.jpg)
.png)
Unit 1
1. What is the main objective of penetration testing?
a) To identify security weaknesses in a system
b) To develop new security software
c) To increase network speed
d) To improve user experience
Answer: a) To identify security weaknesses in a system
2. Which of the following is NOT a type of penetration testing?
a) Black box testing
b) White box testing
c) Gray box testing
d) Blue box testing
Answer: d) Blue box testing
3. Which phase of penetration testing involves collecting information about the target?
a) Reporting
b) Scanning
c) Reconnaissance
d) Exploitation
Answer: c) Reconnaissance
4. What is the main difference between black-box and white-box penetration testing?
a) Black-box testing has full access to system details, while white-box does not
b) White-box testing has full access to system details, while black-box does not
c) Black-box testing is faster than white-box testing
d) There is no difference
Answer: b) White-box testing has full access to system details, while black-box does not
5. What is the first step in a penetration testing process?
a) Exploitation
b) Reconnaissance
c) Reporting
d) Privilege escalation
Answer: b) Reconnaissance
6. Which of the following is NOT a phase of penetration testing?
a) Planning and Scoping
b) Enumeration
c) Vulnerability Remediation
d) Exploitation
Answer: c) Vulnerability Remediation
7. What is the purpose of Rules of Engagement (RoE) in penetration testing?
a) To define the scope, limitations, and permissions for the test
b) To provide test results to clients
c) To list the vulnerabilities found
d) To give hacking tools to testers
Answer: a) To define the scope, limitations, and permissions for the test
8. Why is compliance important in penetration testing?
a) To ensure legal and regulatory requirements are met
b) To increase hacking skills
c) To slow down testing processes
d) To make the test more complex
Answer: a) To ensure legal and regulatory requirements are met
9. Which penetration testing type involves testing from the perspective of an external attacker?
a) White box testing
b) Gray box testing
c) Black box testing
d) Red box testing
Answer: c) Black box testing
10. What does the exploitation phase of penetration testing focus on?
a) Gathering information
b) Identifying vulnerabilities
c) Attempting to gain unauthorized access
d) Creating a report
Answer: c) Attempting to gain unauthorized access
11. Which of the following compliance standards relate to penetration testing in the financial sector?
a) HIPAA
b) PCI DSS
c) FERPA
d) DMCA
Answer: b) PCI DSS
12. What is the purpose of the post-exploitation phase in penetration testing?
a) To install malware
b) To delete system logs
c) To determine the impact of exploitation
d) To end the test immediately
Answer: c) To determine the impact of exploitation
13. Which penetration testing methodology is used for compliance with ISO 27001?
a) OWASP
b) NIST SP 800-115
c) PTES
d) OSSTMM
Answer: b) NIST SP 800-115
14. Which standard is widely used for penetration testing in web applications?
a) OWASP
b) GDPR
c) HIPAA
d) IEEE 802.11
Answer: a) OWASP
15. What is the main goal of a Rules of Engagement (RoE) document?
a) Define how penetration testers will interact with the target
b) Provide details about test vulnerabilities
c) List hacking tools
d) Describe user access policies
Answer: a) Define how penetration testers will interact with the target
16. What is the purpose of scoping in penetration testing?
a) To reduce the cost of the test
b) To define what will be tested and the limitations
c) To find as many vulnerabilities as possible
d) To compare different hacking techniques
Answer: b) To define what will be tested and the limitations
17. In organizational penetration testing, what is typically included in the scope?
a) Only external networks
b) Only internal employees
c) External, internal networks, and human factors
d) Only firewalls
Answer: c) External, internal networks, and human factors
18. What does the term "Red Team" refer to in penetration testing?
a) A group of hackers conducting a real attack
b) A team that simulates an attacker in an organization
c) A firewall monitoring team
d) A team that patches vulnerabilities
Answer: b) A team that simulates an attacker in an organization
19. Which document defines legal permissions for penetration testing?
a) NDA
b) Authorization Letter
c) RoE
d) Risk Assessment Report
Answer: c) RoE
20. Why is environmental consideration important in penetration testing?
a) To ensure security tests do not disrupt business operations
b) To test weather conditions
