5 unit Basics Of Ethical Hacking MCQS

1. Hackers who help in finding bugs and vulnerabilities in a system & don’t intend to crack a
system are termed as
a) Black Hat hackers
b) White Hat Hackers
c) Grey Hat Hackers
d) Red Hat Hackers
Answer: b
Explanation: White Hat Hackers are cyber security analysts and consultants who have the intent to help
firms and Governments in the identification of loopholes as well as help to perform penetration tests for
securing a system.
2. Which is the legal form of hacking based on which jobs are provided in IT industries and firms?
a) Cracking
b) Non ethical Hacking
c) Ethical hacking
d) Hactivism
Answer: c
Explanation: Ethical Hacking is an ethical form of hacking done by white-hat hackers for performing
penetration tests and identifying potential threats in any organizations and firms.

3. They are nefarious hackers, and their main motive is to gain financial profit by doing
cybercrimes. Who are “they” referred to here?
a) Gray Hat Hackers
b) White Hat Hackers
c) Hactivists
d) Black Hat Hackers
Answer: d
Explanation: Black Hat hackers also termed as „crackers‟and are a major type of cyber criminals who
take unauthorized access in user‟s account or system and steal sensitive data or inject malware into the
system for their profit or to harm the organization.

Page 1 of 12
 5 unit Basics Of Ethical Hacking MCQS

are the combination of both white as well as black hat hackers.

a) Grey Hat hackers
b) Green Hat hackers
c) Blue Hat Hackers
d) Red Hat Hackers
Answer: a
Explanation: Grey Hat Hackers have a blending character of both ethical as well as un-ethical hacker.
They hack other‟s systems for fun but do not harm the system, exploits bugs and vulnerabilities in
network without the knowledge of the admin or the owner.

4. The amateur or newbie in the field of hacking who don’t have many skills about coding and in-
depth working of security and hacking tools are called
a) Sponsored Hackers
b) Hactivists
c) Script Kiddies
d) Whistle Blowers
Answer: c
Explanation: Script Kiddies are new to hacking and at the same time do not have many interests in
developing coding skills or find bugs of their own in systems; rather they prefer downloading of
available tools (developed by elite hackers) and use them to break any system or network. They just try
to gain attention of their friend circles.

5. Suicide Hackers are those

a) who break a system for some specific purpose with or without keeping in mind that they may suffer
long term imprisonment due to their malicious activity
b) individuals with no knowledge of codes but an expert in using hacking tools
c) who know the consequences of their hacking activities and hence try to prevent them by erasing their
digital footprints
d) who are employed in an organization to do malicious activities on other firms
Answer: a
Explanation: Suicide hackers are those who break into any network or system with or without knowing
the consequences of the cybercrime and its penalty. There are some suicide hackers who intentionally do
crimes and get caught to bring their names in the headlines.

6. Criminal minded individuals who work for terrorist organizations and steal information of
nations and other secret intelligence are
a) State sponsored hackers
b) Blue Hat Hackers
c) Cyber Terrorists
d) Red Hat Hackers
Answer: c
Explanation: Cyber Terrorists are very expert programmers and cyber criminals who hide themselves
while doing malicious activities over the internet and they are smart enough to hide themselves or their
tracks of action. They are hired for gaining unauthorized access to nation‟s data centres or break into
the network of intelligence agencies.
Page 2 of 12
 5 unit Basics Of Ethical Hacking MCQS

7. One who disclose information to public of a company, organization, firm, government and
private agency and he/she is the member or employee of that organization; such individuals are
termed as

a) Sponsored hackers
b) Crackers
c) Hactivist
d) Whistleblowers
Answer: d
Explanation: Whistleblowers are those individuals who is a member or an employee of any specific
organization and is responsible for disclosing private information of those organizations, firms, either
government or private.

8. These types of hackers are the most skilled hackers in the hackers’ community. Who are
“they” referred to?
a) White hat Hackers
b) Elite Hackers
c) Licensed Penetration Testers
d) Red Hat Hackers
Answer: b
Explanation: The tag “Elite hackers” are considered amongst the most reputed hackers who possess
most of the hacking and security skills. They are treated with utmost respect in the hackers‟community.
Zero day vulnerabilities, serious hacking tools and newly introduced bugs are found and developed by
them.

