Part 2: Reconnaissance & Footprinting (15 Questions)

1. What is the main goal of the reconnaissance phase in ethical hacking?

• A) Exploiting vulnerabilities

• B) Identifying security controls

• C) Gathering target information

• D) Delivering payloads

Answer: C) Gathering target information

Explanation: Reconnaissance involves collecting details like domains, IPs, employee info, and network architecture.

2. Which is an example of passive reconnaissance?

• A) Nmap port scan

• B) Social media monitoring

• C) Phishing attack

• D) SQL injection

Answer: B) Social media monitoring

Explanation: Passive reconnaissance gathers public info without engaging the target, like WHOIS lookups or Google Dorking.

3. Which tool performs WHOIS lookups?

• A) Maltego

• B) nslookup

• C) WHOIS

• D) Nikto

Answer: C) WHOIS

Explanation: WHOIS reveals domain registration, owner details, and DNS info.

4. Which technique extracts sensitive data via search engines?

• A) Google Dorking

• B) DNS Spoofing

• C) Phishing

• D) ARP Poisoning

Answer: A) Google Dorking

Explanation: Google Dorking uses search operators to locate exposed files and misconfigured servers.

5. Which command performs DNS zone transfers?

• A) nslookup

• B) whois

• C) dig

• D) ping

Answer: C) dig

Explanation: The dig command queries DNS records like A, MX, and TXT for zone information.

6. What reconnaissance technique intercepts wireless communications?

• A) Phishing

• B) Wardriving

• C) Social engineering

• D) Footprinting

Answer: B) Wardriving

Explanation: Wardriving involves driving around to locate unsecured Wi-Fi networks.

7. Which tool gathers email addresses linked to a domain?

• A) TheHarvester

• B) Nikto

• C) Nessus

• D) Hydra

Answer: A) TheHarvester

Explanation: TheHarvester collects emails, domains, and employee info via search engines and public sources.

8. What technique identifies a target’s network range and IP structure?

• A) Banner grabbing

• B) Port scanning

• C) Footprinting

• D) Fingerprinting

Answer: C) Footprinting

Explanation: Footprinting maps IP addresses, DNS info, and system configurations.

9. Which tool maps relationships between organizations, social media, and domains?

• A) Maltego

• B) Metasploit

• C) Nikto

• D) sqlmap

Answer: A) Maltego

Explanation: Maltego visualizes connections across networks and social platforms.

10. Which command identifies a domain’s mail server?

• A) ping

• B) traceroute

• C) nslookup

• D) netcat

Answer: C) nslookup

Explanation: nslookup -type=MX [domain] reveals mail server info.

11. Which method uses impersonation or pretexting to gather information?

• A) Passive reconnaissance

• B) Active reconnaissance

• C) Human reconnaissance

• D) Hybrid reconnaissance

Answer: C) Human reconnaissance

Explanation: Human reconnaissance exploits social engineering tactics to extract data.

12. Which tool maps web application attack surfaces?

• A) Burp Suite

• B) Aircrack-ng

• C) Hashcat

• D) Ettercap

Answer: A) Burp Suite

Explanation: Burp Suite identifies web application vulnerabilities.

13. Which technique targets employees with customized attacks?

• A) Whaling

• B) Footprinting

• C) Spear phishing

• D) Dumpster diving

Answer: C) Spear phishing

Explanation: Spear phishing personalizes attacks using gathered employee details.

14. Which reconnaissance type directly interacts with target systems?

• A) Passive reconnaissance

• B) Active reconnaissance

• C) Hybrid reconnaissance

• D) Dynamic reconnaissance

Answer: B) Active reconnaissance

Explanation: Active reconnaissance involves direct engagement like port scanning.

15. Which technique retrieves sensitive data from discarded items?

• A) Baiting

• B) Dumpster diving

• C) Tailgating

• D) Pharming

Answer: B) Dumpster diving

Explanation: Dumpster diving involves searching trash for useful data.

Part 1: Ethical Hacking Fundamentals (10 Questions)

1. What is the main aim of a penetration test?

• A) Network performance issues

• B) Find vulnerabilities before attackers

• C) Enhance software development

• D) Prevent unauthorized access

Answer: B) Find vulnerabilities before attackers

2. Which method uses tools to check systems for known weaknesses?

• A) Fuzzing

• B) Static Analysis

• C) Vulnerability Scanning

• D) Social Engineering

Answer: C) Vulnerability Scanning

3. What distinguishes a black-box from a white-box penetration test?

• A) White-box testers have no knowledge of the system

• B) Black-box testers mimic insiders

• C) Black-box testers have no prior system knowledge

• D) White-box testers focus on social engineering

Answer: C) Black-box testers have no prior system knowledge

4. Which attack vector targets the human element in security?

• A) Phishing

• B) DNS Spoofing

• C) ARP Poisoning

• D) MITM Attack

Answer: A) Phishing

5. Which security framework provides key controls for enterprise networks?

• A) ISO 27001

• B) OWASP Top 10

• C) MITRE ATT&CK

• D) NIST 800-53

Answer: D) NIST 800-53

6. What type of hacker is driven by social, political, or ideological causes?

• A) Black Hat

• B) White Hat

• C) Gray Hat

• D) Hacktivist

Answer: D) Hacktivist

7. What is the main goal of a honeypot?

• A) Encrypt network data

• B) Monitor user behavior

• C) Distract attackers and gather intelligence

• D) Protect against SQL Injection

Answer: C) Distract attackers and gather intelligence

8. What is the primary purpose of the OWASP Top 10?

• A) Compliance audit checklist

• B) Encryption algorithm standards

• C) Guideline for identifying web application risks

• D) Tool for zero-day vulnerabilities tracking

Answer: C) Guideline for identifying web application risks

9. Which phase of ethical hacking identifies active IP addresses in the target network?

• A) Reconnaissance

• B) Scanning

• C) Gaining Access

• D) Covering Tracks

Answer: B) Scanning

10. What legal agreement defines an ethical hacker’s authorized actions during testing?

• A) Service Level Agreement (SLA)

• B) Non-Disclosure Agreement (NDA)

• C) Rules of Engagement (RoE)

• D) End-User License Agreement (EULA)

Answer: C) Rules of Engagement (RoE)

Bonus: What is a passive reconnaissance method?