c) To improve software updates
d) To identify physical security threats only
Answer: a) To ensure security tests do not disrupt business operations
21. What is an example of a compliance requirement for penetration testing?
a) GDPR
b) HTML5
c) JavaScript
d) IPv4
Answer: a) GDPR
22. Which of the following is a limitation in penetration testing?
a) It finds all vulnerabilities
b) It ensures 100% security
c) It has a limited scope and timeframe
d) It replaces security audits
Answer: c) It has a limited scope and timeframe
23. Which organization publishes the Penetration Testing Execution Standard (PTES)?
a) NIST
b) SANS
c) OWASP
d) MITRE
Answer: b) SANS
24. What is the purpose of vulnerability scanning in penetration testing?
a) To exploit vulnerabilities
b) To identify potential weaknesses
c) To remove security patches
d) To test hardware performance
Answer: b) To identify potential weaknesses
25. Which compliance regulation requires penetration testing for healthcare organizations?
a) PCI DSS
b) HIPAA
c) GDPR
d) ISO 9001
Answer: b) HIPAA
26. What is the main advantage of a white-box penetration test?
a) Testers have full knowledge of the system
b) Testers use brute-force attacks
c) The test is performed quickly
d) It involves only social engineering
Answer: a) Testers have full knowledge of the system
27. What is the primary focus of organizational penetration testing?
a) Finding software bugs
b) Testing network speeds
c) Evaluating security risks in an organization
d) Hacking competitors
Answer: c) Evaluating security risks in an organization
28. What is a major risk of penetration testing?
a) System crashes
b) Increased website traffic
c) Improved security
d) More hackers joining the organization
Answer: a) System crashes
29. What should be done after a penetration test?
a) Ignore findings
b) Apply patches and fix vulnerabilities
c) Restart the test immediately
d) Delete all test data
Answer: b) Apply patches and fix vulnerabilities
30. Why is a penetration testing report important?
a) It helps improve security
b) It provides hacking techniques
c) It makes security weaker
d) It prevents future testing
Answer: a) It helps improve security
Unit - 2
1. What is the primary goal of footprinting in penetration testing?
a) To exploit vulnerabilities
b) To gain unauthorized access
c) To gather information about the target system
d) To test firewalls
Answer: c) To gather information about the target system
2. Which of the following is NOT a type of information gathering?
a) Active information gathering
b) Passive information gathering
c) Hybrid information gathering
d) Covert information gathering
Answer: d) Covert information gathering
3. What is OSINT in penetration testing?
a) Open Security Information Network Testing
b) Open Source Intelligence
c) Offensive Security Intelligence
d) Online Security Intrusion Testing
Answer: b) Open Source Intelligence
4. Which of the following is an example of passive information gathering?
a) Scanning a network using Nmap
b) Extracting DNS records using nslookup
c) Searching social media for employee details
d) Sending phishing emails
Answer: c) Searching social media for employee details
5. What is the purpose of WHOIS lookup in penetration testing?
a) To scan for open ports
b) To find DNS vulnerabilities
c) To collect domain registration details
d) To exploit SQL vulnerabilities
Answer: c) To collect domain registration details
6. What type of attack can be performed using email harvesting from OSINT sources?
a) SQL Injection
b) Phishing
c) Denial of Service (DoS)
d) Man-in-the-Middle (MITM)
Answer: b) Phishing
7. Which tool is commonly used for passive reconnaissance?
a) Maltego
b) Wireshark
c) Metasploit
d) Nessus
Answer: a) Maltego
8. What is Google Dorking?
a) A technique to perform brute force attacks
b) A method to gather sensitive information using Google search operators
c) A way to bypass firewalls
d) A social engineering attack
Answer: b) A method to gather sensitive information using Google search operators
9. Which search operator in Google Dorking helps find exposed login pages?
a) site:
b) filetype:
c) intitle:"Login"
d) link:
Answer: c) intitle:"Login"
10. What is the main difference between active and passive footprinting?
a) Active footprinting does not interact with the target, while passive does
b) Active footprinting interacts directly with the target, while passive does not
c) Passive footprinting is illegal, while active is legal
d) Passive footprinting is faster than active footprinting
Answer: b) Active footprinting interacts directly with the target, while passive does not
