Support Questions CEHPC (V0220224) SP
Uploaded by
ScribdTranslationsSupport Questions CEHPC (V0220224) SP
Uploaded by
ScribdTranslationsCertiProfe
Professional Knowledge
Ethical Hacking
Sample Exam V022024
1. Which of these was a famous hacktivism group?
A. Fan7a5ma
B. The Hackers
C. Anonymous
2. What is netcat?
A. It is a command line tool used to write and read data on the network. For data transmission,
Netcat uses the TCP/IP and UDP network protocols.
B. It is a hacking tool for Windows
C. It is a hacking tool for Linux
3. What is MITRE ATT&CK?
A. It is a widely recognized and used cybersecurity framework developed by the MITRE
Corporation. Its purpose is to provide a detailed and structured framework that describes the
tactics, techniques and procedures
B. It is a widely recognized and used cybercriminal workflow developed by the NMAP Corporation.
Its aim is to provide a detailed frame of reference
C. It is a widely recognized and used cybercriminal workflow developed by the Kali Linux
Corporation. Its aim is to provide a detailed frame of reference
4. What are PETS?
A. PETS are a set of tools, methods, practices and approaches designed to safeguard and enhance
the privacy and security of personal information in digital environments.
B. PETS are standards and practices for breaching computer equipment and stealing information.
C. PETS are controlled environments where we can practice hacking. They are machines prepared
to be hacked.
5. What is a router?
A. It is a network device used to direct and forward data traffic between computer networks.
B. It is a device that works as an antivirus on servers.
C. It is a network protocol for secure data exchange.
www.certi prof. with m
CERTIPROF® is a registered trademark of CertiProf, LLC in the United States and/or other countries.
CertiProfe
Professional Knowledge
6. What is a Honeypot?
A. It is a hacking tool designed to penetrate and violate computer equipment.
B. It is a cybersecurity tool designed to attract and detect potential cyber attacks, as well as to divert the
attackers' attention from the real critical systems and assets of a network.
C. It is a method to hack wifi networks
7. What is Denial-of-Service?
A. Commonly known as DoS (Dos of Service), it is a type of computer protection designed to enable, or
make accessible, the services, resources or systems of a network, server or device, preventing
legitimate users from accessing them.
B. It is a very powerful phishing attack
C. Commonly known as DoS (Denial of Service) or DDoS (Distributed Denial of Service), it is a type of
computer attack designed to interrupt, disable or make inaccessible the services, resources or systems
of a network, server or device, preventing legitimate users from accessing them.
8. What is a threat?
A. It is any event, action, person, entity or situation that may put at risk the confidentiality, integrity or
availability of the systems, data, networks or digital information of an organization or user.
B. It is any event that can protect users within our organization.
C. It is any event, action, person, entity or situation that may compromise the integrity or availability of the
systems, data, networks or digital information of an organization or user.
9. What is a vulnerability?
A. These are the problems that system administrators face regarding documentation.
B. It refers to a configuration problem in the antivirus with which you cannot connect to the internet.
C. It refers to a weakness, failure or error in a system, application, software or device that can be
exploited by an attacker to compromise the security of said system and perform unauthorized actions.
10. How can I protect a system?
A. Keep your firewall on, software and operating systems updated constantly
B. Don't update anything on the computer
C. Use MAC, they are very safe and there are no viruses.
11. What is Script kiddies?
A. They are inexperienced hackers who use automated tools to carry out attacks, without having a deep
knowledge of how computer systems and networks work.
B. They are expert hackers in the field and have deep knowledge.
C. They are hacking tool developers, always at the forefront
www.certi prof. with m
CERTIPROF® is a registered trademark of CertiProf, LLC in the United States and/or other countries.
CertiProfe
Professional Knowledge
12. What is Network Penetration Testing?
A. It focuses on evaluating the wiring and nodes of a site.
B. It focuses on evaluating the security of the network infrastructure, looking for possible vulnerabilities
that could be exploited by attackers.
C. It focuses on evaluating the activity on a cloud web server
13. What is Web Application Penetration Testing?
A. It focuses on evaluating the security of the network infrastructure, looking for possible vulnerabilities
that could be exploited by attackers.
B. It focuses on evaluating organizations for their proper functioning.
C. It focuses on evaluating the security of web applications, looking for possible vulnerabilities.
in your code, such as SQL injections, XSS, CSRF, among others
14. What is a BlackBox Test?
A. Black box testing involves performing a security assessment with all prior knowledge of the network
infrastructure
B. Black box testing involves performing a security assessment and testing without prior knowledge of the
infrastructure or the network infrastructure being tested.
