Category: Cyber Security Objective Questions

Cyber Security online quiz on “Information Gathering Phase & Techniques”.

1. ____________ is the term used for gathering information about your competitors from online resources, researches, and newsgroups.
a) Competitive Intelligence gathering
b) Cognitive Intelligence gathering
c) Cyber Intelligence gathering
d) Competitors Info gathering

Answer: a
Clarification: Competitive Intelligence gathering is the term used for gathering information about your competitors from online resources, researches, and newsgroups. The competitive intelligence gathering is non-interfering & subtle in nature.

2. The ______________ intelligence gathering is non-interfering & subtle in nature.
a) cognitive
b) competitive
c) cyber
d) concrete

Answer: b
Clarification: Competitive Intelligence gathering is the term used for gathering information about your competitors from online resources, researches, and newsgroups. The competitive intelligence gathering is non-interfering & subtle in nature.

3. In the world of data, where data is considered the oil and fuel of modern technology _____________ is both a product and a process.
a) Competitive Intelligence gathering
b) Cognitive Intelligence gathering
c) Cyber Intelligence gathering
d) Competitors Info gathering

Answer: a
Clarification: In the world of data, where data is considered the oil and fuel of modern technology, Competitive Intelligence gathering is both a product and a process.

4. Which of them is not a proper step in competitive intelligence data processing?
a) Data gathering
b) Data analysis
c) Information security
d) Network analysis

Answer: d
Clarification: In the world of data, where data is considered the oil and fuel of modern technology, Competitive Intelligence gathering is both a product and a process which comprises of some predefined steps to handle data. These are data gathering, analysis, verification, and security.

5. Which one of the following is a proper step in competitive intelligence data processing?
a) Competitors’ data compromising
b) Data hacking
c) Data analysis
d) Competitors’ data stealing

Answer: c
Clarification: In the world of data, where data is considered the oil and fuel of modern technology, Competitive Intelligence gathering is both a product and a process which comprises of some specific steps to handle data. These are data gathering, analysis, verification, and security.

6. There are __________ types of cognitive hacking and information gathering which is based on the source type, from where data is fetched.
a) 6
b) 5
c) 4
d) 3

Answer: d
Clarification: There are two types of cognitive hacking and information gathering which are based on the source type, from where data is fetched. These are single source & multiple sources.

7. ______________ is important to grab a quick understanding and analyzing about your competitors or target user’s need.
a) Competitive Intelligence gathering
b) Cognitive Intelligence gathering
c) Cyber Intelligence gathering
d) Competitors Info gathering

Answer: a
Clarification: In the world of data, where data is considered the oil and fuel of modern technology, Competitive Intelligence gathering is both a product and a process. Hackers are hired with skills for gathering competitive knowledge so that data analysts can analyze those for further understanding of products.

8. Which of them is not a reason for competitive information gathering?
a) Compare your product with competitors
b) Analyze the market position of yours with competitors
c) Fetching confidential plans about your competitors
d) Pull out a list of your competitive firms in the market

Answer: c
Clarification: Fetching confidential plans about your competitors’ is not the work of ethical hackers hired for competitive information gathering. Also fetching such type of confidential information is a crime.

9. Competitive information gathering if done in the form of active attack using malware or by other illicit means can put your hired hacker or your company at stake.
a) True
b) False

Answer: a
Clarification: By the name of competitive information gathering if done in the form of active attack using malware or by other illicit means can put your hired hacker or your company at stake. It’s a cyber-crime also.

10. Predict and analyze the tactics of competitors from data taken out from online data sources is a crime.
a) True
b) False

Answer: b
Clarification: Predict and analyze the tactics of competitors from data taken out from online data sources is a crime. In the world of data, where data is considered the oil and fuel of modern technology. It can be done using competitive intelligence gathering techniques.

11. https://www.bidigital.com/ci/ is a website which is used for _________________
a) Competitive Intelligence gathering
b) Cognitive Intelligence gathering
c) Cyber Intelligence gathering
d) Competitors Info gathering

Answer: a
Clarification: In the world of data, where data is considered the oil and fuel of modern technology, Competitive Intelligence gathering is both a product and a process. https://www.bidigital.com/ci/ is a website which is used for such purpose.

