Ethical Hacking Bonus Content

30 questions on Ethical Hacking.

Question 1: What is the difference between active and passive reconnaissance in penetration testing?

A. Active recon is done on servers, passive recon is done on networks.
B. Passive recon gathers data without directly interacting with target systems (e.g. WHOIS), whereas Active recon directly interacts with the target (e.g. port scanning). — (correct answer)
C. Passive recon requires root access, while Active recon runs as a guest user.
D. There is no difference; they are synonymous.

Explanation: Passive recon avoids sending traffic to the target, lowering detection risk. Active recon probe targets directly, risking alarm triggers.

Question 2: Why is a TCP SYN scan often referred to as a 'stealth scan' or 'half-open scan'?

A. It encrypts the port scanning packet payload.
B. It scans only standard common ports.
C. It does not complete the full three-way TCP handshake; it sends a RST packet immediately after receiving a SYN-ACK. — (correct answer)
D. It bypasses network firewalls automatically.

Explanation: By sending a RST (Reset) before the final ACK, the connection is never fully established, which avoids triggering logging in older applications.

Question 3: What is the primary objective of exploiting a Buffer Overflow vulnerability?

A. To crash the database server to perform a Denial of Service.
B. To overwrite adjacent memory space, injecting malicious code and redirecting execution flow to run arbitrary commands. — (correct answer)
C. To download website files via directories.
D. To execute SQL queries inside unvalidated input forms.

Explanation: Overwriting the instruction pointer (EIP/RIP) allows attackers to point to custom shellcode in memory, gaining execution control.

Question 4: In cybersecurity, what vector does a 'Social Engineering' attack primarily target?

A. Exploiting unpatched firmware in database servers.
B. Intercepting encrypted payloads over open Wi-Fi.
C. Manipulating human psychology to trick users into revealing credentials or bypass security procedures. — (correct answer)
D. Hacking social media servers.

Explanation: Social engineering (phishing, pretexting) bypasses technical controls by targetting the weakest link: human trust.

Question 5: What is the difference between a vulnerability scan and a penetration test?

A. A vulnerability scan is executed manually, while a penetration test is automated.
B. A vulnerability scan identifies potential security flaws, while a penetration test actively attempts to exploit them to verify risk depth. — (correct answer)
C. A penetration test requires database keys.
D. There is no difference.

Explanation: Vulnerability scanning maps potential entries. Pentesting mimics active threat vectors to validate exploits.

Question 6: What is an 'Ethical Hacker' (White Hat)?

A. A developer who writes open-source code.
B. A security professional who uses hacking skills legally and with permission to identify weaknesses and secure networks. — (correct answer)
C. An attacker who hacks databases for fun.
D. A server system administrator.

Explanation: White hats help organizations harden security, operating under legal contracts.

Question 7: What does standard SQL Injection (SQLi) target?

A. Client-side browser stylesheets.
B. The database layer, injecting malicious statements into inputs to manipulate queries and access unauthorized rows. — (correct answer)
C. The local network DNS routing tables.
D. Server RAM cache structures.

Explanation: Unsanitized input concatenated into query strings allows attackers to alter query structures.

Question 8: How does a Blind SQL Injection attack differ from a Classic SQL Injection?

A. Blind SQLi does not show database error messages or output data directly on the page, requiring testers to infer data by asking true/false queries or using time delays. — (correct answer)
B. Blind SQLi is faster and requires no connection keys.
C. Blind SQLi is unsupervised, while Classic is supervised.
D. Blind SQLi is deprecated.

Explanation: Testers use functions like sleep() to observe if the database pauses, verifying query logic.

Question 9: Which port is standard for SSH connections?

A. 80
B. 22 — (correct answer)
C. 443
D. 21

Explanation: Port 22 is assigned for Secure Shell (SSH) remote command-line connections.

Question 10: What does a Cross-Site Scripting (XSS) exploit allow attackers to do?

A. Execute arbitrary SQL queries in databases.
B. Inject malicious JavaScript into trusted websites, which then executes in visitors' browsers to steal cookies or session tokens. — (correct answer)
C. Redirect DNS requests to fake IP hosts.
D. Bypass local firewalls.

