What is the primary goal of ethical hacking?
a) To steal sensitive information
b) To test and secure systems by finding vulnerabilities
c) To create new hacking techniques
d) To sell vulnerabilities to third parties
Which of the following tools is commonly used for penetration testing?
a) WordPress
b) Wireshark
c) Microsoft Excel
d) Adobe Photoshop
What is a penetration test (pen test)?
a) An attack used to bypass antivirus software
b) A security audit performed to identify system weaknesses
c) A type of virus used to disrupt a network
d) A legal method to bypass user authentication
Which of these is a common step in the penetration testing process?
a) Scanning and enumerating potential vulnerabilities
b) Installing malware on the target system
c) Bribing employees for system access
d) Launching a denial-of-service attack
Which tool is used for network scanning in ethical hacking?
a) Nmap
b) Microsoft Word
c) Notepad
d) Google Chrome
What is the purpose of a vulnerability assessment in ethical hacking?
a) To exploit vulnerabilities and gain unauthorized access
b) To identify and document security weaknesses
c) To create ransomware
d) To encrypt files for ransom
Which of the following is true about ethical hacking?
a) It involves hacking without permission
b) It is performed to find weaknesses before malicious hackers can exploit them
c) It is illegal in most countries
d) It aims to create viruses and other malicious software
What is “social engineering” in the context of ethical hacking?
a) Writing malware to bypass antivirus programs
b) Manipulating people into revealing confidential information
c) Cracking passwords to access secured systems
d) Using encryption to secure data transmission
What does a “red team” do in a penetration test?
a) They defend systems against attacks
b) They simulate real-world attacks to identify vulnerabilities
c) They monitor network traffic for unusual activity
d) They design the security infrastructure
What is the first step in a typical penetration testing process?
a) Post-exploitation
b) Exploit discovery
c) Information gathering
d) Creating a report
Which of the following is an example of a “black-box” penetration test?
a) Testing the system with full knowledge of the internal infrastructure
b) Testing the system with no prior knowledge of the target environment
c) Testing the system using external consultants
d) Testing the system based on detailed user reports
Which of the following best describes “exploitation” in ethical hacking?
a) Trying to breach a system using a known vulnerability
b) Gathering information on a system’s vulnerabilities
c) Protecting a system from security risks
d) Installing a firewall to block malicious traffic
What is “post-exploitation” in the context of penetration testing?
a) The initial analysis of vulnerabilities
b) The actions taken after gaining unauthorized access to a system
c) The process of scanning networks for weak points
d) The process of writing a report after testing
Which type of penetration test is conducted with knowledge of the target system?
a) White-box testing
b) Black-box testing
c) Gray-box testing
d) Blue-box testing
Which of the following tools is used for password cracking during penetration testing?
a) John the Ripper
b) Photoshop
c) PowerShell
d) Docker
What is a “zero-day” vulnerability?
a) A vulnerability that has been patched and fixed
b) A previously unknown vulnerability that hackers can exploit
c) A system vulnerability caused by outdated hardware
d) A flaw in the encryption system used by software
What is the role of “blue team” in penetration testing?
a) They simulate attacks on systems to test security
b) They work on patching vulnerabilities and defending systems
c) They perform social engineering attacks
d) They attempt to bypass security measures undetected
Which of the following is a common outcome of a successful penetration test?
a) Discovering new attack vectors and documenting vulnerabilities
b) Installing malware on the target system
c) Sending a ransom demand to the organization
d) Changing passwords of employees to monitor activity
What is the purpose of a “man-in-the-middle” attack in ethical hacking?
a) To encrypt all communication between two parties
b) To eavesdrop or alter the communication between two systems
c) To distribute malware across multiple systems
d) To monitor network traffic for unauthorized data flow
Which of the following best describes a “phishing” attack?
a) Exploiting a system vulnerability to gain access
b) Sending fraudulent emails to trick recipients into revealing sensitive information
c) Installing malware to monitor a system’s activity
d) Exploiting a weakness in a network’s firewall
What is the purpose of conducting a “red team” exercise?
a) To design new security software
b) To simulate an adversary’s attack to identify vulnerabilities
c) To improve network traffic
d) To monitor external communications for threats
What is the term “pivoting” in penetration testing?
a) Moving from one system to another within the same network after a successful breach
b) Testing the perimeter defenses of a network
c) Scanning for open ports
d) Installing a firewall to protect a system from future attacks
Which of the following best defines a “denial-of-service” (DoS) attack?
a) A method to protect systems by limiting access
b) A type of malware that encrypts files
c) An attack that overloads a system to make it unavailable
d) A strategy for increasing system performance
Which of the following is typically the most important phase in penetration testing?
a) Post-exploitation
b) Information gathering
c) Exploitation
d) Reporting
What is the purpose of the “exploit” phase in penetration testing?
a) To identify system vulnerabilities
b) To scan the network for weaknesses
c) To take advantage of vulnerabilities to gain unauthorized access
d) To monitor network traffic for anomalies
What is the key difference between “black-box” and “white-box” penetration testing?
a) White-box testing is conducted with no knowledge of the system, while black-box testing is performed with prior knowledge of the system
b) Black-box testing is done by the company’s internal security team, while white-box is done by external testers
c) White-box testing is done with full knowledge of the target system, while black-box testing is done with no prior knowledge
d) There is no difference between the two methods
What is “reconnaissance” in ethical hacking?
a) Writing malware to target a system
b) The process of gathering information about the target system
c) Installing backdoors into systems
d) Trying to bypass authentication systems
Which of the following is an ethical way to conduct penetration testing?
a) Hacking into systems without prior permission
b) Testing a system with explicit authorization and legal clearance
c) Publishing discovered vulnerabilities without reporting them
d) Exploiting a vulnerability for personal gain
Which of the following is a major risk associated with penetration testing?
a) Gaining access to an organization’s proprietary information
b) Exposing vulnerabilities to malicious hackers if not properly handled
c) Improving security by identifying weaknesses
d) Creating high-level malware undetected
