This set of Cyber Security Multiple Choice Questions & Answers (MCQs) focuses on “Generic Steps for Security – 1”.
1. How many basic processes or steps are there in ethical hacking?
a) 4
b) 5
c) 6
d) 7
View Answer
Explanation: According to the standard ethical hacking standards, the entire process of hacking can be divided into 6 steps or phases. These are: Reconnaissance, Scanning, Gaining Access, Maintaining Access, Tracks clearing, reporting.
2. ____________ is the information gathering phase in ethical hacking from the target user.
a) Reconnaissance
b) Scanning
c) Gaining access
d) Maintaining access
View Answer
Explanation: Reconnaissance is the phase where the ethical hacker tries to gather different kinds of information about the target user or the victim’s system.
3. Which of the following is not a reconnaissance tool or technique for information gathering?
a) Hping
b) NMAP
c) Google Dorks
d) Nexpose
View Answer
Explanation: Hping, NMAP & Google Dorks are tools and techniques for reconnaissance. Nexpose is a tool for scanning the network for vulnerabilities.
4. There are ______ subtypes of reconnaissance.
a) 2
b) 3
c) 4
d) 5
View Answer
Explanation: Reconnaissance can be done in two different ways. 1st, Active Reconnaissance which involves interacting with the target user or system directly in order to gain information; 2nd, Passive Reconnaissance, where information gathering from target user is done indirectly without interacting with the target user or system.
5. Which of the following is an example of active reconnaissance?
a) Searching public records
b) Telephone calls as a help desk or fake customer care person
c) Looking for the target’s details in the database
d) Searching the target’s details in paper files
View Answer
Explanation: As active reconnaissance is all about interacting with target victim directly, hence telephonic calls as a legitimate customer care person or help desk person, the attacker can get more information about the target user.
6. Which of the following is an example of passive reconnaissance?
a) Telephonic calls to target victim
b) Attacker as a fake person for Help Desk support
c) Talk to the target user in person
d) Search about target records in online people database
View Answer
Explanation: Passive reconnaissance is all about acquiring of information about the target indirectly, hence searching any information about the target on online people database is an example of passive reconnaissance.
7. ________ phase in ethical hacking is known as the pre-attack phase.
a) Reconnaissance
b) Scanning
c) Gaining access
d) Maintaining access
View Answer
Explanation: In the scanning phase, the hacker actively scans for the vulnerabilities or specific information in the network which can be exploited.
8. While looking for a single entry point where penetration testers can test the vulnerability, they use ______ phase of ethical hacking.
a) Reconnaissance
b) Scanning
c) Gaining access
d) Maintaining access
View Answer
Explanation: Scanning is done to look for entry points in a network or system in order to launch an attack and check whether the system is penetrable or not.
9. Which of them does not comes under scanning methodologies?
a) Vulnerability scanning
b) Sweeping
c) Port Scanning
d) Google Dorks
View Answer
Explanation: Google dork is used for reconnaissance, which uses special search queries for narrowing down the search results. The rest three scanning methodologies are used for scanning ports (logical), and network vulnerabilities.
10. Which of them is not a scanning tool?
a) NMAP
b) Nexpose
c) Maltego
d) Nessus
View Answer
Explanation: NMAP is used for both reconnaissance and scanning purposes. Nepose and Nessus are fully scanning tool. Maltego is an example of a reconnaissance tool used for acquiring information about target user.
11. Which of the following comes after scanning phase in ethical hacking?
a) Scanning
b) Maintaining access
c) Reconnaissance
d) Gaining access
View Answer
Explanation: Gaining access is the next step after scanning. Once the scanning tools are used to look for flaws in a system, it is the next phase where the ethical hackers or penetration testers have to technically gain access to a network or system.
12. In __________ phase the hacker exploits the network or system vulnerabilities.
a) Scanning
b) Maintaining access
c) Reconnaissance
d) Gaining access
View Answer
Explanation: Penetration testers after scanning the system or network tries to exploit the flaw of the system or network in “gaining access” phase.
13. Which of the following is not done in gaining access phase?
a) Tunnelling
b) Buffer overflow
c) Session hijacking
d) Password cracking
View Answer
Explanation: Tunnelling is a method that is followed to cover tracks created by attackers and erasing digital footprints. Buffer overflow, session hijacking and password cracking are examples of gaining access to test the flaw in system or network.
14. Which of the below-mentioned penetration testing tool is popularly used in gaining access phase?
a) Maltego
b) NMAP
c) Metasploit
d) Nessus
View Answer
Explanation: Metasploit is a framework and the most widely used penetration testing tool used by ethical hackers for testing the vulnerabilities in a system or network.
Sanfoundry Global Education & Learning Series – Cyber Security.
To practice all areas of Cyber Security, here is complete set of 1000+ Multiple Choice Questions and Answers.
If you find a mistake in question / option / answer, kindly take a screenshot and email to [email protected]
- Check Cyber Security Books
- Check Programming Books
- Practice Programming MCQs
- Practice Cryptography & Network Security MCQ
- Practice Computer Science MCQs
