Here we have mentioned most frequently asked Ethical Hacking Interview Questions and Answers specially for freshers and experienced.


 

1. Explain what is Ethical Hacking?

Ans:

Ethical Hacking is when a person is allowed to hacks the system with the permission of the product owner to find weakness in a system and later fix them.

2. What is the difference between IP address and Mac address?

Ans:

IP address: To every device IP address is assigned, so that device can be located on the network. In other words IP address is like your postal address, where anyone who knows your postal address can send you a letter.
MAC (Machine Access Control) address: A MAC address is a unique serial number assigned to every network interface on every device. Mac address is like your physical mail box, only your postal carrier (network router) can identify it and you can change it by getting a new mailbox (network card) at any time and slapping your name (IP address) on it.

3. List out some of the common tools used by Ethical hackers?

Ans:

Meta Sploit
Wire Shark
NMAP
John The Ripper
Maltego

4. What are the types of ethical hackers?

Ans:

The types of ethical hackers are
Grey Box hackers or Cyberwarrior
Black Box penetration Testers
White Box penetration Testers
Certified Ethical hacker

5. What is footprinting in ethical hacking? What is the techniques used for footprinting?

Ans:

Footprinting refers accumulating and uncovering as much as information about the target network before gaining access into any network. The approach adopted by hackers before hacking
Open Source Footprinting : It will look for the contact information of administrators that will be used in guessing the password in Social engineering
Network Enumeration : The hacker tries to identify the domain names and the network blocks of the target network
Scanning : Once the network is known, the second step is to spy the active IP addresses on the network. For identifying active IP addresses (ICMP) Internet Control Message Protocol is an active IP addresses
Stack Fingerprinting : Once the hosts and port have been mapped by scanning the network, the final footprinting step can be performed. This is called Stack fingerprinting.

6. Explain what is Brute Force Hack?

Ans:

Brute force hack is a technique for hacking password and get access to system and network resources, it takes much time, it needs a hacker to learn about JavaScripts. For this purpose, one can use tool name “Hydra”.

7. Explain what is DOS (Denial of service) attack? What are the common forms of DOS attack?

Ans:

Denial of Service, is a malicious attack on network that is done by flooding the network with useless traffic. Although, DOS does not cause any theft of information or security breach, it can cost the website owner a great deal of money and time.

  • Buffer Overflow Attacks
  • SYN Attack
  • Teardrop Attack
  • Smurf Attack
  • Viruses

8. Explain what is SQL injection?

Ans:

SQL is one of the technique used to steal data from organizations, it is a fault created in the application code. SQL injection happens when you inject the content into a SQL query string and the result mode content into a SQL query string, and the result modifies the syntax of your query in ways you did not intend

9. What are the types of computer based social engineering attacks? Explain what is Phishing?

Ans:

Computer based social engineering attacks are

  • Phishing
  • Baiting
  • On-line scams

Phishing technique involves sending false e-mails, chats or website to impersonate real system with aim of stealing information from original website.

10. Explain what is Network Sniffing?

Ans:

A network sniffer monitors data flowing over computer network links. By allowing you to capture and view the packet level data on your network, sniffer tool can help you to locate network problems. Sniffers can be used for both stealing information off a network and also for legitimate network management.



 

11. Explain what is ARP Spoofing or ARP poisoning?

Ans:

ARP (Address Resolution Protocol) is a form of attack in which an attacker changes MAC ( Media Access Control) address and attacks an internet LAN by changing the target computer’s ARP cache with a forged ARP request and reply packets.

12. How you can avoid or prevent ARP poisoning?

Ans:

ARP poisoning can be prevented by following methods
Packet Filtering : Packet filters are capable for filtering out and blocking packets with conflicting source address information
Avoid trust relationship : Organization should develop protocol that rely on trust relationship as little as possible
Use ARP spoofing detection software : There are programs that inspects and certifies data before it is transmitted and blocks data that is spoofed
Use cryptographic network protocols : By using secure communications protocols like TLS, SSH, HTTP secure prevents ARP spoofing attack by encrypting data prior to transmission and authenticating data when it is received

13. What is Mac Flooding?

Ans:

Mac Flooding is a technique where the security of given network switch is compromised. In Mac flooding the hacker or attacker floods the switch with large number of frames, then what a switch can handle. This make switch behaving as a hub and transmits all packets at all the ports. Taking the advantage of this the attacker will try to send his packet inside the network to steal the sensitive information.

