Ethical Hacker – 10.3.3 Quiz – Tools and Code Analysis Answers Full 100% 2023 2024

Ethical Hacker – 10.3.3 Quiz – Tools and Code Analysis Answers Full 100% 2023 2024

1. Which two items are programming logic constructs? (Choose two.)

   • Boolean operators
   • Conditionals
   • Arrays
   • Dictionaries
   • Libraries
     

     Explanation & Hint: Programming logic constructs are the building blocks that include the sequence or order in which instructions occur and are processed, the path a program takes when it is running, and the iteration (or repeated execution) of a section of code. Most programming languages include the following logic constructs: loops, conditionals, Boolean operators, string operators, and arithmetic operators.

2. Which two items are data structures used in programming languages? (Choose two.)

   • Procedures
   • functions
   • Arrays
   • Lists
   • Libraries
     

     Explanation & Hint: The most commonly used data structures in programming languages are JavaScript Object Notation (JSON), arrays, dictionaries, comma-separated values (CSV), lists, and trees.

3. Which two items can be included in a library? (Choose two.)

   • Message templates
   • Subroutines
   • Trees
   • Databases
   • Conditionals
     

     Explanation & Hint: A library is a collection of resources that programs can reuse. Libraries can include prewritten code, configuration information, subroutines, documentation and help information, message templates, and classes.

4. What is the definition of a procedure used in an application software?

   • It is a section of code that is created to perform a specific task.
   • It is a collection of resources that programs can reuse.
   • It is a non-linear data structure represented using nodes in a hierarchical model.
   • It is a collection of data values ordered using a key/value pair.
     

     Explanation & Hint: A procedure is a section of code that is created to perform a specific task. It can be used several times throughout a program.

5. Which programming language data structure is a special variable with more than one value at a time?

   • List
   • Array
   • Tree
   • File with comma-separated values
     

     Explanation & Hint: An array is a special variable with more than one value at a time. Lists are data structures in programming languages that contain an ordered structure of elements. Trees are non-linear data structures represented using nodes in a hierarchical model. Comma-separated values (CSV) files are plaintext files that contain data delimited by commas (,) and sometimes tabs or other characters, like a semicolon (;).

6. Which term describes a programming language component such as JavaScript Object Notation (JSON)?

   • Data structures
   • Logic constructs
   • Procedures
   • Classes
     

     Explanation & Hint: JavaScript Object Notation, arrays, dictionaries, comma-separated values (CSV), lists, and trees are the most commonly used data structures in programming languages.

7. What kind of data structure in Python is represented in the example below?

   cves = [‘CVE-2022-0945’, ‘CVE-2023-1234’, ‘CVE-2022-0987’]

   • List
   • Tree
   • Array
   • Dictionary
     

     Explanation & Hint: A list is a data structure in programming languages that contains an ordered structure of elements. The example represents a list in Python.

8. Which programming language elements perform similar tasks?

   • Procedures and functions
   • Procedures and libraries
   • Libraries and classes
   • Functions and libraries
     

     Explanation & Hint: A procedure is a section of code that is created to perform a specific task. It can be used several times throughout a program. A function is a block of code useful when executing similar jobs repeatedly. Procedures and functions are very similar. In some programming languages, functions and procedures are practically the same thing.

9. What is the definition of a library in application software?

   • It is a section of code that is created to perform a specific task.
   • It is a collection of resources that can be reused by programs.
   • It is a non-linear data structure represented using nodes in a hierarchical model.
   • It is a collection of data values that are ordered using a key/value pair.
     

     Explanation & Hint: A library is a collection of resources that programs can reuse. It can include prewritten code, configuration information, subroutines, documentation and help information, message templates, and classes.

10. Which domain name database query utility has been restricted by the European Union´s General Data Protection Regulation (GDPR) to protect privacy?

    • Dig
    • Whois
    • FOCA
    • theHarvester
      

      Explanation & Hint: Most Linux, Windows, and macOS versions support the Whois utility for querying the Whois database. Whois can also be used for reconnaissance. Unfortunately, the Whois database has been restricted to protect privacy because of the European Union´s General Data Protection Regulation (GDPR).

11. What are two tools that can be used to perform active reconnaissance? (Choose two.)

    • Nslookup
    • Zenmap
    • Tor
    • Enum4linux
    • Maltego
      

      Explanation & Hint: Active reconnaissance involves gathering information about a victim using tools such as port and vulnerability scanners. Zenmap, Nmap, and Enum4linux are some of the most popular tools for active reconnaissance.

12. What are two tools that can be used to perform credential attacks? (Choose two.)

    • Nslookup
    • FOCA
    • Mimikatz
    • Censys
    • Patator
      

      Explanation & Hint: Some of the most popular tools that can be used to brute force, crack, and compromise user credentials are John the Ripper, Cain and Abel, Hashcat, Hydra, Medusa, Ncrack, CeWL, w3af, Mimikatz, and Patator.

