Ethical Hacking Fundamentals
Practice Questions
Course Introduction
Ethical Hacking Fundamentals introduces students to the essential principles, methodologies, and tools used in ethical hacking and cybersecurity. This course covers core topics such as network reconnaissance, vulnerability assessment, penetration testing, and security best practices. Students will learn how ethical hackers identify and exploit vulnerabilities in systems and networks to help organizations strengthen their security posture. Through hands-on labs and real-world scenarios, learners develop practical skills in using industry-standard tools while understanding the legal and ethical responsibilities associated with penetration testing and information security.
Recommended Textbook Security+ Guide to Network Security Fundamentals 4th Edition by Mark Ciampa
Available Study Resources on Quizplus
14 Chapters
588 Verified Questions
588 Flashcards
Source URL: https://quizplus.com/study-set/1054 Page 2
Chapter 1: Introduction to Security
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20875
Sample Questions
Q1) In a general sense, ____________________ may be defined as the necessary steps to protect a person or property from harm.
Answer: security
Q2) In information security, a loss can be ____.
A) theft of information
B) a delay in transmitting information that results in a financial penalty
C) the loss of good will or a reputation
D) all of the above
Answer: D
Q3) What is another name for unsolicited e-mail messages?
A) spam
B) spawn
C) trash
D) scam
Answer: A
Q4) ____________________ provides tracking of events.
Answer: Accounting
Q5) _________________________ is focused on protecting the valuable electronic information of organizations and users.
Answer: Information security
To view all questions and flashcards with answers, click on the resource link above. Page 3
Chapter 2: Malware and Social Engineering Attacks
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20876
Sample Questions
Q1) Malicious software, or ____________________, silently infiltrate computers with the intent to do harm.
Answer: malware
Q2) Describe a macro virus.
Answer: A macro virus is written in a script known as a macro. A macro is a series of commands and instructions that can be grouped together as a single command. Macros often are used to automate a complex set of tasks or a repeated series of tasks. Macros can be written by using a macro language, such as Visual Basic for Applications (VBA), and are stored within the user document (such as in an Excel .XLSX worksheet). A macro virus takes advantage of the "trust" relationship between the application (Excel) and the operating system (Microsoft Windows). Once the user document is opened, the macro virus instructions execute and infect the computer.
Q3) ____ uses "speckling" and different colors so that no two spam e-mails appear to be the same.
A) GIF layering
B) Geometric variance
C) Word splitting
D) Layer variance
Answer: B
To view all questions and flashcards with answers, click on the resource link above.
Page 4
Chapter 3: Application and Network Attacks
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20877
Sample Questions
Q1) A(n) ____________________ is a method for adding annotations to the text so that the additions can be distinguished from the text itself.
Answer: markup language
Q2) Explain the HTTP header referrer attack.
Answer: Because some Web sites check the Referer field to ensure that the request came from a page generated by that site, an attacker can bypass this security by modifying the Referer field to hide that it came from another site. This would allow the attacker to save the original Web page, modify it, and then host it from her own computer.
Q3) The ____ is part of an HTTP packet that is composed of fields that contain the different characteristics of the data being transmitted.
A) HTTP header
B) HTML header
C) XML header
D) SSL header
Answer: A
Q4) All Web traffic is based on the ____________________ protocol.
Answer: HTTP
To view all questions and flashcards with answers, click on the resource link above.
5
Chapter 4: Vulnerability Assessment and Mitigating Attacks
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20878
Sample Questions
Q1) A ____ tester has an in-depth knowledge of the network and systems being tested, including network diagrams, IP addresses, and even the source code of custom applications.
A) white box
B) black box
C) replay
D) system
Q2) List and describe two common uses for a protocol analyzer.
Q3) A ____ in effect takes a snapshot of the current security of the organization.
A) threat analysis
B) vulnerability appraisal
C) risk assessment
D) threat assessment
Q4) Discuss one type of asset that an organization might have.
Q5) A(n) ____ examines the current security in a passive method.