12. Which of the following is a site used for Competitive Intelligence gathering?
a) https://www.bidigital.gov/
b) https://www.cig.com/ci/
c) https://www.coginfo.com/ci/
d) https://www.bidigital.com/ci/

Answer: d
Clarification: In the world of data, where data is considered the oil and fuel of modern technology, Competitive Intelligence gathering is both a product and a process. https://www.bidigital.com/ci/ is a website which is used for such purpose.

13. Which of the following is not an example of a firm that provides info regarding competitive intelligence gathering?
a) Carratu International
b) CI Center
c) Microsoft CI
d) Marven Consulting Group

Answer: c
Clarification: Carratu International, CI Center, Marven Consulting Group, Lubrinco Pvt Ltd. are some of the names of firms and companies that provide info regarding competitive intelligence gathering.

14. Using _____________ for doing competitive information gathering is a crime.
a) Spyware
b) Antivirus
c) Anti-malware
d) Adware

Answer: a
Clarification: By the name of competitive information gathering if done in the form of active attack using malware or by other illicit means can put your hired hacker or your company at stake. It’s a cyber-crime.

15. Competitive Intelligence gathering is both a ___________ and a ____________
a) process, product
b) process, item
c) product & data to sell to 3rd party
d) data to sell to a 3rd party and a product

Answer: a
Clarification: In the world of data, where data is considered the oil and fuel of modern technology, Competitive Intelligence gathering is both a product and a process which comprises of some predefined steps to handle data.

Tricky Cyber Security Questions and Answers on “Attack Vectors – Phishing and its Types”.

1. ______________ is an internet scam done by cyber-criminals where the user is convinced digitally to provide confidential information.
a) Phishing attack
b) DoS attack
c) Website attack
d) MiTM attack

Answer: a
Clarification: Phishing is an internet scam done by cyber-criminals where the user is convinced digitally to provide confidential information. There are different types of phishing. Some of them redirect the user to different sites via emails & spyware.

2. In _______________ some cyber-criminals redirect the legitimate users to different phishing sites and web pages via emails, IMs, ads and spyware.
a) URL Redirection
b) DoS
c) Phishing
d) MiTM attack

Answer: c
Clarification: Phishing is an internet scam done by hackers to provide classified information. In some of them, cyber-criminals redirect the users to different sites via emails, IMs, and ads.

3. Phishers often develop ______________ websites for tricking users & filling their personal data.
a) legitimate
b) illegitimate
c) genuine
d) official

Answer: b
Clarification: Phishing is a category of social engineering attack that is used to steal user data. Phishers often develop illegitimate websites for tricking users & filling their personal data.

4. Which of the following type of data, phishers cannot steal from its target victims?
a) bank details
b) phone number
c) passwords
d) apps installed in the mobile

Answer: d
Clarification: Phishers often develop illegitimate websites for tricking users & filling their personal data such as bank account details, phone number, address, username, and passwords etc.

5. Algorithm-Based Phishing was developed in the year __________
a) 1988
b) 1989
c) 1990
d) 1991

Answer: c
Clarification: Algorithm-Based Phishing was developed in the year 1990 where the first team of phishers developed an algorithm for generating random credit card numbers for getting an original card’s match.

6. ______________ was the first type of phishing where the phishers developed an algorithm for generating random credit card numbers.
a) Algo-based phishing
b) Email-based phishing
c) Domain Phishing
d) Vishing

Answer: a
Clarification: Phishing is a category of social engineering attack. In Algorithm-Based Phishing, an algorithm for generating random credit card numbers for getting an original card’s match.

7. Email Phishing came into origin in the year __________
a) 1990
b) 2000
c) 2005
d) 2015

Answer: b
Clarification: Email Phishing came into origin in the year 2000 which is more tech-savvy. Here the email is created as if it has been sent from a legitimate source with a legitimate link to its official website.

8. _________________ type of phishing became very popular as if it has been sent from a legitimate source with a legitimate link to its official website.
a) Algo-based phishing
b) Email-based phishing
c) Domain Phishing
d) Vishing

Answer: b
Clarification: In email phishing, the email is fashioned as if it has been sent from a legitimate source with a legitimate link to its official website. It came into origin in the year 2000.