11. Which command is used to check the IP address of a website?
a) nslookup
b) ping
c) tracert
d) all of the above
Answer: d) all of the above
12. What is a major risk of using open-source intelligence (OSINT)?
a) It always leads to hacking
b) It can expose too much personal or corporate information
c) It slows down website performance
d) It is illegal
Answer: b) It can expose too much personal or corporate information
13. What is social engineering?
a) A method of encrypting data
b) A type of firewall attack
c) Manipulating people to gain unauthorized access
d) A way to install malware
Answer: c) Manipulating people to gain unauthorized access
14. Which of the following is an example of social engineering?
a) Using Nmap for scanning
b) Creating a phishing email to trick employees
c) Running a penetration test on a web application
d) Exploiting a software vulnerability
Answer: b) Creating a phishing email to trick employees
15. What is the main weakness that social engineering exploits?
a) Firewalls
b) Human psychology
c) Network configurations
d) Cryptographic algorithms
Answer: b) Human psychology
16. Which of the following is an example of a physical attack?
a) Sending a phishing email
b) Dumpster diving
c) Performing an SQL injection attack
d) Brute force login attempts
Answer: b) Dumpster diving
17. What is tailgating in security?
a) A type of password attack
b) Following an authorized person into a restricted area
c) Using fake credentials for access
d) Locking down a system
Answer: b) Following an authorized person into a restricted area
18. Which of the following is an example of pretexting in social engineering?
a) Sending a fake invoice for payment
b) Searching Google for company information
c) Using a network scanner
d) Testing website security
Answer: a) Sending a fake invoice for payment
19. What does a vishing attack involve?
a) SMS-based phishing
b) Voice-based phishing
c) Email-based phishing
d) Social media hacking
Answer: b) Voice-based phishing
20. What is baiting in social engineering?
a) Offering a free item to lure victims into downloading malware
b) Gaining access through password cracking
c) Using CAPTCHA bypass techniques
d) Encrypting files for ransom
Answer: a) Offering a free item to lure victims into downloading malware
21. Which of the following is NOT a form of social engineering?
a) Phishing
b) Vishing
c) Sniffing
d) Pretexting
Answer: c) Sniffing
22. Which security control helps prevent social engineering attacks?
a) Strong passwords
b) Security awareness training
c) Firewalls
d) Load balancing
Answer: b) Security awareness training
23. What type of social engineering attack involves impersonating IT support?
a) Phishing
b) Tailgating
c) Pretexting
d) Shoulder surfing
Answer: c) Pretexting
24. How can physical attacks be prevented in an organization?
a) Using complex passwords
b) Installing anti-virus software
c) Implementing security badges and access control
d) Updating firewalls regularly
Answer: c) Implementing security badges and access control
25. Which of the following is a physical security risk?
a) Malware
b) Open doors to restricted areas
c) Weak encryption
d) SQL injection
Answer: b) Open doors to restricted areas
26. What is a key way to reduce the risk of tailgating attacks?
a) Require multi-factor authentication
b) Use CAPTCHA verification
c) Train employees to challenge unrecognized individuals
d) Block USB ports
Answer: c) Train employees to challenge unrecognized individuals
27. What is shoulder surfing?
a) Using another person’s credentials
b) Observing someone’s screen to gain confidential information
c) Social media hacking
d) Exploiting software vulnerabilities
Answer: b) Observing someone’s screen to gain confidential information
28. How can organizations prevent social engineering attacks?
a) By only hiring ethical hackers
b) By monitoring web traffic
c) By implementing strong technical controls and user awareness programs
d) By encrypting all emails
Answer: c) By implementing strong technical controls and user awareness programs
29. What type of social engineering attack involves an attacker posing as an authority figure?
a) Baiting
b) Pretexting
c) Phishing
d) Shoulder surfing
Answer: b) Pretexting
30. Which device can help prevent unauthorized physical access to a computer?
a) Firewall
b) Cable lock
c) Antivirus software
d) VPN
Answer: b) Cable lock
Unit - 3
1. What is the primary purpose of a vulnerability scan?
a) To exploit system weaknesses
b) To identify security weaknesses in a system
c) To delete malicious files
d) To perform penetration testing
Answer: b) To identify security weaknesses in a system
2. Which of the following is NOT a type of vulnerability scan?
a) Network-based scan
b) Host-based scan
c) Firewall-based scan
d) Wireless scan
Answer: c) Firewall-based scan
3. What is a logical vulnerability?
a) A vulnerability due to weak encryption algorithms
b) A security flaw in the application logic or workflow
c) A type of hardware failure
d) A vulnerability caused by outdated software
Answer: b) A security flaw in the application logic or workflow
4. Which scanning tool is widely used for vulnerability scanning?
a) Metasploit
b) Nessus
c) Wireshark
d) Burp Suite
Answer: b) Nessus
5. What is a key difference between vulnerability scanning and penetration testing?
a) Vulnerability scanning actively exploits vulnerabilities
b) Vulnerability scanning identifies weaknesses without exploiting them
c) Penetration testing is automated, while vulnerability scanning is manual
d) Penetration testing does not require permission, while vulnerability scanning does