C. It is the test where they give you all the company information so that you can test all the accesses.
15. What is GrayBox Testing?
A. Gray box testing involves user evaluation
B. Gray box testing involves evaluating groups of users
C. Gray box testing involves security assessment and internal testing.
16. What does a Vulnerability Analysis perform?
A. It is checked that the systems have updated patches and do not have critical and exploitable
vulnerabilities.
B. The protocols to be followed by the IT area to resolve problems are reviewed
C. All vulnerabilities are exploited
17. What is Post – Exploitation?
A. In this phase all systems are exploited with the purpose of selling the information.
B. In this phase we have access to the system, so we will execute the activities that will allow us to
obtain total control of the equipment, generate users, elevate privileges, and access information.
C. At this point we violate everything we can by leaving the information exposed to the entire Internet.
www.certi prof. with m
CERTIPROF® is a registered trademark of CertiProf, LLC in the United States and/or other countries.
CertiProfe
Professional Knowledge
18. What is Google hacking?
A. It is a technique that uses Google's advanced search to search for sensitive or confidential information
on the web.
B. It is the search for information in books
C. It is the search for videos on TikTok and YouTube
19. What is VMware?
A. It is a malware with which you can encrypt the entire network
B. It is a platform that is used to virtualize operating systems.
C. He is a very famous hacker
20. What do we use Mash Phish for?
TO. To hide a malicious link
B. To breach Windows computers
C. Software to encrypt files
21. What do we use Hidden Eye for?
A. To clone IP
B. To clone web pages
C. To clone DNS
22. What is OSINT Framework?
A. It is a social network where hackers from all over the world interact.
B. It is a blog where hacking and security techniques for companies are shared.
C. It is an online platform that acts as a collection of open source tools and resources for performing open
source intelligence.
23. What is end-to-end encryption?
A. A method to protect information only on central servers
B. A technique for encrypting data from source to destination
C. A cloud security protocol
D. A biometric authentication system
24. What is Spear phishing?
A. It is a social engineering attack that targets large companies or specific individuals.
B. It is a brute force attack on email accounts
C. It is a hacker cryptocurrency
www.certi prof. with m
CERTIPROF® is a registered trademark of CertiProf, LLC in the United States and/or other countries.
CertiProfe
Professional Knowledge
25. What is a "keylogger" in the hacking field?
A. A program that records keystrokes.
B. A virus that destroys important files.
C. An advanced encryption system.
D. A device to crack WiFi passwords.
26. What does an "ethical hacker" do?
A. Illegally accesses systems to obtain information.
B. Uses his skills to help protect systems and networks.
C. Distributes viruses to damage computers.
D. Carry out cyber attacks for financial gain.
27. What is “pharming” in terms of hacking?
A. A social engineering attack aimed at obtaining sensitive information.
B. Identity theft on social networks.
C. Redirecting legitimate web traffic to a fake website.
28. Which of the following is a type of attack that uses multiple compromised devices to perform the
attack?
A. Phishing
B. DDoS.
C. Pharming.
29. What is "SQL Injection" in hacking terms?
A. An attack that uses email to obtain sensitive information.
B. A technique for injecting malicious code into a database through user input.
C. Identity theft in a network environment.
D. An attack that blocks legitimate access to a system.
30. What does "DoS" mean in a cyber attack?
A. Software Denial.
B. Systems Detection.
C. Denial of Service.
31. Which of the following best defines wardriving?
A. Port scanning on a network.
B. Scan for vulnerable wireless networks while on the move.
www.certi prof. with m
CERTIPROF® is a registered trademark of CertiProf, LLC in the United States and/or other countries.
CertiProfe
Professional Knowledge
C. Technique for obtaining network access passwords.
32. What is a dictionary?
A. It's a list of keywords to brute force
B. It is a list of methods to hack web pages
C. It is a method of exploitation for cell phones
33. What does an "ethical hacker" do?
A. Illegally accesses systems to obtain information.
B. Uses skills to help protect systems and networks.
C. Distributes viruses to damage computers.
D. Carry out cyber attacks for financial gain.
34. What is “pharming” in terms of hacking?
A. A social engineering attack aimed at obtaining sensitive information.
B. Identity theft on social networks.
C. Redirecting legitimate web traffic to a fake website.
35. Which of the following is a type of attack that uses multiple compromised devices to perform the
attack?
A. Phishing
B. DDoS.
C. Pharming.
36. What is "SQL injection" in terms of hacking?
A. An attack that uses email to obtain sensitive information.
B. A technique for injecting malicious code into a database through user input.
C. Identity theft in a network environment. d) An attack that blocks legitimate access to a system.
37. What does "DoS" mean in a cyber attack?
A. Software Denial.
B. Systems Detection.
C. Denial of Service.
38. Which of the following best defines wardriving?
www.certi prof. with m
CERTIPROF® is a registered trademark of CertiProf, LLC in the United States and/or other countries.
