112-52 Exam Training Practice Tests (EC-COUNCIL EC-Council Ethical Hacking Essentials (EHE))]

Question 1

Which of the following is NOT a type of hacker?

A. White Hat B. Black Hat C. Green Hat D. Grey Hat

Correct Answer: C

Question 2

Which attack involves unauthorized access to or theft of information from a Bluetooth device?

A. War driving B. Bluejacking C. Man-in-the-Middle D. Bluesnarfing

Correct Answer: D

Question 3

What differentiates a vulnerability scan from a penetration test?

A. A vulnerability scan requires downtime, while a penetration test does not. B. A vulnerability scan assesses compliance, while a penetration test assesses security. C. A vulnerability scan identifies weaknesses, while a penetration test exploits them. D. A vulnerability scan is automated, while a penetration test is not.

Correct Answer: C

Question 4

Which attack targets the configuration and administration of the web server itself?

A. Man-in-the-middle attack B. DNS spoofing C. Directory traversal D. Buffer overflow

Correct Answer: C

Question 5

Which technique helps mitigate DoS and DDoS attacks by controlling traffic flow?

A. Password rotation B. Rate limiting C. Packet sniffing D. DNS spoofing

Correct Answer: B

Question 6

What is the main goal of Cross-Site Scripting (XSS) attacks?

A. To alter network traffic flow B. To trick users into executing malicious scripts in their browsers C. To perform a denial of service on a web server D. To gain administrative access to a server

Correct Answer: B

Question 7

Which practice BEST protects a mobile device against attacks?

A. Regularly updating the device operating system B. Using open public Wi-Fi without VPN C. Regularly updating the device operating system D. Installing apps from unverified sources

Correct Answer: A

Question 8

Which of the following is an example of a passive attack?

A. Eavesdropping B. Session hijacking C. Denial of Service D. Data modification

Correct Answer: A

Question 9

What principle is aimed at minimizing the number of individuals who have access to secure information?

A. Principle of least privilege B. Risk management C. Data minimization D. Security through obscurity

Correct Answer: A

Question 10

Which type of attack floods a network with excessive traffic to render a service unavailable?

A. Man-in-the-middle B. Phishing C. SQL Injection D. Denial of Service (DoS)

Correct Answer: D

Question 11

Which of the following is the MOST effective countermeasure against SQL Injection attacks?

A. Using CAPTCHAs B. Employing least privilege principles only C. Utilizing parameterized queries or prepared statements D. Validating input with regular expressions

Correct Answer: C

Question 12

Which tool is widely used for password recovery by trying millions of combinations per second?

A. John the Ripper B. Nessus C. Cain & Abel D. Wireshark

Correct Answer: A

Question 13

What primarily distinguishes a grey hat hacker from a black hat hacker?

A. Their technical skill level B. The legality and intent of their actions C. The tools they use D. Their employment status

Correct Answer: B

Question 14

Which tool is commonly used for wireless network hacking?

A. Aircrack-ng B. Nessus C. Metasploit D. Wireshark

Correct Answer: A

EC-COUNCIL EC-Council Ethical Hacking Essentials (EHE) - 112-52 Exam Practice Test