1 $What is the primary goal of Enumeration in the ethical hacking process?$

A.

To physically access the server room

B.

To encrypt the target's data

C.

To gather specific information like user names, shares, and services from a system

D.

To crash the target system

2 $Which phase of hacking immediately precedes Enumeration?$

A.

Clearing Tracks

B.

Scanning

C.

Maintaining Access

D.

System Hacking

3 $In Windows Enumeration, what is a 'Null Session'?$

A.

A session that has been timed out

B.

An unauthenticated connection to the IPC$ share

C.

A session with administrator privileges

D.

A connection using an encrypted VPN

4 $Which port is primarily associated with NetBIOS Name Service?$

A.

Port 137

B.

Port 80

C.

Port 21

D.

Port 443

5 $What command-line tool is used to display NetBIOS over TCP/IP statistics and current connections?$

A.

tracert

B.

ipconfig

C.

ping

D.

nbtstat

6 $What does SNMP stand for?$

A.

Standard Network Mapping Procedure

B.

Simple Network Management Protocol

C.

Secure Network Monitoring Protocol

D.

System Node Maintenance Protocol

7 $In SNMP, what is the 'MIB'?$

A.

Malware Infection Block

B.

Main Interface Bridge

C.

Master IP Block

D.

Management Information Base

8 $What are the two default community strings often used in SNMP?$

A.

admin and user

B.

default and secure

C.

public and private

D.

root and guest

9 $Which protocol is targeted during Directory Service Enumeration to query Active Directory?$

A.

FTP

B.

HTTP

C.

LDAP

D.

SSH

10 $What is the default TCP port for LDAP?$

A.

53

B.

25

C.

389

D.

3389

11 $Which SMTP command is used to verify if a user exists on the mail server?$

A.

HELO

B.

VRFY

C.

DATA

D.

QUIT

12 $Which SMTP command expands a mailing list to show its members?$

A.

RCPT

B.

EXPN

C.

MAIL

D.

RSET

13 $What is the definition of System Hacking?$

A.

Developing security policies

B.

The process of gaining access, escalating privileges, and hiding files

C.

Scanning a network for live hosts

D.

Monitoring network traffic for anomalies

14 $Which password attack involves trying every possible combination of characters?$

A.

Social Engineering

B.

Shoulder Surfing

C.

Dictionary Attack

D.

Brute Force Attack

15 $What is a 'Rainbow Table' used for?$

A.

Storing firewall rules

B.

Encrypting email communications

C.

Looking up pre-computed password hashes

D.

Visualizing network traffic

16 $Adding random bits of data to a password before hashing it to defeat Rainbow Tables is called:$

A.

Peppering

B.

Salting

C.

Masking

D.

Spiceing

17 $In Microsoft Windows, where are local user account passwords stored (in hashed form)?$

A.

In the My Documents folder

B.

In the Registry SAM file

C.

In the boot.ini file

D.

In the kernel32.dll

18 $What is the legacy authentication protocol used by older Windows systems, known for vulnerabilities?$

A.

OAUTH

B.

NTLM

C.

Kerberos

D.

RADIUS

19 $What is the primary authentication protocol used in Active Directory environments?$

A.

Kerberos

B.

CHAP

C.

WEP

D.

SSL

20 $What entity issues tickets in the Kerberos protocol?$

A.

The Key Distribution Center (KDC)

B.

The File Server

C.

The Gateway

D.

The Client

21 $What is 'Privilege Escalation'?$

A.

Resetting a password

B.

Moving laterally to another computer with same rights

C.

Gaining higher-level access (e.g., Administrator) from a standard user account

D.

Downgrading user rights to Guest

22 $Which tool allows an attacker to execute processes on a remote system, often used in Windows environments?$

A.

Paint

B.

Notepad

C.

Calc

D.

PsExec

23 $Software designed to infiltrate or damage a computer system without the owner's informed consent is collectively known as:$

A.

Firmware

B.

Freeware

C.

Malware

D.

Shareware

24 $What distinguishes a Computer Virus from a Worm?$

A.

A virus requires a host program to replicate, while a worm is standalone

B.

A virus travels over networks, a worm stays local

C.

There is no difference

D.

A virus encrypts data, a worm deletes it

25 $Which type of malware disguises itself as legitimate software to trick the user into installing it?$

A.

Virus

B.

Logic Bomb

C.

Worm

D.

Trojan Horse

26 $What is the primary function of Ransomware?$

A.

To encrypt user files and demand payment for the decryption key

B.

To display advertisements

C.

To steal credit card numbers quietly

D.

To turn the computer into a bot

27 $Software that gathers information about a person or organization without their knowledge is called:$

A.