Explanation: XSS targets client browsers, using the site's authority to run unauthorized JavaScript.

Question 11: What is the difference between Stored and Reflected XSS?

A. Stored is temporary, Reflected is persistent.
B. Stored XSS resides permanently in target databases (e.g. comments) affecting all visitors, while Reflected parses immediately from URL query parameters. — (correct answer)
C. Reflected XSS runs on the server, Stored runs in browsers.
D. There is no difference.

Explanation: Stored XSS is dangerous, infecting anyone loading pages containing the dirty database rows.

Question 12: What is 'Phishing'?

A. Port scanning server connections.
B. Attempting to acquire sensitive credentials (passwords, card details) by masquerading as a trustworthy entity in electronic communications. — (correct answer)
C. Cracking cryptographic hashes offline.
D. Exploiting buffer overflows.

Explanation: Phishing leverages spoofed emails/sites to capture credentials from unsuspecting users.

Question 13: What does the acronym OWASP stand for?

A. Open Web Application Security Project — (correct answer)
B. Operating Web Access Security Protocol
C. Optical Wide Area Security Platform
D. Open Source Writing Security Standard

Explanation: OWASP is a global non-profit organization focused on improving software security.

Question 14: What is Cross-Site Request Forgery (CSRF)?

A. Injecting SQL scripts in database tables.
B. An attack that forces an authenticated user's browser to execute unwanted actions on a web application where they are logged in. — (correct answer)
C. Hacking connection ports.
D. Stealing session cookie parameters from browser RAM.

Explanation: CSRF tricks browsers into submitting POST/GET queries to trusted backends using active session state.

Question 15: Which tool is famous for scanning network ports and mapping target services?

A. Wireshark
B. Nmap — (correct answer)
C. Metasploit
D. Burp Suite

Explanation: Nmap is standard for port exploration, discovering open ports and active OS versions.

Question 16: What is the function of a 'WAF' (Web Application Firewall)?

A. Encrypting system files.
B. Monitoring, filtering, and blocking HTTP traffic to and from a web application to protect against attacks like SQLi and XSS. — (correct answer)
C. Backing up databases automatically.
D. Managing user roles.

Explanation: WAFs inspect layer-7 traffic, checking inputs against known attack signatures.

Question 17: What is a 'Zero-Day' vulnerability?

A. A vulnerability that expires in 24 hours.
B. A security flaw that is unknown to the vendor, having no patch available, leaving systems exposed to active exploitation. — (correct answer)
C. A bug that causes databases to format.
D. A configuration error in firewalls.

Explanation: Zero-day indicates the vendor has had 0 days to fix the vulnerability since discovery.

Question 18: What is the standard port for HTTPS?

A. 80
B. 443 — (correct answer)
C. 8080
D. 22

Explanation: Port 443 handles encrypted HTTP Secure (HTTPS) traffic globally.

Question 19: What is the difference between a Black Box and a White Box penetration test?

A. Black box testing is cheap, White box is expensive.
B. Black box testers have zero prior knowledge of the target network, while White box testers have full access to architectural drawings and source code. — (correct answer)
C. White box is automated, Black box is manual.
D. There is no difference.

Explanation: Black box simulates external attackers. White box allows in-depth code auditing.

Question 20: What does a 'Remote Code Execution' (RCE) vulnerability allow attackers to do?

A. Read database table columns only.
B. Execute arbitrary system commands or run malicious scripts directly on the host server operating system. — (correct answer)
C. Redirect URL requests.
D. Delete local logs files.

Explanation: RCE represents severe risk, giving attackers command-line access to internal servers.

Question 21: Which tool is standard for sniffing and analyzing network packet structures in real-time?

A. Nmap
B. Wireshark — (correct answer)
C. Metasploit
D. John the Ripper

Explanation: Wireshark captures packets, dissecting headers across network stack layers.

Question 22: What is 'Brute Force Hacking'?