Answer: b) Vulnerability scanning identifies weaknesses without exploiting them
6. Which of the following is a passive scanning tool?
a) Nmap
b) Shodan
c) Nikto
d) SQLmap
Answer: b) Shodan
7. What does CVE stand for in vulnerability management?
a) Common Vulnerabilities and Exploits
b) Computer Vulnerability Evaluation
c) Common Vulnerabilities and Exposures
d) Cyber Vulnerability Engine
Answer: c) Common Vulnerabilities and Exposures
8. What is a black-box scan?
a) A scan with full access to the target system
b) A scan that only focuses on network vulnerabilities
c) A scan with no prior knowledge of the system
d) A scan that is only performed manually
Answer: c) A scan with no prior knowledge of the system
9. Which of the following is an example of evading detection during scanning?
a) Using an IDS/IPS
b) Fragmenting scanning packets
c) Running scans with full privileges
d) Using unencrypted communication
Answer: b) Fragmenting scanning packets
10. What is the purpose of evading detection during vulnerability scanning?
a) To ensure the scan is completed without interruptions
b) To prevent security systems from logging scan activity
c) To increase the effectiveness of social engineering attacks
d) To reduce the time taken for scanning
Answer: b) To prevent security systems from logging scan activity
11. Which scanning tool is commonly used for detecting web vulnerabilities?
a) Nikto
b) Wireshark
c) John the Ripper
d) Aircrack-ng
Answer: a) Nikto
12. What is a false positive in vulnerability scanning?
a) A vulnerability that does not exist but is reported as a threat
b) A vulnerability that is exploited successfully
c) A vulnerability that is ignored during scanning
d) A vulnerability that is only detected in manual testing
Answer: a) A vulnerability that does not exist but is reported as a threat
13. Which of the following is a way to cover tracks after scanning?
a) Clearing logs
b) Using a firewall
c) Running scans with administrative privileges
d) Updating the antivirus
Answer: a) Clearing logs
14. What is a major risk of vulnerability scanning?
a) It always results in system crashes
b) It can cause performance degradation or system crashes
c) It is completely illegal in all scenarios
d) It guarantees complete security
Answer: b) It can cause performance degradation or system crashes
15. What does an authenticated scan require?
a) Administrator credentials
b) Only a basic network connection
c) Open ports
d) Vulnerability signatures
Answer: a) Administrator credentials
16. What is a stealth scan?
a) A scan that hides itself from intrusion detection systems
b) A scan that runs without an internet connection
c) A scan that focuses only on web applications
d) A scan that only tests for SQL vulnerabilities
Answer: a) A scan that hides itself from intrusion detection systems
17. Which type of scan is best for detecting outdated software versions?
a) Web application scan
b) Patch management scan
c) Credentialed vulnerability scan
d) Wireless scan
Answer: c) Credentialed vulnerability scan
18. What is the primary advantage of a credentialed vulnerability scan?
a) It can bypass all security controls
b) It provides a deeper analysis of system vulnerabilities
c) It does not require any permissions
d) It is faster than non-credentialed scans
Answer: b) It provides a deeper analysis of system vulnerabilities
19. What type of scan would be used to check for weak SSL/TLS configurations?
a) Network-based scan
b) Host-based scan
c) Web application scan
d) Compliance scan
Answer: c) Web application scan
20. What is an evasion technique used to bypass IDS during scanning?
a) Running scans with administrator privileges
b) Scanning all ports at the same time
c) Using decoy IP addresses
d) Scanning during peak business hours
Answer: c) Using decoy IP addresses
21. What is the main purpose of covering tracks after a scan?
a) To prevent system crashes
b) To avoid detection and maintain stealth
c) To ensure vulnerabilities are reported correctly
d) To increase scanning speed
Answer: b) To avoid detection and maintain stealth
22. What is a host-based vulnerability scan?
a) A scan that only focuses on open ports
b) A scan that examines vulnerabilities within a specific machine
c) A scan that only detects malware infections
d) A scan that runs only on firewalls
Answer: b) A scan that examines vulnerabilities within a specific machine
23. What does the CVSS score indicate?
a) The financial impact of an attack
b) The severity of a vulnerability
c) The probability of an attack occurring
d) The complexity of a firewall rule
Answer: b) The severity of a vulnerability
24. Which organization maintains the CVE database?
a) MITRE
b) NIST
c) NSA
d) CERT
Answer: a) MITRE
25. What is the purpose of an uncredentialed vulnerability scan?
a) To test security controls without internal access
b) To simulate an insider attack
c) To bypass firewalls
d) To remove vulnerabilities
Answer: a) To test security controls without internal access
26. Which of the following scans focuses on compliance and regulatory standards?
a) Host-based scan
b) Compliance scan
c) Patch management scan
d) Wireless scan
Answer: b) Compliance scan
27. What does a network-based scan typically analyze?