Logic Bomb

B.

Spyware

C.

Adware

D.

Ransomware

28 $Malware that automatically delivers advertisements is known as:$

A.

Rootkit

B.

Virus

C.

Adware

D.

Botnet

29 $What is 'Scareware'?$

A.

Malware that tricks users into buying unnecessary software by claiming their computer is infected

B.

A worm that spreads via email

C.

A virus that deletes system 32

D.

Software that screams when opened

30 $A type of malicious code that remains dormant until a specific event or date triggers it is called:$

A.

Backdoor

B.

Adware

C.

Logic Bomb

D.

Spyware

31 $What is a 'Rootkit'?$

A.

A kit for rooting Android phones

B.

Software designed to hide the existence of other malware and maintain privileged access

C.

A database scanning tool

D.

A password cracking tool

32 $A 'Polymorphic Virus' is difficult to detect because:$

A.

It is written in Python

B.

It only runs on Linux

C.

It is invisible to the user

D.

It changes its code or signature each time it infects a new file

33 $What is a 'Macro Virus'?$

A.

A virus written in the macro language of applications like Microsoft Word or Excel

B.

A virus that infects the boot sector

C.

A virus that attacks Mac computers

D.

A virus that is very large in file size

34 $A network of compromised computers controlled by an attacker is called a:$

A.

Darknet

B.

Intranet

C.

Botnet

D.

Subnet

35 $What is a 'Wrapper' or 'Binder' in the context of Trojans?$

A.

A tool used to combine a malicious executable with a legitimate file

B.

A method of encrypting emails

C.

A firewall rule

D.

A type of antivirus

36 $Which of the following describes a 'Drive-by Download'?$

A.

Unintended download of malware by visiting a compromised website

B.

Downloading drivers for a printer

C.

Downloading files to a USB drive

D.

Manually downloading a virus for research

37 $Under U.S. law, which act is primarily used to prosecute computer hacking and malware distribution?$

A.

SOX

B.

CFAA (Computer Fraud and Abuse Act)

C.

GDPR

D.

HIPAA

38 $In the context of malware and the law, what does 'Intent' typically determine?$

A.

The programming language used

B.

The difference between accidental damage and criminal liability

C.

The speed of the internet connection

D.

The cost of the hardware

39 $What is an 'Overt Channel'?$

A.

A hidden communication path

B.

A legitimate, authorized communication path for transferring data

C.

An encrypted VPN

D.

A channel used only by spies

40 $What is a 'Covert Channel'?$

A.

A mechanism used to transfer information in a way that violates the system's security policy

B.

A public chat room

C.

A standard FTP connection

D.

A TV channel for hackers

41 $Hiding data within the headers of TCP/IP packets is an example of:$

A.

Phishing

B.

Covert Storage Channel

C.

Overt Channel

D.

Social Engineering

42 $Manipulating system resources to signal information (e.g., CPU usage patterns) is an example of:$

A.

Covert Timing Channel

B.

Covert Storage Channel

C.

Multiplexing

D.

Overt Channel

43 $Steganography is best described as:$

A.

Scrambling text so it is unreadable

B.

Cracking passwords

C.

Hiding the existence of a message within another medium (like an image)

D.

Scanning ports

44 $Which tool is commonly used to extract password hashes from Windows memory (LSASS)?$

A.

Wireshark

B.

Ping

C.

Nmap

D.

Mimikatz

45 $What is a 'Zero-Day' exploit?$

A.

An exploit that takes zero days to fix

B.

A virus that lasts for zero days

C.

An attack that exploits a vulnerability unknown to the software vendor

D.

An attack that occurs at midnight

46 $What is the purpose of a 'Keylogger'?$

A.

To record every keystroke made by a user

B.

To lock the keyboard

C.

To log into a website

D.

To generate encryption keys

47 $Which Windows service is the 'Local Security Authority' responsible for validating users?$

A.

SVCHOST.EXE

B.

WINLOGON.EXE

C.

LSASS.EXE

D.

EXPLORER.EXE

48 $A malware that restricts access to the computer system until a fee is paid is specifically targeting which aspect of the CIA triad?$

A.

Availability

B.

Integrity

C.

Confidentiality

D.

Non-repudiation

49 $In Windows, what does the command net user do?$

A.

Connects to a shared folder

B.

Starts a service

C.

Displays network statistics

D.

Adds, removes, or modifies user accounts

50 $Which of the following is an example of a Multipartite Virus?$

A.

A virus that attacks multiple people

B.

A virus that has multiple parts

C.

A virus that attacks both the boot sector and executable files

D.

A virus that uses multiple encryption keys

Unit 3 - Practice Quiz