CertiProfe
Professional Knowledge
A. Port scanning on a network.
B. Scan for vulnerable wireless networks while on the move.
C. Technique for obtaining network access passwords.
39. What is a dictionary?
A. It's a list of keywords to brute force
B. It is a list of methods to hack web pages
C. It is a method of exploitation for cell phones
40. Do Google Dorks Show Hacked Devices?
A. NO, Google dorks work for searching for specific topics
B. YES, Google dorks hack the pages for us to be able to access data
C. YES, Google dorks work as a backdoor to all websites
41. Does Wpscan work for WordPress page scans?
A. YES, wpscan does that task
B. NO, that's what we need shodan for
C. NO, that's what we use hydra for
42. Is an outdated operating system safe?
A. YES, cyber criminals are no longer interested in these
B. NO, it is more prone to being attacked because it no longer has security patches
C. Yes, they are systems that are no longer used and nobody pays attention to them.
43. Are crack players good for teams?
A. YES, you permanently activate the programs without paying
B. NO, since the cracks come pre-installed for the best operation of Windows servers
C. NO, since they have malicious software loaded
44. Can an FTP protocol be compromised?
A. NO, it is very safe
B. YES, with the right techniques
C. YES, asking the administrator for the username and password
45. What is a reverse shell?
TO. A common command console in Linux
B. It refers to a process in which the victim's machine connects to the attacker's machine to receive
www.certi prof. with m
CERTIPROF® is a registered trademark of CertiProf, LLC in the United States and/or other countries.
CertiProfe
Professional Knowledge
commands.
C. It refers to when the terminal is run with root
46. What is Nessus used for?
A. To watch videos on a blocked network
B. To scan a network or system for vulnerabilities
C. For automated hacking
47. Can Kali Linux only be used by criminals?
A. YES it is a prohibited system
B. NO, this can be used by cybersecurity enthusiasts
C. YES, criminal acts are committed with this
48. What are zero-days?
A. It is the time between December 31 and January 1
B. It is a very important IT event
C. It is a vulnerability discovered without a patch or update
49. As a pentester, can we exploit any vulnerability regardless of the impact?
A. Yes, we have all the freedom
B. NO, since performing these acts without consent is a crime.
C. Yes, we have all the power to carry out these processes without consent.
50. What is a security breach?
A. It's a breakup on the internet
B. It consists of a cybersecurity incident that affects personal or corporate data in different ways.
C. It's the hacking of the entire internet
51. What is a keylogger?
A. A database registry key
B. They track and record every keystroke on a computer, often without the user's permission or
knowledge.
C. A free antivirus for Linux
52. What does SQLMAP do?
A. It is an open source tool that allows you to automate the process of a SQL injection attack.
www.certi prof. with m
CERTIPROF® is a registered trademark of CertiProf, LLC in the United States and/or other countries.
CertiProfe
Professional Knowledge
B. It is a paid tool to manage SQL databases.
C. It is the competition of Google Chrome
53. What is spoffing?
A. It is a network analysis method like nmap
B. It consists of usurping an electronic identity to hide one's own identity and thus commit crimes on the
Internet.
C. It is a method of registering a name on the Internet and cannot be duplicated.
54. What is a WAFF?
A. A Web Application Firewall (WAF) protects the web application server from multiple attacks
B. A Web Application Form (WAF) protects against multiple attacks on printers
C. A Web Application Function (WAF) protects against multiple attacks on computers
55. What is a firewall?
A. Computer program that controls all computers on the network
B. Computer program that controls a computer's access to the network and elements of the network.
network to the computer, for security reasons.
C. Computer program that controls an organization's domain
56. What is a flag? Inside the machines we hacked
A. A common flag with a pirate skull on it meaning hackers
B. A list of commands used as a guide to hack the machine
C. A file inside the machine with a keyword or key letters to prove that the attack was successful
57. Is it illegal to practice with vulnhub machines?
A. Yes, you are hacking into an unauthorized system.
B. NO, since these machines are in a local environment and have no contact with any organization.
C. NO, since these machines do not have existing vulnerabilities it only serves to view them.
58. What is Ethical Responsibility in Hacking?
TO. It is to perform the scan with knowledge
B. Ensures that scanning is performed without permission and for illegitimate purposes
C. Ensure that scanning is done with permission and for legitimate purposes.
59. What is a vulnerability scan?
www.certi prof. with m
CERTIPROF® is a registered trademark of CertiProf, LLC in the United States and/or other countries.
