1 $What is the primary goal of Enumeration in the ethical hacking process?$

A.

To crash the target system

B.

To gather specific information like user names, shares, and services from a system

C.

To encrypt the target's data

D.

To physically access the server room

2 $Which phase of hacking immediately precedes Enumeration?$

A.

System Hacking

B.

Scanning

C.

Clearing Tracks

D.

Maintaining Access

3 $In Windows Enumeration, what is a 'Null Session'?$

A.

A connection using an encrypted VPN

B.

A session with administrator privileges

C.

A session that has been timed out

D.

An unauthenticated connection to the IPC$ share

4 $Which port is primarily associated with NetBIOS Name Service?$

A.

Port 443

B.

Port 80

C.

Port 137

D.

Port 21

5 $What command-line tool is used to display NetBIOS over TCP/IP statistics and current connections?$

A.

nbtstat

B.

ipconfig

C.

tracert

D.

ping

6 $What does SNMP stand for?$

A.

Standard Network Mapping Procedure

B.

Secure Network Monitoring Protocol

C.

System Node Maintenance Protocol

D.

Simple Network Management Protocol

7 $In SNMP, what is the 'MIB'?$

A.

Master IP Block

B.

Main Interface Bridge

C.

Malware Infection Block

D.

Management Information Base

8 $What are the two default community strings often used in SNMP?$

A.

admin and user

B.

default and secure

C.

public and private

D.

root and guest

9 $Which protocol is targeted during Directory Service Enumeration to query Active Directory?$

A.

FTP

B.

SSH

C.

LDAP

D.

HTTP

10 $What is the default TCP port for LDAP?$

A.

25

B.

389

C.

53

D.

3389

11 $Which SMTP command is used to verify if a user exists on the mail server?$

A.

HELO

B.

QUIT

C.

DATA

D.

VRFY

12 $Which SMTP command expands a mailing list to show its members?$

A.

RCPT

B.

MAIL

C.

RSET

D.

EXPN

13 $What is the definition of System Hacking?$

A.

The process of gaining access, escalating privileges, and hiding files

B.

Scanning a network for live hosts

C.

Developing security policies

D.

Monitoring network traffic for anomalies

14 $Which password attack involves trying every possible combination of characters?$

A.

Dictionary Attack

B.

Brute Force Attack

C.

Social Engineering

D.

Shoulder Surfing

15 $What is a 'Rainbow Table' used for?$

A.

Storing firewall rules

B.

Looking up pre-computed password hashes

C.

Encrypting email communications

D.

Visualizing network traffic

16 $Adding random bits of data to a password before hashing it to defeat Rainbow Tables is called:$

A.

Spiceing

B.

Masking

C.

Salting

D.

Peppering

17 $In Microsoft Windows, where are local user account passwords stored (in hashed form)?$

A.

In the Registry SAM file

B.

In the boot.ini file

C.

In the My Documents folder

D.

In the kernel32.dll

18 $What is the legacy authentication protocol used by older Windows systems, known for vulnerabilities?$

A.

OAUTH

B.

NTLM

C.

RADIUS

D.

Kerberos

19 $What is the primary authentication protocol used in Active Directory environments?$

A.

WEP

B.

CHAP

C.

SSL

D.

Kerberos

20 $What entity issues tickets in the Kerberos protocol?$

A.

The Gateway

B.

The File Server

C.

The Key Distribution Center (KDC)

D.

The Client

21 $What is 'Privilege Escalation'?$

A.

Downgrading user rights to Guest

B.

Resetting a password

C.

Gaining higher-level access (e.g., Administrator) from a standard user account

D.

Moving laterally to another computer with same rights

22 $Which tool allows an attacker to execute processes on a remote system, often used in Windows environments?$

A.

PsExec

B.

Notepad

C.

Calc

D.

Paint

23 $Software designed to infiltrate or damage a computer system without the owner's informed consent is collectively known as:$

A.

Firmware

B.

Malware

C.

Shareware

D.

Freeware

24 $What distinguishes a Computer Virus from a Worm?$

A.

A virus requires a host program to replicate, while a worm is standalone

B.

A virus travels over networks, a worm stays local

C.

A virus encrypts data, a worm deletes it

D.

There is no difference

25 $Which type of malware disguises itself as legitimate software to trick the user into installing it?$

A.

Virus

B.

Trojan Horse

C.

Worm

D.

Logic Bomb

26 $What is the primary function of Ransomware?$

A.

To display advertisements

B.

To turn the computer into a bot

C.

To encrypt user files and demand payment for the decryption key

D.

To steal credit card numbers quietly

27 $Software that gathers information about a person or organization without their knowledge is called:$

A.

