Home / Blog / Interview Questions / Ethical Hacking Interview Questions and Answers

Ethical Hacking Interview Questions and Answers

  • September 11, 2022
  • 6008
  • 44
Author Images

Meet the Author : Mr. Bharani Kumar

Bharani Kumar Depuru is a well known IT personality from Hyderabad. He is the Founder and Director of Innodatatics Pvt Ltd and 360DigiTMG. Bharani Kumar is an IIT and ISB alumni with more than 17 years of experience, he held prominent positions in the IT elites like HSBC, ITC Infotech, Infosys, and Deloitte. He is a prevalent IT consultant specializing in Industrial Revolution 4.0 implementation, Data Analytics practice setup, Artificial Intelligence, Big Data Analytics, Industrial IoT, Business Intelligence and Business Management. Bharani Kumar is also the chief trainer at 360DigiTMG with more than Ten years of experience and has been making the IT transition journey easy for his students. 360DigiTMG is at the forefront of delivering quality education, thereby bridging the gap between academia and industry.

Read More >

Table of Content

  • What is Cybersecurity primarily about?

    • a) People.
    • b) Processes.
    • c) Technologies.
    • d) All of the above.

    Answer - d) All the above

  • Cybersecurity encompasses a full range of-

    • a) Vulnerability reduction.
    • b) Incident response.
    • c) Recovery policies.
    • d) All of the above.

    Answer - d) All of the above

  • Cybersecurity is the protection of-

    • a) Internet connected systems.
    • b) Non-Internet connected systems.
    • c) Both A and B.
    • d) None of this.

    Answer - a) Internet connected systems

  • Cybersecurity also be referred to as-

    • a) Incident security.
    • b) Information technology security.
    • c) Internet security.
    • d) Threat security.

    Answer - b) Information technology security

  • What is true about Cybersecurity?

    • a) Cybersecurity as the set of principles and practices designed to protect our computing resources.
    • b) Cybersecurity as the set of principles and practices designed to protect our online information against threats.
    • c) Cybersecurity is a critical function and needed insurance of many businesses.
    • d) All of the above.

    Answer - d) All of the above

  • When was the first computer worm (virus) created?

    • a) 1969.
    • b) 1970.
    • c) 1971.
    • d) 1972.

    Answer - b) 1970

  • Which program did Robert Thomas create?

    • a) Virus.
    • b) Thomas program.
    • c) Creeper.
    • d) ARPANET.

    Answer - c) Creeper

  • What was the name of the first antivirus software?

    • a) Ray Tomlinson.
    • b) Tinkered.
    • c) Reaper.
    • d) Repair.

    Answer - c) Reaper

  • Specify the year when Morris worm renamed the virus?

    • a) 1988.
    • b) 1989.
    • c) 1990.
    • d) 1991.

    Answer - a) 1988

  • What is one of the Cyber Security Goals?

    • a) Protect the confidentiality of data.
    • b) Preserve the integrity of data.
    • c) Promote the availability of data for authorized users.
    • d) Information service providers.

    Answer - b) Parallel method

  • ISPs stands for?

    • a) Reduce the variance.
    • b) Internet service providers
    • c) Internet service providers.
    • d) Information service providers.

    Answer - b) Internet service providers

  • The Cybersecurity principle states that security measures should be as simple and minimal as possible.

    • a) Fail-safe defaults.
    • b) Least Privilege.
    • c) Economy of mechanism.
    • d) Open Design.

    Answer - c) Economy of mechanism

  • Does the cybersecurity system limits how rights are exercised when creating a topic or an object?

    • a) Fail-safe defaults.
    • b) Least Privilege.
    • c) Complete mediation.
    • d) Open Design.

    Answer - d) Fail-safe defaults

  • If an administrator wants root access to a hosted UNIX system, he or she should not be granted that right unless he or she has a function that requires that access level is an example of that cyber security policy?

    • a) Separation of Privilege.
    • b) Least Privilege.
    • c) Complete mediation.
    • d) Open Design.

    Answer - b) Least Privilege

  • The example of Open Design?

    • a) DVD player.
    • b) Content Scrambling System.
    • c) Both A and B.
    • d) None of the above.