• A) Nmap Scan

• B) Social Engineering

• C) WHOIS Lookup

• D) SQL Injection

Answer: C) WHOIS Lookup

Edward Henriquez's podcast episode, "Decoded: Web Application Hacking," uses "The Web Application Hacker’s Handbook" as a foundation to explore prevalent web application attacks. The episode introduces fundamental concepts and then examines specific vulnerabilities, such as SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and command injection, explaining how these attacks are executed and their potential impact. For each attack type, Henriquez provides illustrative scenarios and outlines key defense strategies. The podcast concludes by emphasizing the continuous nature of web security and the importance of proactive measures like secure development practices and penetration testing.

The Decoded podcast episode, hosted by Edward Henriquez, explores real-world hacking tactics drawn from Peter Kim's Hacker Playbook series, moving beyond fictional portrayals. It details the stages of an attack, starting with reconnaissance using OSINT and tools like Shodan and Nmap to gather information. The episode then examines exploitation techniques that target vulnerabilities with tools such as Burp Suite and Mimikatz. Further discussion covers pivoting and escalation within a network using methods like pass-the-hash and PowerShell Empire. Finally, the podcast addresses how attackers cover their tracks and provides key defensive strategies like penetration testing and employee training to mitigate these threats.

The podcast episode "Decoded – Unmasking the CEH" provides a comprehensive guide to the Certified Ethical Hacker (CEH) certification. Hosted by Edward Henriquez, the episode outlines what the CEH is, its significance in cybersecurity, and the career opportunities it can unlock. It thoroughly breaks down the 20 domains covered in the CEH exam, including topics like reconnaissance, network scanning, system hacking, and web application attacks. The podcast also offers advice on how to effectively prepare for the exam, suggesting study materials, hands-on practice, and the use of specific tools. Furthermore, it discusses the value of the CEH certification in comparison to other cybersecurity credentials. Ultimately, the episode aims to equip listeners with a clear understanding of the CEH and the steps needed to pursue it.

Decoded: The Open-Source Arsenal – Deep Dive into DFIR Tools is a podcast episode hosted by Edward Henriquez that explores a variety of open-source tools critical for digital forensics and incident response (DFIR). The episode examines tools used in disk and memory forensics, such as Autopsy, The Sleuth Kit, Volatility, and Rekall, for analyzing compromised systems and memory dumps. It further discusses network forensics with Wireshark, Zeek, and Suricata for traffic analysis and threat detection. Additionally, the episode covers log and event analysis using the ELK Stack and Graylog, as well as malware analysis with YARA, Ghidra, and Radare2. Finally, it touches upon incident response and threat hunting tools like Velociraptor, GRR Rapid Response, and Osquery, and concludes with cloud forensics tools for AWS and GCP, highlighting their importance in uncovering cyber threats.

This podcast episode of "Decoded" explores the importance of Unix in cybersecurity. It traces Unix's origins and its influence on modern operating systems and security practices. The episode highlights essential Unix commands for security professionals and explains effective patching and update strategies. It also shows how to use Ansible for automating Unix security tasks such as enforcing policies, deploying intrusion detection tools, and managing user privileges. Ultimately, the podcast underscores why proficiency in Unix is critical for anyone serious about a career in cybersecurity.

Edward Henriquez hosts the "Decoded Podcast". The YouTube video by "UnixGuy | Cyber Security" outlines a comprehensive six-month plan for individuals seeking entry-level cybersecurity positions without prior experience or degrees. It emphasizes practical, hands-on skills, starting with the Google Cybersecurity Certificate. The plan includes resume building, focusing on relevant experience, immediately applying for jobs to gain confidence, becoming a cybersecurity generalist before specializing, participating in virtual internships, and engaging in intermediate-level training.

PurpleLab is an open-source cybersecurity lab designed to help security teams detect, analyze, and simulate cyber threats. It provides a sandboxed environment with tools for testing detection rules, generating realistic logs, and executing malware. The lab includes a web interface, a Windows 10 virtual machine with forensic tools, and integration with the ELK stack for log analysis. Administrators can configure LDAP settings and API keys, as well as set up integration with Splunk. PurpleLab requires a clean installation of Ubuntu Server 22.04 and offers various pages for monitoring, hunting, simulating attacks, and managing system health.

This podcast episode of Decoded, hosted by Edward Henriquez, addresses the ever-present threat of password cracking. It explores three common methods used by hackers: brute force attacks, dictionary attacks, and rainbow table attacks. For each technique, Henriquez provides real-world examples of successful breaches, highlighting the potential damage. Most importantly, the podcast offers actionable advice on how individuals and organizations can strengthen their password security through strategies like using long, complex passwords, enabling multi-factor authentication, and implementing robust password policies. The goal is to empower listeners with the knowledge to defend themselves against these prevalent cyber threats.