A. Using SQL statements to delete databases.
B. Systematically guessing credentials (usernames/passwords) or cryptographic keys using automated lists. — (correct answer)
C. Intercepting router cables physically.
D. Cracking local hardware screens.

Explanation: Brute-force uses automated trials, thwarted by strong passwords and rate limits.

Question 23: What is the security risk of a 'Broken Object Level Authorization' (BOLA / IDOR) flaw?

A. It causes server connection timeouts.
B. It allows users to access or edit other users' data rows by modifying key indices (e.g. /api/user/10 to /api/user/11) due to missing ownership checks. — (correct answer)
C. It blocks page layouts on chrome.
D. It exposes database passwords in code files.

Explanation: BOLA occurs if backends fetch records matching URL IDs without verifying client ownership permissions.

Question 24: What is a 'Denial of Service' (DoS) attack?

A. Hacking database connections.
B. An attempt to make a machine or network resource unavailable to its intended users by flooding it with traffic or triggering crashes. — (correct answer)
C. Disabling the router firewall.
D. Reverting system settings.

Explanation: DoS disrupts operations, often distributed (DDoS) across botnets to scale impact.

Question 25: How does a 'Man-in-the-Middle' (MitM) attack work?

A. Attackers injecting code into form fields.
B. Attackers secretly relaying and altering communication between two parties who believe they are directly communicating. — (correct answer)
C. Hacking the database server locally.
D. Creating multiple admin accounts.

Explanation: MitM sniffs or redirects traffic, mitigated by enforcing TLS encryption.

Question 26: What is a 'Reverse Shell'?

A. A terminal prompt styling format.
B. A connection initiated from the target system back to the attacker's listening server, bypassing standard inbound firewall blocks. — (correct answer)
C. A database migration command.
D. An encryption module wrapper.

Explanation: Outbound traffic is usually allowed by firewalls. Reverse shells exploit this to get control channels.

Question 27: What does the 'Scope' of a penetration test define?

A. The price of the security contract.
B. The exact IP addresses, hostnames, applications, and networks that are authorized for testing. — (correct answer)
C. The list of developer accounts.
D. The testing schedules of employees.

Explanation: Scope limits testing boundaries. Hacking systems outside scope is illegal.

Question 28: What is 'Privilege Escalation'?

A. Elevating server memory allocations.
B. The act of exploiting vulnerabilities to gain elevated access to resources or permissions that are normally restricted (e.g. gaining root). — (correct answer)
C. Moving database tables to cloud instances.
D. Writing code scripts.

Explanation: Escalation gets attackers administrative permissions from a standard user footprint.

Question 29: Why is the OWASP Top 10 list revised periodically?

A. To introduce new pricing structures.
B. To reflect the evolving threat landscape, emerging technologies, and shift in common application vulnerabilities. — (correct answer)
C. To update HTML page layouts.
D. To rotate security certificates.

Explanation: OWASP updates keep developers informed on standard AppSec threats.

Question 30: What is 'Social Engineering'?

A. Optimizing web page loading times.
B. Manipulating human psychology to trick users into revealing secret credentials or bypassing security checkpoints. — (correct answer)
C. Structuring databases.
D. Editing system configuration settings.

Explanation: Human errors bypass technical guards, making training vital to AppSec.

Ethical Hacking Bonus Content

Test your knowledge with interactive questions.

Ready to test your skills?

You are about to start a comprehensive quiz containing questions covering Ethical Hacking. You have 30 minutes to complete it.

Discussion (0)

Comments are reviewed before appearing.

No comments yet — be the first!

Featured

Browse All 21+ Subject Areas

Popular Topics

More Topics

Quick Links

Featured

Visual Algorithm Labs

Sorting Algorithms

Data Structures

Featured

Frontend Dev

Career Paths

Skill Tracks

Featured

The Future of Web Architecture in 2026

Categories

Community

Practice Quizzes

Ethical Hacking Bonus Content

Ready to test your skills?

Correct!

Incorrect

Explanation

Quiz Navigator /

Current Score

Discussion (0)

Send Feedback / Bug

Feedback Submitted!