP is used for both reconnaissance and scanning purposes. Nepose and Nessus are fully scanning tool. Maltego is an example of a reconnaissance tool used for acquiring information about target user.

11. Which of the following comes after scanning phase in ethical hacking?
a) Scanning
b) Maintaining access
c) Reconnaissance
d) Gaining access

Answer: d
Clarification: Gaining access is the next step after scanning. Once the scanning tools are used to look for flaws in a system, it is the next phase where the ethical hackers or penetration testers have to technically gain access to a network or system.

12. In __________ phase the hacker exploits the network or system vulnerabilities.
a) Scanning
b) Maintaining access
c) Reconnaissance
d) Gaining access

Answer: d
Clarification: Penetration testers after scanning the system or network tries to exploit the flaw of the system or network in “gaining access” phase.

13. Which of the following is not done in gaining access phase?
a) Tunnelling
b) Buffer overflow
c) Session hijacking
d) Password cracking

Answer: a
Clarification: Tunnelling is a method that is followed to cover tracks created by attackers and erasing digital footprints. Buffer overflow, session hijacking and password cracking are examples of gaining access to test the flaw in system or network.

14. Which of the below-mentioned penetration testing tool is popularly used in gaining access phase?
a) Maltego
b) NMAP
c) Metasploit
d) Nessus

Answer: c
Clarification: Metasploit is a framework and the most widely used penetration testing tool used by ethical hackers for testing the vulnerabilities in a system or network.