Title: Top 20 Certified Ethical Hacker Interview Questions and Answer
1Top 20 Certified Ethical Hacker Interview
Questions and Answer
www.infosectrain.com sales_at_infosectrain.com
2The technique of discovering vulnerabilities in a
software, website, or agencys structure that a
hacker might exploit is known as ethical hacking.
They employ this method to avoid cyberattacks and
security breaches by legitimately hacking into
systems and looking for flaws. CEH was designed
to include a hands-on environment and a logical
procedure across each ethical hacking area and
technique. This is to provide you the opportunity
to work towards proving the knowledge and skills
to earn the CEH certificate and perform the tasks
of an ethical hacker.
www.infosectrain.com sales_at_infosectrain.com
3www.infosectrain.com sales_at_infosectrain.com
4Certified Ethical Hackers can now be found
working with some of the greatest and wealthiest
industries such as healthcare, education,
government, manufacturing, and many others. Due
to the sheer demand, CEH certified Ethical Hacker
is a lucrative and rewarding career choice
currently and this potential is only going to
increase in the future. Hence, to make the
process easier for CEH certification enthusiasts
and job seekers, here are the top 20 Interview
questions that a CEH certified Ethical Hacker may
face
www.infosectrain.com sales_at_infosectrain.com
5Interview Questions 1. Describe hacking? Hacking
is the act of gaining access to a system or
network without authorization. A hacker is
someone who engages in this activity. They use
computers for malevolent purposes such as
invasion of privacy, theft of corporate and
individual data, and more. 2. Explain ethical
hacking? When someone performs penetration
testing or intrusion testing on behalf of the
owner of a software system, program, network, or
other computing resources, they are considered to
be ethical hackers because they are looking for
loopholes and vulnerabilities that a malevolent
hacker could use.
www.infosectrain.com sales_at_infosectrain.com
63. What are the different categories of
hackers?There are three categories of hackers,
each with a different goal and legality of the
action. Black Hat The black hat hackers are
responsible for creating malware. They obtain
unauthorized access to data or network, causing
it to be damaged and stealing critical
data. White Hat These are known as ethical
hackers. They are widely used by organizations or
government bodies to identify weaknesses. Grey
Hat The grey hat hacker is the combination of
both black and white hats, they find the weakness
of the network or device without the permission
or knowledge of the owner. Their objective is to
bring the systems vulnerabilities to the
customers attention and seek compensation or an
enticement from the owner. Besides these
well-known hackers, there are a variety of
hackers based on what they hack and how they hack
www.infosectrain.com sales_at_infosectrain.com
7Hacktivist A person who uses technology to
spread social, religious, or political messages.
Website defacement or Denial-of-Service assaults
are common examples of hacktivism. Script
Kiddie The person who accesses a computer system
using automation tools written by others and has
little understanding of the fundamental concept,
known as Script Kiddie. Elite Hackers This is a
term used among hackers to describe the most
proficient hackers. Neophyte Theyre also known
as green hat hackers or beginner hackers because
they have no prior experience with technology or
hacking. Blue Hat Those who are not affiliated
with computer security consulting firms seek to
do a bug test on a system before its release to
identify flaws and plug gaps. Red Hat They are
a hybrid of both white hat and black hat hackers,
and are typically engaged by top intelligence
services, government entities, and other firms
that handle sensitive data.
www.infosectrain.com sales_at_infosectrain.com
84. Explain different types of hacking? Hacking is
classified into the following types, based on the
category of being hacked Website hacking It
refers to unlawful access to a web server and its
connected software, such as databases and
interfaces, as well as the alteration of
data. Network hacking It refers to collecting
network data using tools such as Telnet, ping,
and so on, with the goal of serious harm to the
network and disturbing its functions. Email
hacking Email hacking means accessing customers
email accounts and utilizing them without
permission. Password hacking It is a process of
recovering secret passwords from data stored on
multiple platforms. Computer hacking Using
hacking tactics, refers to gaining illegal access
to a computer and stealing data such as a
computer login and Information.
www.infosectrain.com sales_at_infosectrain.com
9- 5. What kind of tools are used in ethical
hacking? - Following are the most common ethical hacking
tools - John and Ripper
- Metasploit
- Nmap
- Acunetix
- Wireshark
- SQLMap
- OpenVAS
- IronWASP
- Nikto
- Netsparker
www.infosectrain.com sales_at_infosectrain.com
106. Explain various stages of hacking? Hacking is
divided into five stages Reconnaissance This
is the primary stage of hacking, also known as
the information gathering and footprinting phase.
In this stage, hackers collect as much as
information about the target. It includes
network, host, DNS records, and more. Scanning
It examines the network using the data collected
during reconnaissance. Achieving access The
stage in which attackers use various tools and
tactics to gain access to a system or
network. Keeping access open Once attackers have
gained access, they want to keep it for further
attacks and operations. This can be accomplished
through the use of malware, spyware, and other
malicious software. Covering tracks Once the
attackers have gained and maintained access, they
hide their traces to prevent identification. It
includes changing/deleting/corrupting the value
of logs, erasing all evidence of work,
uninstalling software, deleting files, and other
tasks.
www.infosectrain.com sales_at_infosectrain.com
117.What is the distinction between hashing and
encryption?
Hashing Encryption
Hashing is a technique for verifying the contents authenticity Hashing is a one-way function that converts plain text into an unchangeable unique sequence Whereas encryption ensures data privacy and security Encryption is a two-way process that encrypts and decrypts information
8. What exactly do you understand when you say
keystroke logging?Keystroke logging (sometimes
called keylogging or keyboard capturing) is a
technique for recording keystrokes. Its a form
of monitoring software that records every input
on the keyboard. Every keystroke is recorded, and
data is accessed by using the logging program.
www.infosectrain.com sales_at_infosectrain.com
129. What exactly do you mean by Trojan and how do
you classify them? A Trojan is a sort of malware
that is frequently created by hackers or
attackers to obtain access to target computers.