9. _____________ refers to phishing performed over smart-phone by calling.
a) Algo-based phishing
b) Email-based phishing
c) Domain Phishing
d) Vishing

Answer: d
Clarification: Phishers often develop illegitimate websites for tricking users & filling their personal data. Vishing refers to phishing performed over smart-phone by calling. As the phishing is done through voice so it is called vishing = voice + phishing.

10. _____________ = voice + phishing.
a) Algo-based phishing
b) Vishing
c) Domain Phishing
d) Email-based phishing

Answer: b
Clarification: Phishing occurs when a cyber-criminal masquerade as a trusted entity. Vishing refers to phishing performed where the phishing is done through voice hence called vishing = voice + phishing.

11. Victims of phishing are mostly ___________________
a) Tech enthusiast
b) Professional computer engineers
c) Lack of computer knowledge
d) Lack of management skill

Answer: c
Clarification: Phishers often develop illegitimate websites for tricking users & filling their personal data. Victims of such type of attacks are those users with lack of computer knowledge.

12. ___________________ is usually targeted by nature where the emails are exclusively designed to target any exact user.
a) Algo-based phishing
b) Vishing
c) Domain Phishing
d) Spear phishing

Answer: d
Clarification: In spear phishing, hackers usually targeted specifically where the emails are exclusively designed to target any particular user. It occurs when an attacker masquerades the victim a trusted party.

13. ____________ or smishing is one of the simplest types of phishing where the target victims may get a fake order detail with a cancellation link.
a) Algo-based phishing
b) SMS phishing
c) Domain Phishing
d) Spear phishing

Answer: b
Clarification: SMS phishing or Smishing is one of the simplest types of phishing where the target victims may get a fake order detail with a cancellation link or any other link that leads you to a malicious link.

14. ________________ phishing is that type of phishing where the construction of a fake webpage is done for targeting definite keywords & waiting for the searcher to land on the fake webpage.
a) Voice
b) SMS
c) Search engine
d) Email

Answer: c
Clarification: Search engine phishing is that type of phishing where the construction of a fake webpage is done for targeting definite keywords & waiting for the searcher to land on the fake webpage.

15. Which of the following is not an example or type of phishing?
a) Spear phishing
b) Deceptive phishing
c) Whaling
d) Monkey in the Middle

Answer: d
Clarification: Phishing is an internet scam done by cyber-criminals where the user is convinced digitally to provide confidential information. There are different types of phishing. Some of them are Spear phishing, deceptive phishing, whaling, pharming, vishing.

16. Which of the following is not an example or type of phishing?
a) Tracking
b) Vishing
c) Smishing
d) Pharming

Answer: a
Clarification: A popular internet scam done by black hat hackers and crackers to grab confidential information by masquerading is the phishing technique. Smishing, email phishing, whaling, pharming, vishing are some popular types of phishing.

Basic Cyber Security Questions and Answers on “Cryptography – Steganography for Security”.

1. _____________ is another data hiding technique which can be used in conjunction with cryptography for the extra-secure method of protecting data.
a) Cryptography
b) Steganography
c) Tomography
d) Chorography

Answer: b
Clarification: Steganography is the technique of hiding data in another raw data. Steganography is another data hiding technique which can be used in conjunction with cryptography for an extra-secure method of protecting data.

2. _____________ is hiding of data within data, where we can hide images, text, and other messages within images, videos, music or recording files.
a) Cryptography
b) Tomography
c) Steganography
d) Chorography

Answer: c
Clarification: Steganography helps in hiding any form of data within data, where we can hide images, text, and other messages within images, videos, music or recording files.

3. Steganography follows the concept of security through obscurity.
a) True
b) False

Answer: a
Clarification: Hiding of data within another data through obscurity is called steganography. It is another data hiding technique which can be used in conjunction with cryptography for an extra-secure method of protecting data.

4. The word ________________is a combination of the Greek words ‘steganos’ which means “covered or concealed”, and ‘graphein’ which means “writing”.
a) Cryptography
b) Tomography
c) Steganography
d) Chorography

Answer: c
Clarification: The word steganography is a combination of the Greek words ‘steganos’ which means “covered or concealed”, and ‘graphein’ which means “writing”. Steganography is hiding of data within data, where we can hide images, text, and other messages within images, videos, music or recording files.

