Scribd
Upload
28 views4 pages

Eh Imp QB (E-Next - In)

Uploaded by

hiteshbharda696
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
28 views4 pages

Eh Imp QB (E-Next - In)

Uploaded by

hiteshbharda696
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Disclaimer: This is just sample a question bank.

All questions in
the exam may not be from the question bank​.

Paper 7 - Ethical Hacking

Unit 1 1.What is Information Security? Explain Asset, Risk, Threat,


Vulnerability with respect to InfoSec.
2.Write a short note on Security, Functionality, and Ease of Use
Triangle.
3.What is Access control in security? Explain identification,
authentication, and authorization with respect of Access control.
4. Write a short note on CIA triad.
5. What is malware? Explain Worms and Trojan with suitable examples.
6. What is malware? Explain in brief concept of Virus.
7. What is an attack? Explain in brief rootkit attack.
8. Explain in brief about Attacks and Attack Surface.
9. What is OWASP Top 10? Explain in brief any one of the Ten Most
Critical Web Application Security Risks.
11. Write a short note on CVE Database.
12. Explain the following terms:
a. Keystroke Logging
b. Denial of Service (DoS /DDoS)
c. brute force
d. phishing and fake WAP
e. Eavesdropping
f. Man-in-the-middle
g. Session Hijacking
h. Cookie Theft
i. Buffer Overflow
j. Identity Theft
k. Waterhole attack
l. Clickjacking
m. URL Obfuscation
n. IoT Attacks
13. What are BOTs and BOTNETs? Explain.
14. Write a short note on CSRF.
15. Explain in brief the following recent cyber attacks:
a. WannaCry
b. JP Morgan Chase
c. Uber

https://E-next.in
Disclaimer: This is just sample a question bank. All questions in
the exam may not be from the question bank​.
d. eBay
e. Yahoo
f. Equifax

Unit 2
1. What is Ethical Hacking? Explain the types of hackers.
2. Explain Black/Gray/White Box Penetration Testing methods in detail.
3. Explain the need of Information Gathering in detail.
4. Write a short note on Crawling/Spidering with suitable example.
5. Explain the contents of a penetration testing report in detail with
respect to ethical hacking.
6. Explain in detail the phases of hacking.
a. Reconnaissance
b. Footprinting
c. Enumeration
d. Scanning
e. Sniffing
OR
6. Write a short note on phases of hacking.
7. Write a short note on Vulnerability Assessment and Penetration
Testing.
8. Write a short note on security testing plan.
9. What is Footprinting? What countermeasures can be taken against
footprinting?
10. Define the Term Footprinting. Explain how Whois and traceroute is
used in footprinting.
11. What is enumeration? What are the steps involved in performing
enumeration?
12. What is Scanning? List and explain types of scanning performed.
13. State the difference between Manual and Automated Penetration
Testing.
14. Why is Repeated Penetration Testing required? Explain in detail.
15. Write a short note on Authenticated Vs Unauthenticated Testing.
16. Explain the importance of Application Security Testing.
17. Explain the need of NDA.
OR
17. Write a short note on NDA.
18. Explain the need of Compliance and Regulatory concerns.

https://E-next.in
Disclaimer: This is just sample a question bank. All questions in
the exam may not be from the question bank​.
19. Write a short note on Internal and External Penetration Testing.
20. What is WebInspect and explain how it works?
21. What is need of Metasploit vulnerability assessment tools?
Explain in detail the Qualys tool.
22. Write a short note on cross site request forgery.
23. Write a short note on packet sniffing.

Unit 3 1. Compare Windows and Linux operating systems on the basis of


following point:
a. Customizable
b. Security
c. Efficiency
2. What is Smurf Attack? Explain.
3. Write a short note on MAC Flooding.
4. Write a short note on MAC Spoofing.
5. Write a short note on Event Logs alteration.
6. What is privilege escalation? What are its types? Explain. How
system can be protected against privilege escalation?
7. Explain SMTP or Email based attacks in detail.
8. What are VOIP vulnerabilities? Explain any five.
9. Write a short note on reverse engineering.
10. Explain IDS/IPS in detail.
11. Explain ARP poisoning in detail.
12. What is ARP poisoning? What are the threats due to ARP
poisoning? How can we defend against ARP poisoning?
13. Write a short note on System Hacking.
14. Explain Steganography in detail.
15. What is WEP Vulnerabilities? Explain.
16. Explain SYN flooding with the help of a diagram.
17. What is a password cracker? Explain various steps involved in
cracking a password
​OR
17. What is password cracking? What are the password cracking
countermeasures?
18. Write a note on Gaining and Maintaining Access phase.
19. Write a note on Covering your tracks phase.
20. List and explain any 5 OWASP Secure Coding Guidelines.

https://E-next.in
Disclaimer: This is just sample a question bank. All questions in
the exam may not be from the question bank​.
21. Describe the Honeypot and the evasion techniques.
22. Explain the Netcat Trojan in detail.
23. What is Kali Linux? Explain Metasploit in detail.
24. Write a short note on cross site scripting(XSS).
25. Explain SQL injection with suitable example.
26. Explain the following terms:
a. Reverse engineering
b. Steganography
c. Input manipulation

https://E-next.in

You might also like