9. are those individuals who maintain and handles IT security in any firm or organization.
a) IT Security Engineer
b) Cyber Security Interns
c) Software Security Specialist
d) Security Auditor
Answer: a
Explanation: This is an intermediary level of position of an individual in an organization or firm who
builds and preserves different systems and its associated security tools of the firm of organization to
which he/she belongs.

10. Role of security auditor is to

a) secure the network
b) probe for safety and security of organization‟s security components and systems
c) detects and prevents cyber-attacks and threats to organization
d) does penetration testing on different web applications
Answer: b
Explanation: Security auditors are those who conduct auditing of various computer and network systems
on an organization or company and reports the safety and security issues as well as helps in suggesting
improvements or enhancements in any particular system that is threat prone.

Page 3 of 12
 5 unit Basics Of Ethical Hacking MCQS
11. are senior level corporate employees who have the role and responsibilities of
creating and designing secured network or security structures.
a) Ethical Hackers b) Chief Technical Officer
c) IT Security Engineers d) Security Architect
Answer: d
Explanation: Security architect are those senior grade employees of an organization who are in charge
of building, designing, implementing and testing of secured network topologies, protocols as well as
secured computers in an organization.

Page 4 of 12
 5 unit Basics Of Ethical Hacking MCQS

12. security consultants uses database security monitoring & scanning tools to
maintain security to different data residing in the database / servers / cloud.
a) Database
b) Network
c) System
d) Hardware
Answer: a
Explanation: Database Security consultants are specific individuals hired in order to monitor and scan the
database systems and keep them secured from unwanted threats and attacks by giving access to
restricted users, blocking unwanted files, multi-factor access control etc.

13. Govern
ments hired some highly skilled hackers. These types of hackers are termed as
a) Special Hackers b) Government Hackers
c) Cyber Intelligence Agents d) Nation / State sponsored hackers
Answer: d
Explanation: Nation / State sponsored hackers are specific individuals who are employed or hired by the
government of that nation or state and protect the nation from cyber terrorists and other groups or
individuals and to reveal their plans, communications and actions.

14. Someone
(from outside) who tests security issues for bugs before launching a system or
application, and who is not a part of that organization or company are
a) Black Hat hacker
b) External penetration tester
c) Blue Hat hacker
d) White Hat Hacker
Answer: c
Explanation: Blue Hat Hackers are outsiders yet security testers who are temporarily hired for
performing outsourced security test for bugs and vulnerabilities in any system before launching it to the
market or making the application live.

15. The full form of Malware is

a) Malfunctioned Software
b) Multipurpose Software
c) Malicious Software
d) Malfunctioning of Security
Answer: c
Explanation: Different types of harmful software and programs that can pose threats to a system,
network or anything related to cyberspace are termed as Malware. Examples of some common malware
are Virus, Trojans, Ransomware, spyware, worms, rootkits etc.

16. Who deploy Malwares to a system or network?

a) Criminal organizations, Black hat hackers, malware developers, cyber-terrorists
b) Criminal organizations, White hat hackers, malware developers, cyber-terrorists
c) Criminal organizations, Black hat hackers, software developers, cyber-terrorists
Page 5 of 12
 5 unit Basics Of Ethical Hacking MCQS
d) Criminal organizations, gray hat hackers, Malware developers, Penetration testers
Answer: a
Explanation: Criminal-minded organizations, groups and individuals cyber-terrorist groups, Black hat
hackers, malware developers etc are those who can deploy malwares to any target system or network in
order to deface that system.

Page 6 of 12
 5 unit Basics Of Ethical Hacking MCQS

17. is a code injecting method used for attacking the database of a system / website.
a) HTML injection

18. is a code injecting method used for attacking the database of a system / website.
b) HTML injection
c) SQL Injection
d)Malicious code injection
e) XML Injection
Answer: b
Explanation: SQLi (Structured Query Language Injection) is a popular attack where SQL code is
targeted or injected; for breaking the web application having SQL vulnerabilities. This allows the
attacker to run malicious code and take access to the database of that server.

19. XSS is abbreviated as

a) Extreme Secure Scripting
b) Cross Site Security
c) X Site Scripting
d) Cross Site Scripting
Answer: d
Explanation: Cross Site Scripting is another popular web application attack type that can hamper the
reputation of any site.

20. This attack can be deployed by infusing a malicious code in a website’s comment section.
What is “this” attack referred to here?
a) SQL injection
b) HTML Injection
c) Cross Site Scripting (XSS)
d) Cross Site Request Forgery (XSRF)
Answer: c
Explanation: XSS attack can be infused by putting the malicious code (which gets automatically run) in
any comment section or feedback section of any webpage (usually a blogging page). This can hamper
the reputation of a site and the attacker may place any private data or personal credentials.