5. A ________________ tool permits security professional or a hacker to embed hidden data within a carrier file like an image or video which can later be extracted from them.
a) Cryptography
b) Tomography
c) Chorography
d) Steganography

Answer: d
Clarification: A steganography tool is a software tool that permits a security professional or a hacker to embed hidden data within a carrier file like an image or video which can later be extracted from them.

6. Which of the following is not a steganography tool?
a) Xaio steganography
b) Image steganography
c) ReaperExploit
d) Steghide

Answer: c
Clarification: ReaperExploit is not a steganography tool that permits security through obscurity. Xaio steganography, image steganography, Steghide etc are examples of such tools.

7. Which of the following is not a steganography tool?
a) Crypture
b) SteganographX Plus
c) rSteg
d) Burp Suite

Answer: d
Clarification: There are some software tools that helps hackers to embed hidden data within a which can later be extracted from them. SSuite Picsel, rSteg, SteganographX Plus, and crypture are examples of such tools.

8. The main motive for using steganography is that hackers or other users can hide a secret message behind a ______________
a) special file
b) ordinary file
c) program file
d) encrypted file

Answer: b
Clarification: The main motive for using steganography is that hackers or other users can hide a secret message behind ordinary files. Some steganography tools are SSuite Picsel, rSteg etc.

9. People will normally think it as a normal/regular file and your secret message will pass on without any _______________
a) suspicion
b) decryption
c) encryption
d) cracking

Answer: a
Clarification: Steganography techniques help hackers or other users to conceal covert message behind regular files. People will normally think it as a normal/regular file and your secret message will pass on without any suspicion.

10. By using ______________ you can diminish the chance of data leakage.
a) Cryptography
b) Tomography
c) Chorography
d) Steganography

Answer: d
Clarification: Hackers or other cyber criminals target ordinary files to hide different data or information within another data file. By using steganography, you can diminish the chance of data leakage.

Cyber Security Multiple Choice Questions on “Social Engineering and Physical Hacking”.

1. ___________ is a special form of attack using which hackers’ exploit – human psychology.
a) Cross Site Scripting
b) Insecure network
c) Social Engineering
d) Reverse Engineering

Answer: c
Clarification: Using social engineering techniques, hackers try to exploit the victim’s mind to gain valuable information about that person such as his/her phone number, date of birth, pet name etc.

2. Which of the following do not comes under Social Engineering?
a) Tailgating
b) Phishing
c) Pretexting
d) Spamming

Answer: d
Clarification: Spamming is the attack technique where the same message is sent indiscriminately repeatedly in order to overload the inbox or harm the user.

3. _________ involves scams where an individual (usually an attacker) lie to a person (the target victim) to acquire privilege data.
a) Phishing
b) Pretexting
c) Spamming
d) Vishing

Answer: b
Clarification: In the pretexting technique of social engineering, the attacker pretends in need of legitimate information from the victim for confirming his/her identity.

4. Which of the following is the technique used to look for information in trash or around dustbin container?
a) Pretexting
b) Baiting
c) Quid Pro Quo
d) Dumpster diving

Answer: d
Clarification: In the technology world, where information about a person seems everywhere; dumpster diving is the name of the technique where the attacker looks for information in dustbins and trashes. For example, after withdrawing money from ATM, the user usually throw the receipt in which the total amount and account details are mentioned. These type of information becomes helpful to a hacker, for which they use dumpster diving.

5. Which of the following is not an example of social engineering?
a) Dumpster diving
b) Shoulder surfing
c) Carding
d) Spear phishing

Answer: c
Clarification: Carding is the method of trafficking of bank details, credit cards or other financial information over the internet. Hence it’s a fraudulent technique used by hackers and does not comes under social engineering.

6. In a phishing, attackers target the ________ technology to so social engineering.
a) Emails
b) WI-FI network
c) Operating systems
d) Surveillance camera

Answer: a
Clarification: In a phishing attack, the attacker fraudulently attempts to obtain sensitive data (such as username & passwords) of the target user and use emails to send fake links which redirect them to a fake webpage which looks legitimate.