13. Which Linux distribution comes with more than 1900 security penetration testing tools?

    • BlackArch Linux
    • Parrot OS
    • Kali Linux
    • BackTrack
      

      Explanation & Hint: BlackArch Linux is a Linux distribution with over 1900 security penetration testing tools. It can be downloaded from https://blackarch.org, and access the documentation at https://blackarch.org/guide.html. BlackArch Linux source code can be accessed at https://github.com/BlackArch/blackarch.

14. Which tool is designed to find metadata and hidden information in documents?

    • theHarvester
    • FOCA
    • ExifTool
    • Shodan
      

      Explanation & Hint: Fingerprinting Organization with Collected Archives (FOCA) is a tool designed to find metadata and hidden information in documents. FOCA can analyze websites and Microsoft Office, Open Office, PDF, and other documents.

15. Which programming language element is a block of code that can be reused multiple times to execute a specific task?

    • Function
    • JavaScript Object Notation (JSON)
    • Array
    • Class
      

      Explanation & Hint: A function is a block of code useful when executing similar tasks regularly throughout a program.

16. Which tool organizes query entities within the Entity Palette and calls the search options “transforms”?

    • Shodan
    • FOCA
    • Maltego
    • theHarvester
      

      Explanation & Hint: Maltego is a tool for passive reconnaissance that can be used to find information about companies, individuals, gangs, educational groups, etc. Maltego organizes query entities within the Entity Palette, and the search options are called “transforms.”

17. Which programming language element is a code template that includes initial variables and functions for creating an object?

    • Class
    • Function
    • Array
    • Procedure
      

      Explanation & Hint: A class is a code template that can create different objects. It provides initial values for member variables and functions or methods.

18. Which passive reconnaissance tool can be used to find information about devices and networks on the Internet?

    • Recon-ng
    • Maltego
    • Censys
    • theHarvester
      

      Explanation & Hint: Censys is a tool that can be used for passive reconnaissance to find information about devices and networks on the Internet. It provides a free web and API access plan that limits the number of queries a user can perform. Censys also provides several other paid plans for premium support and additional queries.

19. What is a command-line tool that allows for interactive or non-interactive command execution?

    • Bash
    • Kali Linux
    • Parrot OS
    • Metasploit
      

      Explanation & Hint: The Bourne-Again shell (Bash) is a command-line shell and language interpreter available on Linux, macOS, and Windows. It is helpful in penetration testing engagements to quickly create scripts, parse data, and automate different tasks.

20. Which popular Linux penetration testing distribution is based on Debian GNU/Linux and has evolved from WHoppiX, WHAX, and BackTrack?

    • Kali Linux
    • Parrot OS
    • BlackArch Linux
    • Security Onion
      

      Explanation & Hint: Kali Linux is one of the most popular penetration testing distributions in the industry. It is based on Debian GNU/Linux and evolved from previous penetration-testing Linux distributions (WHoppiX, WHAX, and BackTrack).

21. Which vulnerability scanner tool offers a cloud-based service that performs continuous monitoring, vulnerability management, and compliance checking?

    • w3af
    • Nikto
    • SQLmap
    • Qualys
      

      Explanation & Hint: Qualys is a security company that created one of the most popular vulnerability scanners in the industry. It has a cloud-based service that performs continuous monitoring, vulnerability management, and compliance checking. This cloud solution interacts with cloud agents, virtual scanners, scanner appliances, and Internet scanners.

22. Which option is a PowerShell-based post-exploitation tool that can maintain persistence on a compromised system and run PowerShell agents without the need for powershell.exe?

    • Empire
    • Veil
    • Patator
    • Security Onion
      

      Explanation & Hint: Empire is a PowerShell-based post-exploitation framework that is very popular among pen testers. Empire is an open-source framework with PowerShell Windows and Python Linux agents. Empire implements the ability to run PowerShell agents without the need for powershell.exe. It allows you to rapidly deploy post-exploitation modules, including keyloggers, reverse shells, Mimikatz, and adaptable communications to evade detection.

23. Which tool can be used with Metasploit to maintain stealth and avoid detection from security controls implemented by an organization?

    • Veil
    • Empire
    • Patator
    • Security Onion
      

      Explanation & Hint: Veil is a framework that can be used with Metasploit to evade antivirus checks and other security controls.

24. Which encoding method can secretly exfiltrate confidential data in the payload of DNS packets?

    • Base64
    • MD5
    • ASCII
    • HTML
      

      Explanation & Hint: Malware can use Base64 encoding to put sensitive data (e.g., credit card numbers and personally identifiable information) in the payload of DNS packets.

25. Which option is a Linux distribution tool for forensic evidence collection?

    • CAINE
    • BeEF
    • Immunity Debugger
    • Metasploit
      

      Explanation & Hint: The Computer Aided Investigative Environment (CAINE) contains numerous tools that help investigators with analyses, including forensic evidence collection.