a) Network devices, ports, and protocols
b) Individual user accounts
c) Firewall logs
d) Application source code
Answer: a) Network devices, ports, and protocols
28. What is the main disadvantage of a non-credentialed scan?
a) It is illegal in most cases
b) It cannot access deeper system vulnerabilities
c) It requires administrative privileges
d) It is slower than credentialed scans
Answer: b) It cannot access deeper system vulnerabilities
29. What is a zero-day vulnerability?
a) A vulnerability with a known exploit
b) A vulnerability without a patch or fix
c) A vulnerability that does not exist
d) A vulnerability in physical security
Answer: b) A vulnerability without a patch or fix
30. What is the first step after analyzing a vulnerability scan report?
a) Exploiting vulnerabilities
b) Prioritizing and remediating vulnerabilities
c) Deleting the scan results
d) Disabling firewalls
Answer: b) Prioritizing and remediating vulnerabilities
Unit - 4
1. What does OWASP stand for?
a) Open Web Application Security Project
b) Online Web Application Security Program
c) Open Web and Application Security Plan
d) Operational Web Application Security Policy
Answer: a) Open Web Application Security Project
2. Which of the following is NOT part of the OWASP Top 10 vulnerabilities?
a) Injection
b) Broken Authentication
c) Secure Code Compilation
d) Security Misconfiguration
Answer: c) Secure Code Compilation
3. What is session hijacking?
a) Stealing a user’s session ID to gain unauthorized access
b) Crashing a web server by overloading it
c) Injecting malicious scripts into a website
d) Encrypting the session to enhance security
Answer: a) Stealing a user’s session ID to gain unauthorized access
4. What is the primary goal of a Cross-Site Scripting (XSS) attack?
a) Stealing user credentials
b) Sending phishing emails
c) Encrypting the user’s data
d) Crashing the web server
Answer: a) Stealing user credentials
5. Which of the following attacks exploits weak session management?
a) SQL Injection
b) Session Hijacking
c) DNS Spoofing
d) ARP Poisoning
Answer: b) Session Hijacking
6. SQL injection is an attack that targets which part of a web application?
a) Frontend UI
b) Database
c) Web server
d) File system
Answer: b) Database
7. Which SQL command is commonly used in SQL injection attacks?
a) SELECT
b) DROP
c) UNION
d) All of the above
Answer: d) All of the above
8. What is Cross-Site Request Forgery (CSRF)?
a) A script that forces a user to perform actions without consent
b) A method to scan a web application for vulnerabilities
c) A brute-force attack on login pages
d) A type of phishing attack
Answer: a) A script that forces a user to perform actions without consent
9. What does the "A" in OWASP A01 (Broken Access Control) refer to?
a) Authentication
b) Authorization
c) Attack
d) Alert
Answer: b) Authorization
10. Which type of XSS attack directly executes malicious scripts in the browser?
a) Stored XSS
b) Reflected XSS
c) DOM-based XSS
d) Server-side XSS
Answer: b) Reflected XSS
11. How can developers prevent SQL Injection attacks?
a) Using prepared statements
b) Allowing only admin users to access databases
c) Disabling database logs
d) Encrypting database queries
Answer: a) Using prepared statements
12. Which header can help prevent Clickjacking attacks?
a) X-Frame-Options
b) Content-Security-Policy
c) Cache-Control
d) Refresh-Control
Answer: a) X-Frame-Options
13. A CAPTCHA is primarily used to prevent which type of attack?
a) Brute-force login attacks
b) SQL Injection
c) XSS
d) Session hijacking
Answer: a) Brute-force login attacks
14. How can you mitigate CSRF attacks?
a) Using anti-CSRF tokens
b) Disabling JavaScript
c) Using HTTPS only
d) Restricting file uploads
Answer: a) Using anti-CSRF tokens
15. What does a Web Application Firewall (WAF) protect against?
a) DDoS attacks
b) SQL Injection
c) XSS
d) All of the above
Answer: d) All of the above
16. What is the primary risk of mobile device exploitation?
a) Unauthorized access to personal data
b) Increased battery consumption
c) Slower device performance
d) Loss of internet connection
Answer: a) Unauthorized access to personal data
17. What is a major threat to mobile devices using Bluetooth?
a) Bluejacking
b) Bluesnarfing
c) Bluebugging
d) All of the above
Answer: d) All of the above
18. What is the difference between phishing and smishing?
a) Smishing is phishing via SMS
b) Smishing only affects social media accounts
c) Phishing is only done over email
d) Phishing requires physical access to a device
Answer: a) Smishing is phishing via SMS
19. What is the most common way malware is distributed on mobile devices?
a) Bluetooth file sharing
b) Downloading apps from untrusted sources
c) Sending SMS messages
d) Connecting to Wi-Fi networks
Answer: b) Downloading apps from untrusted sources
20. How can an attacker exploit a mobile device using a rogue Wi-Fi hotspot?
a) Intercepting unencrypted data
b) Injecting malicious JavaScript into websites
c) Performing man-in-the-middle (MITM) attacks
d) All of the above
Answer: d) All of the above
21. What is a key security risk of rooting or jailbreaking a mobile device?
a) It voids the device warranty
b) It disables system updates