7. Tailgating is also termed as ___________
a) Piggybacking
b) Pretexting
c) Phishing
d) Baiting

Answer: a
Clarification: Piggybacking is the technique used for social engineering, as the attacker or unauthorized person/individual follows behind an authorized person/employee & gets into an authorized area to observe the system, gain confidential data or for a fraudulent purpose.

8. Physical hacking is not at all possible in hospitals, banks, private firms, and non-profit organizations.
a) True
b) False

Answer: b
Clarification: Physical hacking, like other types of hacking, is possible in any institutions, organizations, clinics, private firms, banks or any other financial institutions. Hence, the above statement is false.

9. Stealing pen drives and DVDs after tailgating is an example of lack of _______ security.
a) network security
b) physical security
c) database security
d) wireless security

Answer: b
Clarification: When cyber-criminal gain access to an authorized area and steal pen drives and DVDs which contain sensitive information about an employee or about the organization, then it can be said that the physical security of the organization is weak.

10. ________ is the ability of an individual to gain physical access to an authorized area.
a) Network accessing
b) Database accessing
c) Remote accessing
d) Physical accessing

Answer: d
Clarification: Physical accessing without prior security checking is the ability of a person to gain access to any authorized area. Physical accessing is done using piggybacking or any other suspicious means.

11. Which of the following is not considering the adequate measure for physical security?
a) Lock the drawers
b) Keep strong passwords for corporate laptops and mobile phones
c) Keep confidential organization’s document file open in the desk
d) Hide your hand against camera while inserting the PIN code

Answer: c
Clarification: Keeping confidential files left open in the desk is not an adequate way of maintaining physical security; as anyone can pick these up and perform physical hacking.

12. Which of the following is not a physical security measure to protect against physical hacking?
a) Add front desk & restrict unknown access to the back room
b) Create a phishing policy
c) Analyze how employees maintain their physical data and data storage peripheral devices
d) Updating the patches in the software you’re working at your office laptop.

Answer: d
Clarification: Updating the patches in your working software does not come under security measures for physical hacking. Updating the patches will help your software get free from bugs and flaws in an application as they get a fix when patches are updated.

13. IT security department must periodically check for security logs and entries made during office hours.
a) True
b) False

Answer: a
Clarification: Checking for security logs and entries made by employees and other outsiders who entered the office can help in identifying whether any suspicious person is getting in and out of the building or not.

14. Which of them is not an example of physical hacking?
a) Walk-in using piggybacking
b) Sneak-in
c) Break-in and steal
d) Phishing

Answer: d
Clarification: Phishing does not come under physical security. Walk-in without proper authorization, sneaking in through glass windows or other means and breaking in and stealing sensitive documents are examples of physical hacking.

15. Physical _________ is important to check & test for possible physical breaches.
a) penetration test
b) security check
c) hacking
d) access

Answer: a
Clarification: Physical penetration test is important in order to check for the possible physical security breaches. Usually corporate firms and organizations stay busy in securing the networks and data and penetration testers are hired for data and network pentesting, but physical security breach can also equally hamper.

Cyber Security Multiple Choice Questions on “Exploits and Exploitation”.

1. ________________ are piece of programs or scripts that allow hackers to take control over any system.
a) Exploits
b) Antivirus
c) Firewall by-passers
d) Worms

Answer: a
Clarification: Exploits are the piece of programs or scripts that allow hackers to take control over any system. Vulnerability scanners such as Nexpose and Nessus are used for finding such vulnerabilities.

2. The process of finding vulnerabilities and exploiting them using exploitable scripts or programs are known as _____________
a) infiltrating
b) exploitation
c) cracking
d) hacking

Answer: b
Clarification: The process of finding vulnerabilities and exploiting them using exploitable scripts or programs are known as exploitation. Vulnerability scanners such as Nexpose and Nessus are used for finding such vulnerabilities and then they are exploited using such programs and scripts.

3. Which of them is not a powerful vulnerability detecting tool?
a) Nessus
b) Nexpose
c) Metasploit
d) Nmap

Answer: d
Clarification: Some of the most widely used tools for detecting vulnerabilities in a system are Nessus, Nexpose, Metasploit and OpenVAS. Hackers use these tools for detecting vulnerabilities and then write exploits to exploit the systems.