21. Whe
n there is an excessive amount of data flow, which the system cannot handle,
attack takes place.
a) Database crash attack
b) DoS (Denial of Service) attack
c) Data overflow Attack
d) Buffer Overflow attack
Answer: d
Explanation: The Buffer overflow attack takes place when an excessive amount of data occurs in the
buffer, which it cannot handle and lead to data being over-flow into its adjoined storage. This attack can
cause a system or application crash and can lead to malicious entry-point.

Page 7 of 12
 5 unit Basics Of Ethical Hacking MCQS
22. Compromising a user’s session for exploiting the user’s
data and do malicious activities or misuse user’s credentials is called
a) Session Hijacking
b) Session Fixation
c) Cookie stuffing
d) Session Spying
Answer: a
Explanation: Using session hijacking, which is popularly known as cookie hijacking is an exploitation method
for compromising the user‟s session for gaining unauthorized access to user‟s information.

Page 8 of 12
 5 unit Basics Of Ethical Hacking MCQS

23. Which of this is an example of physical hacking?

a) Remote Unauthorised access
b) Inserting malware loaded USB to a system
c) SQL Injection on SQL vulnerable site
d)DDoS (Distributed Denial of Service) attack
Answer: b
Explanation: If a suspicious gain access to server room or into any confidential area with a malicious pen-drive
loaded with malware which will get triggered automatically once inserted to USB port of any employee‟s PC; such
attacks come under physical hacking, because that person in gaining unauthorized physical access to any
room or organization first, then managed to get an employee‟s PC also, all done physically – hence breaching
physical security.

24. Which of them is not a wireless attack?

a)Eavesdropping
b)MAC Spoofing
c)Wireless Hijacking
d)Phishing
Answer: d
Explanation: Wireless attacks are malicious attacks done in wireless systems, networks or devices. Attacks on
Wi-Fi network is one common example that general people know. Other such sub-types of wireless attacks are
wireless authentication attack, Encryption cracking etc.

25. An
attempt to harm, damage or cause threat to a system or network is broadly termed as
a)Cyber-crime
b)Cyber Attack
c)System hijacking
d)Digital crime
Answer: b
Explanation: Cyber attack is an umbrella term used to classify different computer & network attacks or activities
such as extortion, identity theft, email hacking, digital spying, stealing hardware, mobile hacking and physical
security breaching.

26. Which method of hacking will record all your keystrokes?

a)Keyhijacking
b)Keyjacking
c)Keylogging
d)Keyboard monitoring
Answer: c
Explanation: Keylogging is the method or procedure of recording all the key strokes/keyboard button pressed
by the user of that system.

27. are the special type of programs used for recording and tracking user’s keystroke.
a)Keylogger
b)Trojans
c)Virus
d)Worms
Answer: a
Explanation: Keyloggers are surveillance programs developed for both security purpose as well as done for
hacking passwords and other personal credentials and information. This type of programs actually saves the
keystrokes done using a keyboard and then sends the recorded keystroke file to the creator of such programs.

Page 9 of 12
 5 unit Basics Of Ethical Hacking MCQS

28. Stuxnet is a
a)Worm
b)Virus
c)Trojan
d)Antivirus
Answer: a
Explanation: Stuxnet is a popular and powerful worm that came into existence in mid 2010, which was very
powerful as it was accountable for the cause of huge damage to Iran‟s Nuclear program. It mainly targets
the PLCs (Programmable Logic Controllers) in a system.

29. According to the CIA Triad, which of the below-mentioned element is not considered in the triad?
a)Confidentiality
b)Integrity
c)Authenticity
d)Availability
Answer: c
Explanation: According to the CIA triad the three components that a security need is the Confidentiality,
Integrity, Availability (as in short read as CIA) .

30. is the latest technology that faces an extra challenge because of CIA paradigm.
a)Big data
b)Database systems
c)Cloud storages
d)Smart dust
Answer: a
Explanation: Big data has additional challenges that it has to face because of the tremendous volume of data
that needs protection as well as other key elements of the CIA triad, which makes the entire process costly and
time-consuming.

