Main – test

Welcome to your CEH

Name

Instructor Name

Phone

Which of the following tools is primarily used for DNS footprinting?

nslookup

Metasploit

Burp Suite

Ettercap

None

What is the purpose of ARP poisoning?

Encrypting data transmission

Redirecting network traffic

Preventing DDoS attacks

Identifying open ports

None

Which type of attack relies on sending more data than a buffer can handle?

DoS attack

SQL injection

Buffer Overflow

ARP spoofing

None

Which of these tools is best for detecting vulnerabilities in web applications?

Wireshark

Burp Suite

Nmap

Netcat

None

Which port does LDAP use by default for unencrypted communication?

389

443

636

3389

None

What does the ‘-sS’ option do in an Nmap scan?

Performs a SYN scan

Performs a full TCP connect scan

Launches a UDP scan

Performs a ping sweep

None

What is the main advantage of a SYN scan over a full connect scan?

It is faster and stealthier

It guarantees detection

It blocks network access

It requires administrative privileges

None

Which of these encryption protocols is considered the most secure?

DES

AES-128

AES-256

RC4

None

Which SQL injection technique involves injecting a payload directly into user input fields?

Blind SQL injection

Time-based SQL injection

Classic SQL injection

Error-based SQL injection

None

10.

What is a primary defense mechanism against cross-site scripting (XSS) attacks?

Input validation and sanitization

Using weak passwords

Avoiding SSL encryption

Disabling firewalls

None

11.

What type of attack exploits the predictable sequence of TCP Initial Sequence Numbers (ISNs)?

TCP session hijacking

DDoS attack

SQL injection

Rainbow table attack

None

12.

What is the purpose of a "salting" technique in password storage?

Strengthening password hashes

Encrypting stored passwords

Slowing down brute-force attacks

All of the above

None

13.

What is the primary function of a honeypot?

Protect against malware

Attract and detect attackers

Encrypt network traffic

Secure web applications

None

14.

What does the tool "John the Ripper" primarily do?

Cracks passwords

Scans for open ports

Spoofs IP addresses

Encrypts files

None

15.

What is a characteristic of a polymorphic virus?

It infects only Linux systems

It changes its code to evade detection

It spreads via USB devices

It does not require execution

None

16.

What attack technique is used to force a user's browser to make an unintended request?

SQL injection

Cross-Site Request Forgery (CSRF)

ARP poisoning

Reverse shell attack

None

17.

Which of the following tools is used for network traffic analysis?

Wireshark

Netcat

Cain & Abel

Burp Suite

None

18.

What is an important feature of an IPS (Intrusion Prevention System)?

Blocking malicious traffic in real-time

Encrypting stored passwords

Generating brute-force attacks

Detecting but not blocking attacks

None

19.

Which Linux command can help identify open network ports?

netstat -tulnp

ifconfig

pwd

ps aux

None

20.

Which of the following attacks is NOT a type of social engineering?

Phishing

Baiting

ARP Spoofing

Pretexting

None

21.

What type of attack involves injecting malicious code into a dynamic SQL query?

Command injection

SQL injection

CSRF

ARP poisoning

None

22.

Which technique involves encoding malicious scripts to evade detection?

SQL injection

Obfuscation

Firewall bypassing

ARP spoofing

None

23.

What type of malware encrypts files and demands payment for decryption?

Ransomware

Rootkit

Spyware

Worm

None

24.

What is the purpose of a Trojan horse in hacking?

Disguising malware as legitimate software

Overloading network traffic

Exploiting SQL injection

Defending against DoS attacks

None

25.

Which type of attack occurs when an attacker places themselves between two communicating parties?

Man-in-the-middle (MITM) attack

SQL injection

Brute force attack

Privilege escalation

None

26.

What is the primary goal of footprinting?

Gathering information about a target system

Exploiting system vulnerabilities

Installing backdoors

Defacing a website

None

27.

Which type of attack exploits a weakness in authentication mechanisms?

DDoS attack

SQL injection

Brute force attack

ARP spoofing

None

28.

What is the purpose of a "null session" in Windows systems?

Anonymous access to system resources

Blocking firewall rules

Exploiting SQL databases

Encrypting network traffic

None

29.

What is a key feature of a botnet?

Encrypting communications

A network of compromised machines controlled remotely

Monitoring user activity

Preventing brute force attacks

None

30.

Which type of attack exploits misconfigured CORS policies?

Cross-Origin Resource Sharing (CORS) Attack

SQL Injection

DNS Spoofing

Buffer Overflow

None

31.

What is the primary purpose of a rainbow table?

Cracking hashed passwords using precomputed values

Encrypting stored passwords

Preventing SQL injection

Defending against phishing attacks

None

32.

What command allows enumeration of shared resources in Windows?

nslookup

net view

ipconfig

ps aux

None

33.

What tool is commonly used for privilege escalation on Linux?

Linux Exploit Suggester

Aircrack-ng

Metasploit

John the Ripper

None

34.

What type of malware hides itself within legitimate system processes?

Worm

Rootkit

Ransomware

Keylogger

None

35.

What port does SMB (Server Message Block) use by default?

445

3389

None

36.

What is the main purpose of an IDS (Intrusion Detection System)?

Monitoring and detecting network threats

Encrypting data

Blocking all network traffic

Preventing phishing attacks

None

37.

What is an example of a credential-based attack?

ARP poisoning

Password spraying

Ping sweep

Subdomain enumeration

None

38.

What is a "zero-day" vulnerability?

An unknown software vulnerability

A patched security flaw

A deprecated feature in an OS

A public exploit available for a long time

None

39.

What tool can be used to sniff wireless traffic?

Aircrack-ng

John the Ripper

Hydra

SQLmap

None

40.

What is the main purpose of a firewall?

Filtering network traffic based on security rules

Cracking passwords

Encrypting email communications

Conducting penetration tests

None

41.

What type of malware records keystrokes?

Keylogger

Worm

Rootkit

Adware

None

42.

What is the primary function of a "pivoting" attack?

Gaining deeper access into a network

Preventing malware infection

Blocking phishing emails

Encrypting system files

None

43.

Which hashing algorithm is considered outdated and weak?

MD5

SHA-256

AES

RSA

None

44.

What does the "chmod 777" command do on Linux?

Grants full permissions to all users

Encrypts a file

Disables user access

Deletes all system logs

None

45.

What type of attack involves manipulating a user into clicking a fake login link?

Phishing attack

Brute force attack

SQL injection

XSS attack

None

46.

Which protocol is used for secure file transfers over SSH?

SFTP (Secure File Transfer Protocol)

FTP

Telnet

SNMP

None

47.

What is an example of a post-exploitation activity?

Privilege escalation

Scanning open ports

Sniffing network traffic

Brute force attacks

None

48.

What is the purpose of a "backdoor"?

Maintaining unauthorized access to a system

Detecting network vulnerabilities

Preventing brute force attacks

Encrypting passwords

None

49.

What does a replay attack involve?

Reusing captured authentication data

Injecting SQL commands

Executing malware remotely

Cracking Wi-Fi passwords

None

50.

What tool is commonly used to crack WPA/WPA2 passwords?

Aircrack-ng

Wireshark

Metasploit

Hydra

None

1 out of 50

Thanks !!! CEH