Cyber Security Multiple Choice Questions on “Generic Steps for Security”.
1. How many basic processes or steps are there in ethical hacking?
a) 4
b) 5
c) 6
d) 7
Answer: c
Clarification: According to the standard ethical hacking standards, the entire process of hacking can be divided into 6 steps or phases. These are: Reconnaissance, Scanning, Gaining Access, Maintaining Access, Tracks clearing, reporting.
2. ____________ is the information gathering phase in ethical hacking from the target user.
a) Reconnaissance
b) Scanning
c) Gaining access
d) Maintaining access
Answer: a
Clarification: Reconnaissance is the phase where the ethical hacker tries to gather different kinds of information about the target user or the victim’s system.
3. Which of the following is not a reconnaissance tool or technique for information gathering?
a) Hping
b) NMAP
c) Google Dorks
d) Nexpose
Answer: d
Clarification: Hping, NMAP & Google Dorks are tools and techniques for reconnaissance. Nexpose is a tool for scanning the network for vulnerabilities.
4. There are ______ subtypes of reconnaissance.
a) 2
b) 3
c) 4
d) 5
Answer: a
Clarification: Reconnaissance can be done in two different ways. 1st, Active Reconnaissance which involves interacting with the target user or system directly in order to gain information; 2nd, Passive Reconnaissance, where information gathering from target user is done indirectly without interacting with the target user or system.
5. Which of the following is an example of active reconnaissance?
a) Searching public records
b) Telephone calls as a help desk or fake customer care person
c) Looking for the target’s details in the database
d) Searching the target’s details in paper files
Answer: b
Clarification: As active reconnaissance is all about interacting with target victim directly, hence telephonic calls as a legitimate customer care person or help desk person, the attacker can get more information about the target user.
6. Which of the following is an example of passive reconnaissance?
a) Telephonic calls to target victim
b) Attacker as a fake person for Help Desk support
c) Talk to the target user in person
d) Search about target records in online people database
Answer: d
Clarification: Passive reconnaissance is all about acquiring of information about the target indirectly, hence searching any information about the target on online people database is an example of passive reconnaissance.
7. ________ phase in ethical hacking is known as the pre-attack phase.
a) Reconnaissance
b) Scanning
c) Gaining access
d) Maintaining access
Answer: b
Clarification: In the scanning phase, the hacker actively scans for the vulnerabilities or specific information in the network which can be exploited.
8. While looking for a single entry point where penetration testers can test the vulnerability, they use ______ phase of ethical hacking.
a) Reconnaissance
b) Scanning
c) Gaining access
d) Maintaining access
Answer: b
Clarification: Scanning is done to look for entry points in a network or system in order to launch an attack and check whether the system is penetrable or not.
9. Which of them does not comes under scanning methodologies?
a) Vulnerability scanning
b) Sweeping
c) Port Scanning
d) Google Dorks
Answer: d
Clarification: Google dork is used for reconnaissance, which uses special search queries for narrowing down the search results. The rest three scanning methodologies are used for scanning ports (logical), and network vulnerabilities.
10. Which of them is not a scanning tool?
a) NMAP
b) Nexpose
c) Maltego
d) Nessus
Answer: c
Clarification: NMAP is used for both reconnaissance and scanning purposes. Nepose and Nessus are fully scanning tool. Maltego is an example of a reconnaissance tool used for acquiring information about target user.
11. Which of the following comes after scanning phase in ethical hacking?
a) Scanning
b) Maintaining access
c) Reconnaissance
d) Gaining access
Answer: d
Clarification: Gaining access is the next step after scanning. Once the scanning tools are used to look for flaws in a system, it is the next phase where the ethical hackers or penetration testers have to technically gain access to a network or system.
12. In __________ phase the hacker exploits the network or system vulnerabilities.
a) Scanning
b) Maintaining access
c) Reconnaissance
d) Gaining access
Answer: d
Clarification: Penetration testers after scanning the system or network tries to exploit the flaw of the system or network in “gaining access” phase.
13. Which of the following is not done in gaining access phase?
a) Tunnelling
b) Buffer overflow
c) Session hijacking
d) Password cracking
Answer: a
Clarification: Tunnelling is a method that is followed to cover tracks created by attackers and erasing digital footprints. Buffer overflow, session hijacking and password cracking are examples of gaining access to test the flaw in system or network.
14. Which of the below-mentioned penetration testing tool is popularly used in gaining access phase?
a) Maltego
b) NMAP
c) Metasploit
d) Nessus
Answer: c
Clarification: Metasploit is a framework and the most widely used penetration testing tool used by ethical hackers for testing the vulnerabilities in a system or network.