c) It removes built-in security protections
d) It increases battery consumption
Answer: c) It removes built-in security protections
22. Which of the following is a common attack against mobile banking apps?
a) Keylogging
b) Man-in-the-Middle attacks
c) Screen recording malware
d) All of the above
Answer: d) All of the above
23. What does a remote access Trojan (RAT) allow attackers to do?
a) Control a mobile device remotely
b) Disable all network connections
c) Lock the device permanently
d) Encrypt all user data
Answer: a) Control a mobile device remotely
24. What security measure can prevent mobile device exploitation?
a) Installing apps only from official stores
b) Keeping the device updated
c) Using strong authentication methods
d) All of the above
Answer: d) All of the above
25. What is SIM swapping?
a) A technique to transfer a phone number to a different SIM card
b) A method of changing phone models frequently
c) A technique used in mobile app development
d) A form of Bluetooth hacking
Answer: a) A technique to transfer a phone number to a different SIM card
26. What is the primary goal of spyware on a mobile device?
a) To monitor user activities and steal sensitive data
b) To disable the phone’s functionality
c) To block incoming calls
d) To delete system files
Answer: a) To monitor user activities and steal sensitive data
27. How can users protect themselves from mobile malware?
a) Avoid downloading apps from unknown sources
b) Use strong passwords and 2FA
c) Install security updates regularly
d) All of the above
Answer: d) All of the above
28. Which attack specifically targets mobile device users through malicious QR codes?
a) QRLjacking
b) SQL injection
c) DNS spoofing
d) MITM attack
Answer: a) QRLjacking
29. What is a common method attackers use to exploit Bluetooth vulnerabilities?
a) Sending malware-infected files
b) Forcing the device to pair with an attacker’s device
c) Capturing Bluetooth signals for data extraction
d) All of the above
Answer: d) All of the above
30. Which security measure is most effective against mobile phishing attacks?
a) Using anti-malware software
b) Avoiding clicking on unknown links
c) Verifying the sender of messages
d) All of the above
Answer: d) All of the above
Unit - 5
1. What is system hacking in penetration testing?
a) Gaining unauthorized access to a system
b) Developing a secure system
c) Preventing hackers from accessing a system
d) Monitoring network traffic
Answer: a) Gaining unauthorized access to a system
2. What is the primary goal of password cracking in system hacking?
a) To verify security measures
b) To disable user accounts
c) To reset administrator credentials
d) To modify system configurations
Answer: a) To verify security measures
3. Which of the following is NOT a common password cracking technique?
a) Brute force attack
b) Dictionary attack
c) Phishing
d) Man-in-the-middle attack
Answer: d) Man-in-the-middle attack
4. What does a keylogger do?
a) Encrypts user passwords
b) Logs keystrokes to capture sensitive information
c) Bypasses firewalls
d) Prevents unauthorized logins
Answer: b) Logs keystrokes to capture sensitive information
5. What is a remote access tool (RAT)?
a) A software that allows remote control of a system
b) A tool used to scan for network vulnerabilities
c) A device used to bypass authentication
d) A method for password cracking
Answer: a) A software that allows remote control of a system
6. Which command in Linux is used to enumerate users?
a) whoami
b) id
c) cat /etc/passwd
d) ls
Answer: c) cat /etc/passwd
7. What is the purpose of enumerating users and assets?
a) To collect system information for further exploitation
b) To delete system files
c) To encrypt user credentials
d) To install malware
Answer: a) To collect system information for further exploitation
8. What is reverse engineering in system hacking?
a) Analyzing software to understand its structure and behavior
b) Creating a new encryption algorithm
c) Blocking unauthorized users
d) Developing secure software
Answer: a) Analyzing software to understand its structure and behavior
9. Which programming language is commonly used for automating post-exploitation tasks?
a) Java
b) Python
c) HTML
d) SQL
Answer: b) Python
10. What is privilege escalation?
a) Gaining higher access privileges than authorized
b) Logging out of a system
c) Resetting a user's password
d) Removing malware from a system
Answer: a) Gaining higher access privileges than authorized
11. What is a common privilege escalation technique in Windows?
a) Exploiting weak service permissions
b) Running SQL injection
c) Disabling antivirus software
d) Using packet sniffing
Answer: a) Exploiting weak service permissions
12. What is the equivalent of Windows privilege escalation in Linux?
a) Kernel exploit
b) SSH tunneling
c) ARP spoofing
d) SQL injection
Answer: a) Kernel exploit
13. What is a Meterpreter session used for?
a) Executing commands on a compromised machine
b) Performing forensic analysis
c) Resetting user passwords
d) Monitoring network traffic
Answer: a) Executing commands on a compromised machine
14. What command is used to list users on a Windows system?
a) net user
b) ls
c) cat /etc/passwd
d) who
Answer: a) net user