4. __________ is the specific search engine for exploits where anyone can find all the exploits associated to vulnerability.
a) Google
b) Bing
c) Exploit-db
d) Exploit-engine

Answer: c
Clarification: Since based on vulnerabilities, we can find exploits, Exploit-db is the specific search engine for exploits where anyone can find all the exploits associated with vulnerability. You can find this from https://www.exploit-db.com.

5. Which of the following are not a vulnerability-listed site/database?
a) Exploit-db
b) Common Vulnerabilities and Exposures (CVE)
c) National Vulnerability Database (NVD)
d) Bing Vulnerability database (BVD)

Answer: d
Clarification: Exploit-db (https://www.exploit-db.com/), Common Vulnerabilities and Exposures (CVE) (https://cve.mitre.org/), and National Vulnerability Database (NVD) (https://nvd.nist.gov/) are three vulnerability listing site.

6. There are __________ types of exploits based on their working.
a) two
b) three
c) four
d) five

Answer: a
Clarification: There are two different types of exploits. These are remote exploits – where hackers can gain access to the system or network remotely, and local exploits – where the hacker need to access the system physically and overpass the rights.

7. How many types of exploits are there based on their nature from hacking’s perspective?
a) 4
b) 3
c) 2
d) 5

Answer: c
Clarification: There are basically 2 types of exploits based on the nature of their existence and knowledge. These are known and unknown (i.e. Zero Day). Known exploits are those that are released publicly and people know about them. Unknown exploits are such type of exploits that are not known or the bugs are not fixed by vendors or owners.

8. Known exploits have a confirmation of and measures can be taken against it to resolve them.
a) True
b) False

Answer: a
Clarification: Known exploits have a confirmation of and measures can be taken against it to resolve them. These types of vulnerabilities and exploit details are available online in blogs and sites.

9. Unknown exploits are those exploits that have not yet been reported openly and hence present a straightforward attack at firms and the government agencies.
a) True
b) False

Answer: a
Clarification: Unknown exploits are those exploits that have not yet been reported openly and hence present a straightforward attack at firms and the government agencies. They’re also called Zero-day exploits.

10. A ____________ is a set of changes done to any program or its associated data designed for updating, fixing, or improving it.
a) scratch
b) patch
c) fixer
d) resolver

Answer: b
Clarification: The term ‘patch’ in the applied computer science is a set of changes done to any program or its associated data designed for updating, fixing, or improving it. Patch releases are done by vendors to solve any bug in a system.

11. Fixing of security vulnerabilities in a system by additional programs is known as __________ patches.
a) hacking
b) database
c) server
d) security

Answer: d
Clarification: Fixing of security vulnerabilities in a system by additional programs is known as security patches. These type of patches helps in fixing security bugs and improving the overall security of the system.

12. Known bugs can be solved or removed by __________________ develop by the vendors of the application.
a) removing the application
b) changing the software
c) installing security patches
d) installing database patches

Answer: c
Clarification: Known bugs and vulnerabilities of a system can be solved or installing or updating the security patches developed by the vendor or owner of that particular application.

13. ___________________ are some very frequent updates that come for every anti-virus.
a) Patch update
b) Data update
c) Code update
d) Definition update

Answer: d
Clarification: Definition updates are some very frequent updates that come for every anti-virus. These updates are frequently rolled out in order to update your antivirus software with the latest releases of attack vectors and bugs.

14. National Vulnerability Database (NVD) is _________________ repository of data regarding vulnerability standards.
a) U.S. government
b) India government
c) Russian government
d) China Government

Answer: a
Clarification: National Vulnerability Database (NVD) is the US government repository of data regarding vulnerability standards. It is available from the link https://nvd.nist.gov.

15. CVE is a directory of lists of publicly recognized information security vulnerabilities as well as exposures.
a) True
b) False

Answer: a
Clarification: CVE is a directory of lists of publicly recognized information security vulnerabilities as well as exposures. It is available from the link https://cve.mitre.org.

Cyber Security Multiple Choice Questions on “Scanning Phase for Security”.

1. There are _______ types of scanning.
a) 2
b) 3
c) 4
d) 5

Answer: b
Clarification: There are a total of three types of scanning in ethical hacking and cyber-security. These are vulnerability scanning, network scanning & port scanning.