    Answer - c) Both A and B

  • Is true about Complete mediation?

    • a) The principle of complete mediation restricts the caching of information, which often leads to simpler implementations of mechanisms.
    • b) The idea of this principle is that access to every object must be checked for compliance with a protection scheme to ensure that they are allowed.
    • c) In Complete mediation, whenever someone tries to access an object, the system should authenticate the access rights associated with that subject.
    • d) All of the above.

    Answer - d) All of the above

  • Following are examples of Open Design?

    • a) 2.
    • b) 3.
    • c) 4.
    • d) 5.

    Answer - b) 2

  • Principle states sometimes it is more desirable to record the details of an intrusion than to adopt a more sophisticated measure to prevent it?

    • a) Work Factor.
    • b) Psychological acceptability.
    • c) Least Common Mechanism.
    • d) Compromise Recording.

    Answer - d) Compromise Recording

  • Following is true about Complete mediation?

    • a) Work Factor.
    • b) Security through obscurity.
    • c) Least Common Mechanism.
    • d) Least Privilege.

    Answer - b) Security through obscurity

  • The online banking website should require users to sign in and after some time as we may say, within 20 minutes is an example of that Cybersecurity rule?

    • a) Fail-safe defaults.
    • b) Separation of Privilege.
    • c) Psychological acceptability.
    • d) Complete mediation.

    Answer - d) Complete mediation

  • How many guarantees must be made before a right is granted in the allocation of a right?

    • a) nmap -O target.
    • b) nmap -A target.
    • c) nmap -sV target.
    • d) nmap -sA target.

    Answer - d) nmap -sA target

  • What is the principle that sometimes it is more desirable to record login details than to use a sophisticated blockchain method?

    • a) Nessus
    • b) Maltego
    • c) Dirb
    • d) Dirtbuster

    Answer - a) Nessus

  • The Open Design principle is the opposite?

    • a) nmap
    • b) Metasploit
    • c) Advance IP Scanner
    • d) Zenmap

    Answer - c) Advance IP Scanner

  • Information security is also known as_______

    • a) InfoSec.
    • b) InfoWar.
    • c) Firewall.
    • d) Secure System.

    Answer - a) InfoSec

  • What is 'C' in CIA triad?

    • a) Common.
    • b) Confidentiality.
    • c) Calibre.
    • d) Candidate.

    Answer - b) Confidentiality

  • What is 'A' in CIA triad?

    • a) Attack.
    • b) Asset.
    • c) Availability.
    • d) Augmentation.

    Answer - c) Availability

  • What is 'I' in CIA triad?

    • a) Intension.
    • b) Integrity.
    • c) Important.
    • d) Illegal.

    Answer - b) Integrity

  • Authentication means, what type of claim of identity?

    • a) Completing.
    • b) Verifying.
    • c) Managing.
    • d) Checking.

    Answer - b) Verifying

  • What program monitors your online activities or installs programs without your permission to profit or photograph your personal information?

    • a) Spyware Threat.
    • b) Backtracking.
    • c) Cookies.
    • d) PIN.

    Answer - a) Spyware Threat

  • What weaknesses can be exploited by the threat?

    • a) Weakness.
    • b) Vulnerability.
    • c) Virus.
    • d) Threat.

    Answer - b) Vulnerability

  • What are the terms of attempting to disclose, alter, disable, destroy, steal or gain unauthorized access or misuse of property?

    • a) Attack.
    • b) Asset.
    • c) Alter.
    • d) Attempt.

    Answer - a) Attack

  • What attacks try to change system resources or affect their performance?

    • a) Normal.
    • b) Passive .
    • c) Big.
    • d) Active.

    Answer - b) Passive

  • What types of attacks attempt to read or use information from the system but do not affect system resources?

    • a) Normal.
    • b) Passive.
    • c) Big.
    • d) Active.

    Answer - a) Normal

  • What is the Open Web Application Security Project (OWASP)?

    • a) Business organization.
    • b) Non-profit organization.
    • c) Big organization.
    • d) Active organization.