CertiProfe
Professional Knowledge
A. It is the process of identifying, quantifying and prioritizing vulnerabilities in computer systems.
B. It is the process of mapping the network and nodes in a building for better distribution.
C. It is the process of identifying and exploiting gaps no matter what.
60. What is a public IP?
A. Public IP addresses are assigned by Internet Service Providers
B. It is the IP address that the modem assigns to the devices
C. It's an IP that everyone uses
61. What is a private IP?
A. It is an IP that no one can use
B. Private IP addresses are used to allow communication between devices within a local network.
C. It is the IP address assigned by the service provider
62. What system is Kali Linux based on?
TO. Windows
B. Ubuntu
C. Debian
63. Besides Kali Linux, what other operating system is used for hacking?
TO. Parrot OS
8. Hannah Montana Linux
C. Windows XP
64. What is SQL Injection?
A. Manipulating SQL queries to access, modify, or delete data in a database.
B. It is a database used by hackers
C. It is an execution of SQL code that only the administrator can perform
65. What command would you use in Nmap to scan the entire network 192.168.100.1 and display the
operating system and ports?
TO. nmap -sV -O 192.168.100.1/24
B. nmap -SV -O 192.168.100.1
C. sqlmap -u 192.168.100.1 - -dbs
66. What is the purpose of Pentesting?
A. Hacking systems without authorization
www.certi prof. with m
CERTIPROF® is a registered trademark of CertiProf, LLC in the United States and/or other countries.
CertiProfe
Professional Knowledge
B. The main goal of penetration testing is to find weaknesses in security before they can be exploited by
real attackers.
C. Exploiting vulnerabilities to sell information to the highest bidder
67. What is the most vulnerable within an organization?
TO. Servers.
B. Wifi network.
C. People.
68. When critical vulnerabilities are detected, what action should be taken?
A. Exploit it and get as much information as possible.
B. Inform the corresponding area for a prompt solution.
C. Document the problem and do nothing.
69. What is a Reverse Shell?
A. It is a technique used in cybersecurity and ethical hacking that allows an attacker to gain access to a
remote machine and control it from an external location.
B. It is a technique used in cybersecurity and ethical hacking that allows a hacker to gain access to the
WIFI network remotely and control traffic from an external location.
C. It is a technique used for port scanning.
70. What is a black hat hacker?
A. They use their computer skills to steal confidential information, to infect computer systems, to restrict
access to a system
B. They use their computer skills to protect confidential information to restrict access to a system.
C. They review the facilities' wiring, provide support to users and keep track of servers in small
businesses.
71. What is a hacktivist?
A. It refers to politicians who get involved in social issues by showing their faces in the news.
B. It refers to the act of hacking a computer system for political or social purposes. A
A hacktivist breaks into a computer system, but always with the aim of influencing ideological, religious,
political or social causes.
C. They use their computer skills to steal confidential information, to infect computer systems, to restrict
access to a system
72. What is a brute force dictionary?
www.certi prof. with m
CERTIPROF® is a registered trademark of CertiProf, LLC in the United States and/or other countries.
CertiProfe
Professional Knowledge
A. It is a document where passwords are stored that may possibly be the correct ones to enter the
system.
B. A common dictionary contains words and their meaning.
C. A plain text document where we normally store passwords
73. The Wikileaks Group: What kind of hackers are they?
TO. Back Hat
B. Hacktivists
C. Ethical Hackers
74. Are all Wi-Fi networks secure?
TO. Yeah
B. No
75. What times of vulnerabilities should be resolved with top priority?
TO. Highs
B. Socks
C. Low
76. What does ransomware do to a system?
TO. Eliminate viruses
B. Improve performance
C. Encrypt all files
77. Is it possible to clone a website?
A. Yeah
B. No
78. If a website has HTTPS, does that mean it's legitimate?
A. No, since HTTPS only indicates that the connection is encrypted.
B. Yes, since it shows the padlock
C. Yes, the HTTPS connection always appears on 100% secure sites
www.certi prof. with m
CERTIPROF® is a registered trademark of CertiProf, LLC in the United States and/or other countries.
CertiProfe
Professional Knowledge
Answers
40. A
1. C 41. A
2. A 42. B
3. A 43. C
4. A 44. B
5. A 45. B
6. B 46. B
7. C 47. B
8. A 48. C
9. C 49. B
10. A 50. B
11. A 51. B
12. B 52. A
13. C 53. B
14. B 54. A
15. C 55. B
16. A 56. C
17. B 57. B
18. A 58. C
19. B 59. A
20. A 60. A
21. B 61. B
22. C 62. C
23. B 63. A
24. A 64. A
25. A 65. A
26. B 66. B
27. C 67. C
28. B 68. B
29. B 69. A
30. C 70. A
31. B 71. B
32. A 72. A
33. B 73. B
34. C 74. B
35. B 75. A
36. B 76. C
37. C 77. A
38. B 78. A
39. A
www.certi prof. with m
CERTIPROF® is a registered trademark of CertiProf, LLC in the United States and/or other countries.