A) application scan
B) system scan
C) threat scan
D) vulnerability scan
Q6) Describe the purpose of a honeypot.
Page 6
To view all questions and flashcards with answers, click on the resource link above.
Chapter 5: Host, Application, and Data Security
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20879
Sample Questions
Q1) Identify one of the capabilities of DLP agents.
Q2) Describe how a DLP can be configured.
Q3) Describe RFID tags.
Q4) When a policy violation is detected by the DLP agent, it is reported back to the DLP server.
A)True
B)False
Q5) ____________________ locks keep a record of when the door was opened and by which code.
Q6) A ____ outlines the major security considerations for a system and becomes the starting point for solid security.
A) reference
B) baseline
C) profile
D) minimum
Q7) ____________________ paint is a nontoxic petroleum gel-based paint that is thickly applied and does not harden, making any coated surface very difficult to climb.
Q8) Explain how tailgate sensors work.
Q9) Identify the five steps in the process to secure operating system software.
To view all questions and flashcards with answers, click on the resource link above. Page 7
Chapter 6: Network Security
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20880
Sample Questions
Q1) Each operation in a computing environment starts with a ____.
A) system call
B) unit call
C) hardware instruction
D) system exception
Q2) ____________________ work occasionally or regularly from a home office.
Q3) Networks are usually segmented by using ____________________ to divide the network into a hierarchy.
Q4) Security is enhanced by subnetting a single network into multiple smaller subnets in order to isolate groups of hosts.
A)True
B)False
Q5) The key to the OSI reference model is ____________________.
Q6) ____ IP addresses are IP addresses that are not assigned to any specific user or organization.
A) Public
B) Private
C) Public domain
D) Private domain
Q7) Describe all-in-one network security appliances.
To view all questions and flashcards with answers, click on the resource link above. Page 8
Chapter 7: Administering a Secure Network
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20881
Sample Questions
Q1) In the ____ cloud computing model, the customer has the highest level of control.
A) Cloud Application as a Service
B) Cloud Infrastructure as a Service
C) Cloud Software as a Service
D) Cloud System as a Service
Q2) Describe one way to use FTP on a local host computer.
Q3) A ____ forwards packets across computer networks.
A) bridge
B) router
C) switch
D) hub
Q4) Broadcast storms can be prevented with ____.
A) spanning tree
B) Dijkstra's algorithm
C) 802.11x
D) loop protection
Q5) Why is the Physical Layer omitted in the TCP/IP model?
Q6) List the steps of a DNS lookup.
Q7) List and describe three benefits offered by IP telephony.
Page 9
To view all questions and flashcards with answers, click on the resource link above.
Chapter 8: Wireless Network Security
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20882
Sample Questions
Q1) Discuss how and why some organizations set up a wireless VLAN for employees and another for guests.
Q2) Because of the weaknesses of WEP, it is possible for an attacker to identify two packets derived from the same IV.
A)True
B)False
Q3) Describe how wireless VLANs can be configured.
Q4) Describe a piconet.
Q5) ____ is the encryption protocol standard for WPA2.
A) AES-CCMP
B) AES-CTR
C) AES-TKIP
D) AES-SCMP
Q6) A(n) ____ packet contains a field that indicates the function of the packet and an identifier field used to match requests and responses.
A) ICMP
B) TKIP
C) EAP
D) RADIUS
Page 10
To view all questions and flashcards with answers, click on the resource link above.
Chapter 9: Access Control Fundamentals
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20883
Sample Questions
Q1) Discuss the two significant weaknesses of DAC.
Q2) ____ is considered a more "real world" access control than the other models because the access is based on a user's job function within an organization.
A) Role Based Access Control
B) Rule Based Access Control
C) Discretionary Access Control
D) Mandatory Access Control
Q3) Describe the two key elements of the MAC model.
Q4) List two major access control models.
Q5) ____ indicates when an account is no longer active.
A) Password expiration
B) Account expiration
C) Last login
D) Account last used
Q6) A user under Role Based Access Control can be assigned only one ____.