    Answer - b) Non-profit organization

  • Cross-site scripting (XSS) errors enable the attackers to install _____ scripts in the application.

    • a) HTML.
    • b) python.
    • c) JavaScript.
    • d) C++.

    Answer - c) JavaScript

  • SQL injection is also known as-

    • a) SQL Inj.
    • b) SQL.
    • c) Injection.
    • d) SQLi.

    Answer - d) SQLi

  • What will be the perfect action of recording the keys struck on a keyboard?

    • a) Key logger.
    • b) Key count.
    • c) Backtracking.
    • d) Phishing.

    Answer - a) Key logger

  • What is the type of cyber-attack When a malicious actor inserts him/herself into a conversation between two parties, what is this type of cyber-attack called?

    • a) Eavesdropping.
    • b) Phishing.
    • c) DOS.
    • d) Man-in-the-middle.

    Answer - a) Eavesdropping

  • Web session control mechanism can be exploited by--

    • a) DOS.
    • b) Session Hijacking.
    • c) Backtracking.
    • d) Shoulder surfing.

    Answer - a) DOS

  • In which attack the hacker hides the actual UI where victim is supposed to click?

    • a) Hijacking.
    • b) Clickjacking.
    • c) Session Hijacking .
    • d) Man-in-the-middle.

    Answer - b) Clickjacking

  • What will be the desired process of exploiting weakness in the system and gaining unauthorized access to data?

    • a) Attack.
    • b) Hijacking.
    • c) Hacking.
    • d) Threat.

    Answer - c) Hacking

  • What kind of hackers take permission of security experts to uncover security risks that a malicious attacker can exploit?

    • a) Hacker.
    • b) White hat hacker.
    • c) Grey hat hacker.
    • d) Red hat hacker.

    Answer - b) White hat hacker

  • White hat hackers are also often addressed as moral hackers or________.

    • a) Security.
    • b) Kerboros.
    • c) Watchdog.
    • d) Pen tester.

    Answer - d) Pen tester

  • Who will be guys that operate on the opposite side of the law?

    • a) Black hat.
    • b) White hat.
    • c) Green hat.
    • d) Red hat.

    Answer - a) Black hat

  • The guy who cuts the line between good and bad and decides to turn it into a good side.

    • a) green hat.
    • b) white hat.
    • c) grey hat.
    • d) black hat.

    Answer - c) grey hat

  • Data domains and internal boundaries can be tested

    • a) Blue box.
    • b) Glass box.
    • c) Black box.
    • d) White box.

    Answer - d) White box

  • In which testing generally knowledge is not required?

    • a) Blue box.
    • b) Black box.
    • c) Glass box.
    • d) White box.

    Answer - b) Black box

  • In which testing extensive implementation knowledge is required?

    • a) Black box.
    • b) White box.
    • c) Blue box.
    • d) Grey box.

    Answer - d) Grey box

  • What is the process of defining, identifying, organizing, and prioritizing called?

    • a) Checking.
    • b) Vulnerability assessment.
    • c) Testing.
    • d) Identifying.

    Answer - b) Vulnerability assessment

  • Evaluate the security risk detection process in the application.

    • a) Checking.
    • b) Vulnerability assessment.
    • c) Penetration.
    • d) Identifying.

    Answer - c) Penetration

  • What type of Hacking involves accessing the system and changing system integrity?

    • a) System.
    • b) Black hat.
    • c) Grey hat.
    • d) White hat.

    Answer - a) System

  • In which we can refer to any good computer programmer?

    • a) Security.
    • b) Developer.
    • c) Hacker.
    • d) Tester.

    Answer - c) Hacker

  • Linux operating system is-

    • a) Open source.
    • b) Expensive.
    • c) Difficult.
    • d) Automated.

    Answer - a) Open source

  • Windows operating system is-

    • a) Open source.
    • b) Automated.
    • c) Difficult.
    • d) Not-open source.

    Answer - d) Not-open source

  • Which framework is a collection of shellcodes, exploits, fuzzing tools, encoders, and payloads?

    • a) Simple.
    • b) Complex.
    • c) Net.
    • d) Metasploit.