Logic Bomb

B.

Adware

C.

Ransomware

D.

Spyware

28 $Malware that automatically delivers advertisements is known as:$

A.

Rootkit

B.

Adware

C.

Botnet

D.

Virus

29 $What is 'Scareware'?$

A.

Software that screams when opened

B.

A worm that spreads via email

C.

Malware that tricks users into buying unnecessary software by claiming their computer is infected

D.

A virus that deletes system 32

30 $A type of malicious code that remains dormant until a specific event or date triggers it is called:$

A.

Adware

B.

Logic Bomb

C.

Backdoor

D.

Spyware

31 $What is a 'Rootkit'?$

A.

A database scanning tool

B.

A kit for rooting Android phones

C.

Software designed to hide the existence of other malware and maintain privileged access

D.

A password cracking tool

32 $A 'Polymorphic Virus' is difficult to detect because:$

A.

It changes its code or signature each time it infects a new file

B.

It is invisible to the user

C.

It is written in Python

D.

It only runs on Linux

33 $What is a 'Macro Virus'?$

A.

A virus written in the macro language of applications like Microsoft Word or Excel

B.

A virus that attacks Mac computers

C.

A virus that is very large in file size

D.

A virus that infects the boot sector

34 $A network of compromised computers controlled by an attacker is called a:$

A.

Botnet

B.

Intranet

C.

Subnet

D.

Darknet

35 $What is a 'Wrapper' or 'Binder' in the context of Trojans?$

A.

A type of antivirus

B.

A method of encrypting emails

C.

A firewall rule

D.

A tool used to combine a malicious executable with a legitimate file

36 $Which of the following describes a 'Drive-by Download'?$

A.

Downloading files to a USB drive

B.

Downloading drivers for a printer

C.

Manually downloading a virus for research

D.

Unintended download of malware by visiting a compromised website

37 $Under U.S. law, which act is primarily used to prosecute computer hacking and malware distribution?$

A.

SOX

B.

CFAA (Computer Fraud and Abuse Act)

C.

GDPR

D.

HIPAA

38 $In the context of malware and the law, what does 'Intent' typically determine?$

A.

The speed of the internet connection

B.

The programming language used

C.

The cost of the hardware

D.

The difference between accidental damage and criminal liability

39 $What is an 'Overt Channel'?$

A.

A channel used only by spies

B.

An encrypted VPN

C.

A legitimate, authorized communication path for transferring data

D.

A hidden communication path

40 $What is a 'Covert Channel'?$

A.

A standard FTP connection

B.

A TV channel for hackers

C.

A mechanism used to transfer information in a way that violates the system's security policy

D.

A public chat room

41 $Hiding data within the headers of TCP/IP packets is an example of:$

A.

Social Engineering

B.

Phishing

C.

Overt Channel

D.

Covert Storage Channel

42 $Manipulating system resources to signal information (e.g., CPU usage patterns) is an example of:$

A.

Overt Channel

B.

Multiplexing

C.

Covert Timing Channel

D.

Covert Storage Channel

43 $Steganography is best described as:$

A.

Scanning ports

B.

Hiding the existence of a message within another medium (like an image)

C.

Cracking passwords

D.

Scrambling text so it is unreadable

44 $Which tool is commonly used to extract password hashes from Windows memory (LSASS)?$

A.

Mimikatz

B.

Nmap

C.

Ping

D.

Wireshark

45 $What is a 'Zero-Day' exploit?$

A.

An attack that exploits a vulnerability unknown to the software vendor

B.

An exploit that takes zero days to fix

C.

An attack that occurs at midnight

D.

A virus that lasts for zero days

46 $What is the purpose of a 'Keylogger'?$

A.

To log into a website

B.

To lock the keyboard

C.

To generate encryption keys

D.

To record every keystroke made by a user

47 $Which Windows service is the 'Local Security Authority' responsible for validating users?$

A.

WINLOGON.EXE

B.

LSASS.EXE

C.

EXPLORER.EXE

D.

SVCHOST.EXE

48 $A malware that restricts access to the computer system until a fee is paid is specifically targeting which aspect of the CIA triad?$

A.

Non-repudiation

B.

Confidentiality

C.

Availability

D.

Integrity

49 $In Windows, what does the command net user do?$

A.

Connects to a shared folder

B.

Adds, removes, or modifies user accounts

C.

Displays network statistics

D.

Starts a service

50 $Which of the following is an example of a Multipartite Virus?$

A.

A virus that has multiple parts

B.

A virus that attacks both the boot sector and executable files

C.

A virus that uses multiple encryption keys

D.

A virus that attacks multiple people

Unit 3 - Practice Quiz