A) role
B) group
C) label
D) access list
Q7) Describe LDAP injection attacks.
To view all questions and flashcards with answers, click on the resource link above. Page 11
Chapter 10: Authentication and Account Management
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20884
Sample Questions
Q1) A ____ is a secret combination of letters, numbers, and/or characters that only the user should know.
A) token
B) password
C) biometric detail
D) challenge
Q2) An operating system that has been reengineered so that it is designed to be secure from the ground up is known as a ____.
A) reference monitor
B) transaction monitor
C) system monitor
D) trusted OS
Q3) ____ is related to the perception, thought process, and understanding of the user.
A) Standard biometrics
B) Reactive biometrics
C) Cognitive biometrics
D) Affective biometrics
Q4) List and describe two of the common password setting objects.
Q5) What are the three broad categories on which authentication can be based?
To view all questions and flashcards with answers, click on the resource link above. Page 12
Chapter 11: Basic Cryptography
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20885
Sample Questions
Q1) The most basic type of cryptographic algorithm is a ____ algorithm.
A) hash
B) key
C) digest
D) block
Q2) The simplest type of stream cipher is a ____ cipher.
A) shift
B) substitution
C) lock
D) loop
Q3) Cryptography cannot be applied to entire disks.
A)True
B)False
Q4) Describe the origins of cryptography.
Q5) Explain hashing.
Q6) A ____ cipher rearranges letters without changing them.
A) substitution
B) block
C) loop
D) transposition
Page 13
To view all questions and flashcards with answers, click on the resource link above.
Chapter 12: Advanced Cryptography
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20886
Sample Questions
Q1) In SSH, the ____________________ command allows a user to copy files between remote computers.
Q2) List three pieces of information a digital certificate typically contains.
Q3) Explain the difference between key revocation versus key suspension.
Q4) Discuss the three areas of protection that are provided by IPsec.
Q5) With the ____ model, there is one CA that acts as a "facilitator" to interconnect all other CAs.
A) bridge trust
B) distributed trust
C) third-party trust
D) transitive trust
Q6) The ____ function is a subordinate entity designed to handle specific CA tasks such as processing certificate requests and authenticating users.
A) Registration Authority
B) Certificate Authority
C) Repudiation Authority
D) Intermediate Authority
Q7) List the four stages of a certificate life cycle.
Q8) List two requirements for verification of an EV SSL.
To view all questions and flashcards with answers, click on the resource link above. Page 14
Chapter 13: Business Continuity
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20887
Sample Questions
Q1) ____ data is the most difficult type of data to capture.
A) Volatile
B) Static
C) Non-volatile
D) Persistent
Q2) ____ could contain remnants of previously deleted files or data from the format pattern associated with disk storage space that has yet to be used by the computer.
A) RAM slack
B) Edge slack
C) Drive file slack
D) Sector slack
Q3) What are the objectives of disaster exercises?
Q4) RAID 0 technology is based on ____________________.
Q5) A ____ is a component or entity in a system which, if it no longer functions, will disable the entire system.
A) recovery site
B) recovery point
C) single point of failure
D) cascade point of failure
To view all questions and flashcards with answers, click on the resource link above. Page 15
Chapter 14: Risk Mitigation
Available Study Resources on Quizplus for this Chatper
41 Verified Questions
41 Flashcards
Source URL: https://quizplus.com/quiz/20888
Sample Questions
Q1) A(n) ____ policy is designed to produce a standardized framework for classifying information assets.
A) VPN
B) acceptable use
C) privacy
D) classification of information
Q2) At the heart of information security is the concept of ____.
A) threat
B) mitigation
C) risk
D) management
Q3) A due process policy is a policy that defines the actions users may perform while accessing systems and networking equipment.
A)True
B)False
Q4) ____________________ seeks to approach changes systematically and provide the necessary documentation of the changes.
Q5) Most people are taught using a(n) ____________________ approach.
Q6) What are the typical classification designations of government documents?
Page 16
To view all questions and flashcards with answers, click on the resource link above.