Users are tricked by some appealing social media
advertisements and then led to fake links, where
Trojans are loaded and run on their
devices. Types of Trojan Trojan downloader It
is a virus that downloads and installs other
viruses. Ransomware This type of malware
encrypts the data on your device/system. Trojan-dr
oppers These are advanced programs that
attackers utilize to install malware. Because
most antivirus products do not detect droppers as
dangerous, they are used to install
malware. Trojan banker These cybercriminals
collect user account information such as credit
card numbers and online banking
passwords. Trojan-backdoor It is the most common
sort of Trojan, and it builds a backdoor that
allows attackers to gain access to the machine,
later from a remote location using a Remote
Access Tool (RAT). This Trojan gives you complete
control over your computer.
www.infosectrain.com sales_at_infosectrain.com
13- 10. What exactly do you mean by
exploitation?Exploitation is a feature of
pre-programmed software or scripts that enable
attackers to obtain control of the specified
system/network and attack its vulnerabilities. To
detect these vulnerabilities, most hackers
utilize scanners such as OpenVAS, Nessus, and
others. - 11. What exactly is enumeration in the context of
ethical hacking?The first phase of ethical
hacking is enumeration, which is information
collection. During this phase, the attacker
establishes an active connection with the target
and attempts to gather as much data as possible
to identify system vulnerabilities or weaknesses
and further take advantage of the system.
Enumeration gathers information on the following
topics - Password policies list
- IP tables
- Network share
- Username of different system
- SNMP data
www.infosectrain.com sales_at_infosectrain.com
1412. Describe MIB? The Management Information Base
(MIB) is a collection of network components that
are accessed remotely. It comprises all of the
technical specifications of the network objects
that a network management system is observing.
The MIB database object serves as a point of
reference for a comprehensive set of management
data on a network system. 13. What is
footprinting? Footprinting is a methodology for
gathering as much information about the specified
infrastructure as possible in order to carry out
a successful cyber operation. It also determines
the users defense capabilities. A hacker can
gather information about a domain name, IP
address, namespace, employee information, contact
information, mails, and employee data during this
period. It is divided into two parts Active
footprinting It collects data by direct contact
through the target network. Passive
footprinting It gathers data from a target
network that is located far away from the
attacker.
www.infosectrain.com sales_at_infosectrain.com
1514. What exactly is DNS(Domain Name System) Cache
Poisoning? DNS cache poisoning is a method of
diverting internet traffic away from real servers
and towards misleading ones by exploiting DNS
flaws. DNS spoofing is another term for it. 15.
What exactly is a DDoS assault, and how does it
perform? Distributed Denial of Service(DDoS) is a
type of attack, where numerous affected systems
are frequently infected with a virus and
leveraged to target a single system, resulting in
a DoS (Denial of Service) attack. It is an
attempt to keep a webpage or online service
unavailable by flooding it with massive amounts
of traffic from several sources. 16. What
exactly is a phishing attack?Phishing is a
process or an attempt to get sensitive
information such as user data, credit card
numbers, and so on. These attacks usually happen
while using personal emails or social media
sites, as well as online purchases and other
services.
www.infosectrain.com sales_at_infosectrain.com
16- 17. What are the different types of
attacks?Following are the different types of
attacks - Vishing
- Phishing
- Tailgating
- Pretexting
- Quid pro quo
- Baiting
- Spear phishing
- 18. Explain a rogue DHCP server?It is a DHCP
server that is installed on a network or system
by an attacker, which did not come under the
supervision of system/network administrators. It
could be a modem or router. - Attackers mainly deploy rogue DHCP servers for
network attacks such as reconnaissance, sniffing,
and man-in-the-middle assaults.
www.infosectrain.com sales_at_infosectrain.com
1719. Describe ARP poisoning? It is also known as
ARP routing or ARP spoofing. It is a method of
attack where attackers change the MAC(Media
Access Control) address and target the ethernet
LAN network by modifying the target computers
ARP cache with faked requests and reply
packets. 20. What do you mean by
fingerprinting? Fingerprinting is a method to
determine which operating system is installed on
a remote device. CEH Certification with
InfosecTrain The CEH exam is challenging, and
that is its glory. InfosecTrain provides premium
training for those who wish to advance their
career in the IT Field. InfosecTrains trainers
are extremely well-versed in a wide range of
fields. Were a world-class training company with
a global reputation for excellence in training.
Enroll in InfosecTrains CEH certification
training courses to begin your preparations.
www.infosectrain.com sales_at_infosectrain.com
18About InfosecTrain
- Established in 2016, we are one of the finest
Security and Technology Training and Consulting
company - Wide range of professional training programs,
certifications consulting services in the IT
and Cyber Security domain - High-quality technical services, certifications
or customized training programs curated with
professionals of over 15 years of combined
experience in the domain
www.infosectrain.com sales_at_infosectrain.com
19Our Endorsements
www.infosectrain.com sales_at_infosectrain.com
20Why InfosecTrain
Global Learning Partners
Access to the recorded sessions
Certified and Experienced Instructors
Flexible modes of Training
Tailor Made Training
Post training completion
www.infosectrain.com sales_at_infosectrain.com
21Our Trusted Clients
www.infosectrain.com sales_at_infosectrain.com
22(No Transcript)
23Contact us
Get your workforce reskilled by our certified and
experienced instructors!
IND 1800-843-7890 (Toll Free) / US 1
657-221-1127 / UK 44 7451 208413
sales_at_infosectrain.com
www.infosectrain.com