2. Which of the following is not an objective of scanning?
a) Detection of the live system running on network
b) Discovering the IP address of the target system
c) Discovering the services running on target system
d) Detection of spyware in a system

Answer: d
Clarification: Detection of the live system running on the network, discovering the IP address of the target system, & discovering the services running on the target system are some of the objectives of scanning.

3. For discovering the OS running on the target system, the scanning has a specific term. What is it?
a) Footprinting
b) 3D Printing
c) Fingerprinting
d) screen-printing

Answer: c
Clarification: Fingerprinting is the name of that specific type of scanning For discovering the OS running on the target system in a network which comes under OS scanning technique.

4. Which of them is not a scanning methodology?
a) Check for live systems
b) Check for open ports
c) Identifying the malware in the system
d) Identifying of services

Answer: c
Clarification: Check for live systems, open ports and identification of services running on the systems are some of the steps and methodologies used in scanning.

5. ICMP scanning is used to scan _______________
a) open systems
b) live systems
c) malfunctioned systems
d) broken systems

Answer: b
Clarification: Check for live systems, open ports and identification of services running on the systems are some of the steps and methodologies used in scanning. ICMP scanning is used for checking live systems.

6. In live system scanning, it is checked which hosts are up in the network by pinging the systems in the network.
a) True
b) False

Answer: a
Clarification: Check for live systems, open ports and identification of services running on the systems are some of the steps and methodologies used in scanning. In live system scanning, it is checked which hosts are up in the network by pinging the systems in the network.

7. ________ attribute is used to tweak the ping timeout value.
a) -time
b) -t
c) -p
d) -tout

Answer: b
Clarification: -t attribute is used while pinging any system to tweak the ping timeout value. It is an example of live system scanning, to check which hosts are up in the network by pinging the systems in the network.

8. Which of them do not comes under NETBIOS information?
a) Name of the system / PC
b) Workgroup name
c) MAC address
d) RAM space

Answer: d
Clarification: Scanning using IP address simply pings each IP address for checking if it is live or not. This helps in providing NETBIOS information such as the name of the system, workgroup and MAC address.

9. A ______________ is a simple network scanning technique used for determining which range of IP address map to live hosts.
a) scan sweep
b) ping sweep
c) scan ping
d) host ping

Answer: b
Clarification: A ping sweep is a simple network scanning technique used for determining which range of IP address map to live hosts. The ping sweep consists of ICMP ECHO requests.

10. Ping sweep is also known as ________________
a) ICMP Sweep
b) ICMP Call
c) IGMP Sweep
d) ICMP pinging

Answer: a
Clarification: Ping sweep is also known as ICMP sweep is a simple network scanning technique used for determining which range of IP address map to live hosts. The ping sweep consists of ICMP ECHO requests.

11. If any given address is running live, it will return an ICMP ECHO reply.
a) True
b) False

Answer: a
Clarification: ICMP sweep is a simple network scanning technique used for determining which range of IP address map to live hosts. The ping sweep consists of ICMP ECHO requests. If any given address is running live, it will return an ICMP ECHO reply.

12. __________ scanning is done when a series of messages are sent by someone keeping in mind to break into a computer.
a) Network
b) Port
c) Vulnerability
d) System

Answer: b
Clarification: Scanning is done when a series of messages are sent by someone keeping in mind to break into a computer to learn about computer network services.

13. ____________ scanning is a procedure to identify active hosts on your network.
a) Network
b) Port
c) Vulnerability
d) System

Answer: a
Clarification: Network scanning is a procedure to identify active hosts on your network. It is done with the intention to either attack your system or for security purposes by ethical hackers.

14. _____________ scanning is an automatic process for identifying vulnerabilities of the system within a network.
a) Network
b) Port
c) Vulnerability
d) System

Answer: c
Clarification: Vulnerability scanning is an automatic process for identifying vulnerabilities of a computing system within a network. It is one of the popular scanning methodologies.

15. Which of them is not a standard scanning type or terminology?
a) Network
b) Port
c) Vulnerability
d) System

Answer: d
Clarification: There are a total of three types of scanning in ethical hacking and cyber-security. These are vulnerability scanning, network scanning & port scanning. System scanning is not a standard terminology or type of scanning.