31. One common way to maintain data

availability is
a)Data clustering
b)Data backup
c)Data recovery
d)Data Altering
Answer: b
Explanation: For preventing data from data-loss, or damage data backup can be done and stored in a different
geographical location so that it can sustain its data from natural disasters & unpredictable events.

32. is the practice and precautions taken to protect valuable information from
unauthorised access, recording, disclosure or destruction.
a)Network Security
b)Database Security
c)Information Security
d)Physical Security
Answer: c
Explanation: Information Security (abbreviated as InfoSec) is a process or set of processes used for protecting
valuable information for alteration, destruction, deletion or disclosure by unauthorised users.

Page 10 of 12
 5 unit Basics Of Ethical Hacking MCQS

33. From the options below, which of them is not a vulnerability to information security?
a)flood
b)without deleting data, disposal of storage media
c)unchanged default password
d)latest patches and updates not done
Answer: a
Explanation: Flood comes under natural disaster which is a threat to any information and not acts as a
vulnerability to any system.

34. platforms are used for safety and protection of information in the cloud.
a)Cloud workload protection platforms
b)Cloud security protocols
c)AWS
d)One Drive
Answer: a
Explanation: Nowadays data centres support workloads from different geographic locations across the globe
through physical systems, virtual machines, servers, and clouds. Their security can be managed using Cloud
workload protection platforms which manage policies regarding security of information irrespective of its
location.

35. technology is used for analyzing and monitoring traffic in network and information flow.
a)Cloud access security brokers (CASBs)
b)Managed detection and response (MDR)
c)Network Security Firewall
d)Network traffic analysis (NTA)
Answer: d
Explanation: Network traffic analysis (NTA) is an approach of information security for supervising the traffic in
any network, a flow of data over the network as well as malicious threats that are trying to breach the network.
This technological solution also helps in triage the events detected by Network Traffic Analysing tools.

36. Compromising confidential information

comes under
a)Bug
b)Threat
c)Vulnerability
d)Attack
Answer: b
Explanation: Threats are anything that may cause damage or harm to a computer system, individual or any
information. Compromising of confidential information means extracting out sensitive data from a system by
illegal manner.

37. Lack of access control policy is a

a)Bug
b)Threat
c)Vulnerability
d)Attack
Answer: c
Explanation: Access control policies are incorporated to a security system for restricting of unauthorised access
to any logical or physical system. Every security compliance program must need this as a fundamental
component. Those systems which lack this feature is vulnerable.

Page 11 of 12
 5 unit Basics Of Ethical Hacking MCQS

38. Possible threat to any information cannot

be
a)reduced
b)transferred
c)protected
d)ignored
Answer: d
Explanation: When there lies a threat to any system, safeguards can be implemented, outsourced, distributed
or transferred to some other system, protected using security tools and techniques but cannot be ignored.

39. How many basic processes or steps are there in ethical hacking?
a)4
b)5
c)6
d)7
Answer: c
Explanation: According to the standard ethical hacking standards, the entire process of hacking can be divided
into 6 steps or phases. These are: Reconnaissance, Scanning, Gaining Access, Maintaining Access, Tracks
clearing, reporting.

40. is the information gathering phase in ethical hacking from the target user.
a)Reconnaissance
b)Scanning
c)Gaining access
d)Maintaining access
Answer: a
Explanation: Reconnaissance is the phase where the ethical hacker tries to gather different kinds of information
aboutthetargetuser or the victim‟s system.

41. Which of the following is not a reconnaissance tool or technique for information gathering?
a)Hping
b)NMAP
c)Google Dorks
d)Nexpose
Answer: d
Explanation: Hping, NMAP & Google Dorks are tools and techniques for reconnaissance. Nexpose is a tool for
scanning the network for vulnerabilities.

42. There are subtypes of reconnaissance.

a)2
b)3
c)4
d)5
Answer: a
Explanation: Reconnaissance can be done in two different ways. 1st, Active Reconnaissance which involves
interacting with the target user or system directly in order to gain information; 2nd, Passive Reconnaissance,
where information gathering from target user is done indirectly without interacting with the target user or
system.

Page 12 of 12
 5 unit Basics Of Ethical Hacking MCQS

43. Which of the following is an example of active reconnaissance?

a)Searching public records
b)Telephone calls as a help desk or fake customer care person
c)Looking for the target‟s details in thedatabase
d) Searchingthetarget‟s details in paper files
Answer: b
Explanation: As active reconnaissance is all about interacting with target victim directly, hence telephonic calls
as a legitimate customer care person or help desk person, the attacker can get more information about the
target user.

