Q31
Q31 While using a reconnaissance tool, the hacker finds an unexpected open port. What should they do?
Close the port
Document the finding
Attempt to exploit
Run a vulnerability scan
Q32
Q32 A DNS zone transfer reveals sensitive information about a target. What should the ethical hacker do?
Exploit the DNS server
Inform the system administrator
Log the information and move on
Redirect the DNS records
Q33
Q33 What is the main objective of network scanning in ethical hacking?
Exploit vulnerabilities
Find open ports and services
Install firewalls
Perform data encryption
Q34
Q34 Which type of scan sends SYN packets and waits for a response?
TCP Connect Scan
SYN Scan
UDP Scan
NULL Scan
Q35
Q35 What is the purpose of using a NULL scan during network enumeration?
To evade firewalls
To perform DNS lookups
To flood the network
To detect open UDP ports
Q36
Q36 Which tool is most commonly used for port scanning in ethical hacking?
Nmap
Wireshark
Burp Suite
Metasploit
Q37
Q37 How does an ethical hacker use enumeration in hacking?
To send malicious scripts
To gather information about network resources
To bypass security controls
To delete sensitive logs
Q38
Q38 What is the significance of the TTL value in traceroute during scanning?
Identifies firewalls
Maps network hops
Finds open ports
Extracts DNS records
Q39
Q39 Which Nmap command is used for UDP scanning?
nmap -sT
nmap -sS
nmap -sU
nmap -sP
Q40
Q40 How can an ethical hacker perform a vulnerability scan using OpenVAS?
By launching DoS attacks
By updating definitions
By configuring a scan target and schedule
By encrypting all traffic
Q41
Q41 What is the correct syntax to use Nikto for scanning a specific host?
nikto -h target_ip
nikto -p target_ip
nikto --scan target_ip
nikto -d target_ip
Q42
Q42 An ethical hacker identifies several open ports during a scan. What should they do next?
Exploit the ports
Document and analyze the findings
Close all ports
Ignore and continue scanning
Q43
Q43 During a scan, unexpected network traffic is detected. What is the best course of action?
Stop scanning and report
Ignore and continue
Analyze the traffic
Restart the scan
Q44
Q44 A port scan reveals a service with an outdated version. What should the ethical hacker do?
Exploit the vulnerability
Recommend an update to the client
Ignore outdated services
Restart the scan
Q45
Q45 What is the primary purpose of vulnerability analysis?
To launch attacks
To identify potential security weaknesses
To install antivirus
To scan for malware
Q46
Q46 Which tool is commonly used for vulnerability scanning?
Nessus
Metasploit
Wireshark
Nmap
Q47
Q47 What is the key difference between vulnerability analysis and penetration testing?
Vulnerability analysis identifies weaknesses, penetration testing exploits them
Both are the same
Penetration testing uses automated tools
Vulnerability analysis is manual
Q48
Q48 Why is it important to prioritize vulnerabilities after analysis?
To exploit critical issues
To comply with legal standards
To ensure effective remediation
To avoid wasting time fixing minor issues
Q49
Q49 Which phase in vulnerability analysis involves assessing the potential impact of a weakness?
Discovery
Assessment
Exploitation
Mitigation
Q50
Q50 Which type of vulnerability is typically flagged by CVSS with a high severity score?
Outdated SSL certificates
SQL Injection
Weak passwords
Inactive user accounts
Q51
Q51 Which OpenVAS command is used to start a vulnerability scan?
openvas-start-scan
openvas-scan
openvasmd --start-scan
openvas-start
Q52
Q52 Which Metasploit module can help verify a discovered vulnerability?
Exploit
Payload
Auxiliary
Post
Q53
Q53 What is the correct Nmap script command to check for SSL vulnerabilities?
nmap -sV --ssl-check
nmap --script ssl-enum
nmap --script ssl-cert
nmap -sS --ssl-scan
Q54
Q54 A vulnerability scan flags a critical issue on a database server. What is the ethical hacker’s next step?
Launch an exploit
Report the issue to the client
Restart the server
Document and ignore
Q55
Q55 During a scan, a false positive vulnerability is detected. What should the ethical hacker do?
Report it as critical
Validate the finding
Ignore the result
Rerun the scan
Q56
Q56 A system vulnerability cannot be patched immediately. What should be done in the interim?
Exploit the system
Ignore the vulnerability
Implement a compensating control
Deactivate the system
Q57
Q57 What is the primary goal of system hacking in ethical hacking?
To install malware
To exploit vulnerabilities and gain access
To bypass firewalls
To disrupt services
Q58
Q58 Which of the following is a common technique for password cracking?
SQL injection
Brute force
Man-in-the-middle
Denial of Service
Q59
Q59 What is privilege escalation in ethical hacking?
Gaining unauthorized higher-level permissions
Accessing network resources
Performing DNS lookups
Encrypting traffic
Q60
Q60 Which tool is commonly used to dump SAM files on Windows?
Metasploit
Cain & Abel
Wireshark
Nmap