15. What is the purpose of post-exploitation?
a) To maintain access and exfiltrate data
b) To remove malware from the system
c) To secure a compromised system
d) To reset administrator passwords
Answer: a) To maintain access and exfiltrate data
16. What is a persistence mechanism used by attackers?
a) Creating a new user account
b) Modifying system logs
c) Disabling firewalls
d) Encrypting user files
Answer: a) Creating a new user account
17. What is a "rootkit"?
a) A tool that hides malicious processes
b) A type of firewall
c) A network monitoring tool
d) A forensic investigation software
Answer: a) A tool that hides malicious processes
18. What is the Windows registry key commonly used to maintain persistence?
a) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
b) HKEY_USERS\Software\Security
c) HKEY_LOCAL_MACHINE\Software\System
d) HKEY_CLASSES_ROOT\Microsoft\Users
Answer: a) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
19. What is "DLL injection"?
a) Injecting malicious code into a legitimate process
b) Encrypting a database using DLL files
c) Running a web server remotely
d) Replacing a system driver
Answer: a) Injecting malicious code into a legitimate process
20. Which tool is commonly used for privilege escalation in Linux?
a) sudo
b) john
c) hydra
d) ps
Answer: a) sudo
21. What is a common post-exploitation technique used to evade detection?
a) Clearing system logs
b) Running a firewall
c) Encrypting network traffic
d) Installing software updates
Answer: a) Clearing system logs
22. What is PowerShell Empire used for?
a) Post-exploitation and maintaining access
b) Password cracking
c) Scanning network vulnerabilities
d) Web application testing
Answer: a) Post-exploitation and maintaining access
23. What is the goal of lateral movement in system hacking?
a) Expanding access to other systems within a network
b) Crashing the operating system
c) Disabling security software
d) Logging out other users
Answer: a) Expanding access to other systems within a network
24. What is the role of a Command and Control (C2) server in post-exploitation?
a) To manage compromised systems remotely
b) To encrypt user data
c) To detect malware infections
d) To reset administrator credentials
Answer: a) To manage compromised systems remotely
25. What command is used to add a new user in Windows?
a) net user username /add
b) add user
c) create user
d) useradd
Answer: a) net user username /add
26. What is the primary goal of data exfiltration?
a) To steal sensitive information
b) To install software updates
c) To reset system passwords
d) To block network access
Answer: a) To steal sensitive information
27. Which port is commonly used by Remote Desktop Protocol (RDP)?
a) 3389
b) 22
c) 443
d) 8080
Answer: a) 3389
28. What is a common persistence technique used by hackers?
a) Creating scheduled tasks
b) Using a proxy server
c) Running a firewall
d) Scanning for open ports
Answer: a) Creating scheduled tasks
29. What is a "Golden Ticket" attack?
a) A Kerberos-based attack that grants unlimited access
b) A phishing attack on high-profile users
c) A form of ransomware attack
d) A social engineering technique
Answer: a) A Kerberos-based attack that grants unlimited access
30. What does Mimikatz primarily do?
a) Extracts passwords from system memory
b) Encrypts hard drives
c) Scans for vulnerabilities
d) Blocks unauthorized access
Answer: a) Extracts passwords from system memory
Unit - 6
1. What is the primary goal of communication in penetration testing?
a) To inform stakeholders about vulnerabilities and risks
b) To execute attacks without detection
c) To secure the network infrastructure
d) To identify all IP addresses in the organization
Answer: a) To inform stakeholders about vulnerabilities and risks
2. What is a communication path in penetration testing?
a) The method used to execute an attack
b) The route through which information flows between testers and stakeholders
c) A firewall rule preventing communication
d) A tool used to hack into databases
Answer: b) The route through which information flows between testers and stakeholders
3. When should communication triggers be used in a penetration test?
a) Before starting the test
b) When an unexpected critical vulnerability is found
c) After the final report is delivered
d) Only when a security breach occurs
Answer: b) When an unexpected critical vulnerability is found
4. What is the purpose of reporting tools in penetration testing?
a) To launch cyberattacks
b) To automate the process of generating reports
c) To bypass firewalls
d) To increase system vulnerabilities
Answer: b) To automate the process of generating reports
5. Who is the primary audience for a penetration testing report?
a) Hackers
b) Network administrators, security teams, and management
c) Employees with no IT knowledge
d) General public
Answer: b) Network administrators, security teams, and management
6. What should be included in a penetration test report?
a) Detailed vulnerabilities, risk assessment, and remediation recommendations
b) Only the test methodology
c) Only discovered vulnerabilities
d) Only a list of security tools used
Answer: a) Detailed vulnerabilities, risk assessment, and remediation recommendations
