Q121
Q121 What is the primary purpose of cryptography?
To store data
To secure communication
To increase processing speed
To bypass firewalls
Q122
Q122 Which encryption algorithm is most commonly used for secure web transactions?
RSA
AES
3DES
Blowfish
Q123
Q123 How does asymmetric encryption differ from symmetric encryption?
Asymmetric encryption uses a single key
Asymmetric encryption is faster
Asymmetric encryption uses public and private keys
Symmetric encryption requires authentication
Q124
Q124 What is the main advantage of elliptic curve cryptography (ECC)?
High encryption speed
Shorter keys with similar security
Universal compatibility
Larger key size
Q125
Q125 Which Python library is commonly used for cryptographic operations?
Crypto
Cryptography
Requests
Hashlib
Q126
Q126 What does the following Python code do: from cryptography.fernet import Fernet followed by key = Fernet.generate_key()?
Generates a symmetric key
Generates a hash
Generates a public key
Encrypts data
Q127
Q127 How can an ethical hacker encrypt a file using OpenSSL?
openssl file encrypt -aes
openssl enc -aes-256-cbc -in file -out file.enc
openssl encrypt file
openssl encrypt -aes256
Q128
Q128 A public key fails to decrypt a message. What is the likely cause?
Incorrect public key
Encrypted with the private key
Outdated algorithm
Corrupted data
Q129
Q129 An encrypted file cannot be decrypted due to a lost key. What should the ethical hacker do?
Recover the key from backup
Use a dictionary attack
Ignore the file
Try brute forcing the encryption
Q130
Q130 What is the primary purpose of a firewall?
To block all network traffic
To encrypt data
To filter incoming and outgoing traffic
To scan for malware
Q131
Q131 How does an Intrusion Detection System (IDS) function?
By actively blocking threats
By monitoring and alerting about suspicious activity
By encrypting network traffic
By restricting access to specific IPs
Q132
Q132 What is the key difference between IDS and IPS?
IDS is active, IPS is passive
IDS monitors, IPS prevents
IDS encrypts traffic, IPS filters packets
IDS uses firewalls, IPS does not
Q133
Q133 Which command in Linux lists the currently active firewall rules?
iptables -L
netstat -an
iptables --show
firewall -rules
Q134
Q134 How can an ethical hacker test firewall rules using Nmap?
nmap -sP target
nmap -sS -p 80 target
nmap -f target
nmap --bypass-firewall
Q135
Q135 An IDS generates frequent false positives during testing. What should the ethical hacker do?
Adjust the IDS rules
Ignore the alerts
Restart the IDS
Disable logging
Q136
Q136 A firewall blocks legitimate traffic during penetration testing. What should the hacker do?
Whitelist the source IP
Modify the firewall rules
Disable the firewall
Ignore the issue
Q137
Q137 What is the primary goal of social engineering attacks?
To exploit software vulnerabilities
To manipulate people into revealing confidential information
To disrupt services
To encrypt data
Q138
Q138 Which type of social engineering attack involves sending fraudulent emails to gather sensitive information?
Phishing
Vishing
Baiting
Pretexting
Q139
Q139 How does a pretexting attack work?
By exploiting software bugs
By impersonating someone with authority
By encrypting data
By creating fake websites
Q140
Q140 Which Python library is commonly used to send phishing simulation emails?
smtplib
requests
socket
pycrypto
Q141
Q141 What does the following Python snippet do: email.message.Message() with smtp.sendmail(sender, recipient, message)?
Sends a phishing email
Logs user credentials
Sends an encrypted email
Captures network traffic
Q142
Q142 A user falls victim to a phishing attack simulation. What should the ethical hacker do next?
Log the incident and report
Ignore the incident
Disable user account
Restart the network
Q143
Q143 A phishing simulation email is flagged by the spam filter. What should the hacker do?
Modify the email content
Disable the spam filter
Use a different email address
Ignore the issue
Q144
Q144 What is the first step in a penetration testing process?
Exploitation
Reconnaissance
Vulnerability reporting
Remediation planning
Q145
Q145 What is the purpose of the rules of engagement (ROE) in penetration testing?
To define legal and operational boundaries
To determine tools to use
To perform vulnerability analysis
To ensure post-testing cleanup
Q146
Q146 How does post-exploitation differ from exploitation in penetration testing?
Post-exploitation focuses on maintaining access
Post-exploitation launches attacks
Post-exploitation involves network scanning
Post-exploitation disrupts services
Q147
Q147 Which Metasploit command is used to generate a penetration testing report?
msfconsole report
db_nmap
db_export
msfreport
Q148
Q148 What does the following Metasploit command do: use post/windows/gather/enum_logged_on_users?
Exploits a vulnerability
Enumerates currently logged-in users
Deletes system logs
Generates a report
Q149
Q149 A vulnerability remains unpatched after reporting. What should the ethical hacker do?
Exploit the vulnerability
Notify the client again
Ignore the vulnerability
Delete the vulnerability report
Q150
Q150 The penetration testing report is incomplete due to missing data. What should the hacker do?
Request additional information from the client
Submit the report anyway
Exclude the incomplete sections
Add assumptions to fill the gaps