44. Which of the following is an example of passive reconnaissance?

a)Telephonic calls to target victim
b)Attacker as a fake person for Help Desk support
c)Talk to the target user in person
d)Search about target records in online people database
Answer: d
Explanation: Passive reconnaissance is all about acquiring of information about the target indirectly, hence
searching any information about the target on online people database is an example of passive
reconnaissance.

45. Which of them does not comes under scanning methodologies?

a)Vulnerability scanning
b)Sweeping
c)Port Scanning
d)Google Dorks
Answer: d
Explanation: Google dork is used for reconnaissance, which uses special search queries for narrowing down
the search results. The rest three scanning methodologies are used for scanning ports (logical), and network
vulnerabilities.

46. Which of them is not a scanning tool?

a)NMAP
b)Nexpose
c)Maltego
d)Nessus
Answer: c
Explanation: NMAP is used for both reconnaissance and scanning purposes. Nepose and Nessus are fully
scanning tool. Maltego is an example of a reconnaissance tool used for acquiring information about target user.

47. Which of the following comes after scanning phase in ethical hacking?
a)Scanning
b)Maintaining access
c)Reconnaissance
d)Gaining access
Answer: d
Explanation: Gaining access is the next step after scanning. Once the scanning tools are used to look for flaws
in a system, it is the next phase where the ethical hackers or penetration testers have to technically gain access
to a network or system.

Page 13 of 12
 5 unit Basics Of Ethical Hacking MCQS

48. In phase the hacker exploits the network or system vulnerabilities.

a)Scanning
b)Maintaining access
c)Reconnaissance
d)Gaining access
Answer: d
Explanation: Penetration testers after scanning the system or network tries to exploit the flaw of the system or
network in “gaining access” phase.
49. A can gain access illegally to a system if the system is not properly tested in
scanning and gaining access phase.
a)security officer
b)malicious hacker
c)security auditor
d)network analyst
Answer: b
Explanation: Malicious hackers can gain illegal access at OS level, application level or network level if the
penetration testers or ethical hackers lack in testing and reporting the vulnerabilities in a system.
50.Which of the following hacking tools and techniques hackers’ do not use for maintaining access in
a system?
a)Rootkits
b)Backdoors
c)Trojans
d)Wireshark
Answer: d
Explanation: Wireshark is not a tool for maintaining access because it is used for analysing network protocols at
a microscopic level (very minutely). It is an interactive tool for data traffic analysing on any computer.

51. In phase, the hackers try to hide their footprints.

a)Scanning
b)Tracks clearing
c)Reconnaissance
d)Gaining access
Answer: b
Explanation: Tracks clearing or covering tracks is the name of the phase where the hackers delete logs of their
existence & other activity records they do during the hacking process. This step is actually an unethical one.
52. Which of them is not a track clearing technique?
a)Altering log files
b)Tunnelling
c)Port Scanning
d)Footprint removing
Answer: c
Explanation: Port scanning is a method used in the scanning phase. Altering or changing log files, tunnelling for
hiding your identity and removing footprints from different sites are examples of clearing tracks.

53. is the last phase of ethical hacking process.

a)Scanning
b)Tracks clearing
c)Reconnaissance
d)Reporting
Answer: d

Page 14 of 12
 5 unit Basics Of Ethical Hacking MCQS

54. Ethical Hacking is also known as

a)Black Hat hacking
b)White Hat hacking
c)Encrypting
d)None of these

55. Tool(s) used by ethical hackers

a)Scanner
b)Decoder
c)Proxy
d)All of these
56. Vulnerability scanning in Ethical hacking finds
a)Strengths
b)Weakness
c)a & b
d)None of these
57. Ethical hacking will allow to all the massive
security breaches.
a)Remove
b)measure
c)Reject
d)None of these

58. Sequential steps hackers use are , , ,

A)Maintaining Access
B)Reconnaissance
C)Scanning
D)Gaining Access
a)B, C, D, A
b)B, A C, D
c)A, B, C, D
d)D, C, B, A

59. phase in ethical hacking is known as the pre-attack phase.

a)Reconnaissance
b)Scanning
c)Gaining access
d)Maintaining access
Answer: b
Explanation: In the scanning phase, the hacker actively scans for the vulnerabilities or specific
information in the network which can be exploited.

Page 15 of 12