7. What is a key factor in presenting findings in a penetration test report?
a) Clarity and simplicity for all audiences
b) Making the report highly technical with complex terms
c) Excluding risk assessment
d) Avoiding recommendations for fixes
Answer: a) Clarity and simplicity for all audiences
8. What is a best practice when writing a penetration testing report?
a) Using clear language and structured formats
b) Including unnecessary details
c) Hiding critical vulnerabilities
d) Only reporting findings without solutions
Answer: a) Using clear language and structured formats
9. Why is recommending remediation important in a penetration test report?
a) To help organizations mitigate security risks
b) To increase vulnerabilities
c) To delay security improvements
d) To encourage more penetration tests
Answer: a) To help organizations mitigate security risks
10. What is a post-report delivery activity in penetration testing?
a) Validating whether vulnerabilities were patched
b) Ignoring follow-up communication
c) Removing all evidence of testing
d) Restarting the penetration test from scratch
Answer: a) Validating whether vulnerabilities were patched
11. What is a common format used for penetration testing reports?
a) PDF
b) HTML
c) DOCX
d) All of the above
Answer: d) All of the above
12. What is an executive summary in a penetration test report?
a) A non-technical overview of the key findings
b) A detailed technical breakdown
c) A list of penetration testing tools used
d) A collection of raw scan results
Answer: a) A non-technical overview of the key findings
13. Which section of a penetration test report includes vulnerability severity levels?
a) Risk assessment section
b) Methodology section
c) Introduction
d) Disclaimer
Answer: a) Risk assessment section
14. What is the role of CVSS (Common Vulnerability Scoring System) in reporting?
a) It provides a standardized way to rate vulnerability severity
b) It prevents penetration testing
c) It creates reports automatically
d) It scans for vulnerabilities
Answer: a) It provides a standardized way to rate vulnerability severity
15. What is a key factor in effective remediation recommendations?
a) Providing actionable, prioritized solutions
b) Suggesting only expensive security tools
c) Excluding technical details
d) Leaving remediation up to the reader
Answer: a) Providing actionable, prioritized solutions
Attacks on IoT Devices
16. What makes IoT devices vulnerable to cyberattacks?
a) Lack of built-in security features
b) Frequent software updates
c) Limited network connectivity
d) Low energy consumption
Answer: a) Lack of built-in security features
17. What type of attack targets weak or default credentials on IoT devices?
a) Brute-force attack
b) SQL injection
c) XSS attack
d) DDoS attack
Answer: a) Brute-force attack
18. Which protocol is commonly exploited in IoT device attacks?
a) MQTT
b) HTTPS
c) SMTP
d) IMAP
Answer: a) MQTT
19. What is a botnet attack in the context of IoT devices?
a) A group of compromised IoT devices used to launch attacks
b) A method to encrypt IoT communications
c) A security feature of smart home devices
d) A secure way to connect IoT devices
Answer: a) A group of compromised IoT devices used to launch attacks
20. What is the purpose of an IoT honeypot?
a) To detect and analyze attacks targeting IoT devices
b) To hack into IoT devices
c) To encrypt IoT traffic
d) To disable IoT security features
Answer: a) To detect and analyze attacks targeting IoT devices
21. What is the Mirai botnet known for?
a) Infecting IoT devices to launch DDoS attacks
b) Encrypting user files for ransom
c) Exploiting SQL databases
d) Protecting IoT devices from malware
Answer: a) Infecting IoT devices to launch DDoS attacks
22. How can IoT security be improved?
a) Changing default passwords
b) Updating firmware regularly
c) Using network segmentation
d) All of the above
Answer: d) All of the above
23. Which attack involves intercepting and altering IoT communications?
a) Man-in-the-middle attack
b) SQL injection
c) Cross-site scripting (XSS)
d) Phishing
Answer: a) Man-in-the-middle attack
24. What is firmware tampering in IoT security?
a) Modifying the IoT device's firmware to introduce malicious code
b) Encrypting the firmware for security
c) Updating the firmware with security patches
d) Resetting the device to factory settings
Answer: a) Modifying the IoT device's firmware to introduce malicious code
25. Which of the following is a wireless attack targeting IoT devices?
a) Bluetooth signal hijacking
b) SQL injection
c) Cross-site scripting
d) Brute-force attack
Answer: a) Bluetooth signal hijacking
26. What is the primary risk of unsecured IoT cloud services?
a) Data breaches and unauthorized access
b) Faster IoT device performance
c) Improved device battery life
d) Lower device costs
Answer: a) Data breaches and unauthorized access
27. What attack targets smart home devices like cameras and thermostats?
a) Botnet malware infections
b) SQL injection
c) Cross-site scripting
d) Email spoofing
Answer: a) Botnet malware infections
28. What is a common security issue in IoT device APIs?
a) Lack of authentication
b) Encrypted connections
c) Limited bandwidth
d) Strong default passwords
Answer: a) Lack of authentication
29. How can organizations detect IoT device vulnerabilities?
a) Performing regular vulnerability assessments
b) Ignoring security alerts
c) Disabling network monitoring
d) Blocking all network traffic
Answer: a) Performing regular vulnerability assessments
30. What security measure helps prevent IoT device exploitation?
a) Using strong, unique passwords
b) Avoiding all IoT devices
c) Connecting IoT devices to public networks
d) Disabling firmware updates
Answer: a) Using strong, unique passwords