    Answer - d) Metasploit

  • The process of gathering information about your target is known as_______

    • a) Enumeration.
    • b) Hacking.
    • c) Data gathering.
    • d) Hijacking.

    Answer - a) Enumeration

  • What is the common port number of HTTP?

    • a) 40.
    • b) 81.
    • c) 80.
    • d) 21.

    Answer - c) 80

  • What is the standard FTP port number?

    • a) 40.
    • b) 81.
    • c) 80.
    • d) 21.

    Answer - d) 21

  • What is the common port number of HTTPS?

    • a) 40.
    • b) 443.
    • c) 80.
    • d) 21.

    Answer - b) 443

  • What is the common port number of SSH?

    • a) 40.
    • b) 81.
    • c) 80.
    • d) 22.

    Answer - d) 22

  • What is the primary goal of an Ethical Hacker?

    • a) Avoiding detection.
    • b) Determining return on investment (ROI) for security measures.
    • c) Resolving security vulnerabilities.
    • d) Testing security controls.

    Answer - d) Testing security controls

  • What are examples of network sniffing tools?

    • a) Bash, Nano, VI.
    • b) Nmap, Metasploit, Nessus.
    • c) Wireshark, Tshark, TCPdump.
    • d) Burpsuite, owasp zap .

    Answer - c) Wireshark, Tshark, TCPdump

  • The hacker behavior is hired by the organization to gain remote access to their internal network. He has not yet received information about the organization's internal network. What kind of tests are performed here?

    • a) Black box testing.
    • b) Grey box testing.
    • c) White box testing.
    • d) Blue Box Testing.

    Answer - a) Black box testing

  • Mary added an apostrophe after the parameter? Id = within the webpage URL. Now you see an error, which says there was a syntax error. What did Mary find?

    • a) Cross-Site Scripting vulnerability.
    • b) PostgreSQL database exploit.
    • c) SQL Injection.
    • d) DOS Attack.

    Answer - c) SQL Injection

  • A site uses dynamically generated content. By making use of a specific technique, it is possible to steal login credentials of the user. Which technique is meant here?

    • a) Session Hijacking.
    • b) SQL injection.
    • c) Cross Site Scripting (XSS).
    • d) Session Hijacking.

    Answer - b) SQL injection

  • If you have your R57 Shell, how can you establish a connection between a website and your machine?

    • a) Eval function.
    • b) Backconnect shell.
    • c) Reverse shell.
    • d) All of these.

    Answer - b) Backconnect shell

  • You have found a live system on IP address 192.168.10.113. Which nmap command lets you detect the Operating System of a target?

    • a) nmap -O 192.168.10.113.
    • b) nmap -Os 192.168.10.113.
    • c) nmap -os 192.168.10.113.
    • d) nmap -o 192.168.10.113.

    Answer - a) nmap -O 192.168.10.113

  • The robber is trying to take traffic from the wireless network adapter. Which network adapter should you look for in Wireshark?

    • a) eth0.
    • b) Lo.
    • c) wlan0.
    • d) LAN.

    Answer - c) wlan0

  • At what point in the Ethical Hacking Process can an attacker possibly use a port scanning tool?

    • a) Attack execution.
    • b) Attack preparation.
    • c) nformation gathering.
    • d) Report writing.

    Answer - c) nformation gathering

  • The sign-in checker wants to know which IP addresses are currently active on the network. You are using nmap to do that. What nmap change does it need to perform this test?

    • a) -sU.
    • b) -sO.
    • c) -sP.
    • d) -Sv.

    Answer - c) -sP

  • You are performing a penetration test and are asked to test the authentication strength of a storage device. You have not received the IP address of the host, but you were told that the system sends a message to the network's broadcast every five minutes. What could you use to find the IP address of the host?

    • a) Ncrack .
    • b) Netdiscover.
    • c) Wireshark.
    • d) Aircrack -ng.

    Answer - c) Wireshark

  • Criminal managed to detect XSS vulnerability. Now you want to take sessions. Where can you find the information?

    • a) document.session.
    • b) session.cookie.
    • c) document.cookie.
    • d) document.URL.

    Answer - c) document.cookie

Read
Success Stories
Make an Enquiry