14. Explain what is DHCP Rogue Server?

Ans:

A Rogue DHCP server is DHCP server on a network which is not under the control of administration of network staff. Rogue DHCP Server can be a router or modem. It will offer users IP addresses , default gateway, WINS servers as soon as user’s logged in. Rogue server can sniff into all the traffic sent by client to all other networks.

15. Explain what is Cross-site scripting and what are the types of Cross site scripting?

Ans:

Cross site scripting is done by using the known vulnerabilities like web based applications, their servers or plug-ins users rely upon. Exploiting one of these by inserting malicious coding into a link which appears to be a trustworthy source. When users click on this link the malicious code will run as a part of the client’s web request and execute on the user’s computer, allowing attacker to steal information.
There are three types of Cross-site scripting

  • Non-persistent
  • Persistent
  • Server side versus DOM based vulnerabilities

16. Explain what is Burp Suite, what are the tools it consist of?

Ans:

Burp suite is an integrated platform used for attacking web applications. It consists of all the Burp tools required for attacking an application. Burp Suite tool has same approach for attacking web applications like framework for handling HTTP request, upstream proxies, alerting, logging and so on.

The tools that Burp Suite has

  • Proxy
  • Spider
  • Scanner
  • Intruder
  • Repeater
  • Decoder
  • Comparer
  • Sequencer

17. Explain what is Pharming and Defacement?

Ans:

Pharming: In this technique the attacker compromises the DNS ( Domain Name System) servers or on the user computer so that traffic is directed to a malicious site
Defacement: In this technique the attacker replaces the organization website with a different page. It contains the hackers name, images and may even include messages and background music

18. Explain how you can stop your website getting hacked?

Ans:

By adapting following method you can stop your website from getting hacked
Sanitizing and Validating users parameters: By Sanitizing and Validating user parameters before submitting them to the database can reduce the chances of being attacked by SQL injection
Using Firewall: Firewall can be used to drop traffic from suspicious IP address if attack is a simple DOS
Encrypting the Cookies: Cookie or Session poisoning can be prevented by encrypting the content of the cookies, associating cookies with the client IP address and timing out the cookies after some time
Validating and Verifying user input : This approach is ready to prevent form tempering by verifying and validating the user input before processing it
Validating and Sanitizing headers : This techniques is useful against cross site scripting or XSS, this technique includes validating and sanitizing headers, parameters passed via the URL, form parameters and hidden values to reduce XSS attacks

19. Explain what is Keylogger Trojan?

Ans:

Keylogger Trojan is malicious software that can monitor your keystroke, logging them to a file and sending them off to remote attackers. When the desired behaviour is observed, it will record the keystroke and captures your login username and password.

20. Explain what is Enumeration?

Ans:

The process of extracting machine name, user names, network resources, shares and services from a system. Under Intranet environment enumeration techniques are conducted.




 

21. Explain what is NTP?

Ans:

To synchronize clocks of networked computers, NTP (Network Time Protocol) is used. For its primary means of communication UDP port 123 is used. Over the public internet NTP can maintain time to within 10 milliseconds

22. Explain what is MIB?

Ans:

MIB ( Management Information Base ) is a virtual database. It contains all the formal description about the network objects that can be managed using SNMP. The MIB database is hierarchical and in MIB each managed objects is addressed through object identifiers (OID).

23. Mention what are the types of password cracking techniques?

Ans:

The types of password cracking technique includes

  • AttackBrute Forcing
  • AttacksHybrid
  • AttackSyllable
  • AttackRule

24. Explain what are the types of hacking stages?

Ans:

The types of hacking stages are

  • Gaining AccessEscalating
  • PrivilegesExecuting
  • ApplicationsHiding
  • FilesCovering Tracks

25. Explain what is CSRF (Cross Site Request Forgery)? How you can prevent this?

Ans:

CSRF or Cross site request forgery is an attack from a malicious website that will send a request to a web application that a user is already authenticated against from a different website. To prevent CSRF you can append unpredictable challenge token to each request and associate them with user’s session. It will ensure the developer that the request received is from a valid source.

26.Give a breif description about ethical hacking?

Ans:

It is about some one who hacks the gadget with the approval of the owner to locate weak point in a machine and later restore them.

27. What’s the difference among IP cope with and Mac deal with?

Ans:

MAC deal with: A MAC cope with is a completely unique serial wide variety assigned to each interface of network on each tool. It is like your physical mail container, the best you can identify it and you may change it with the aid of getting a present-day mailbox slapping your name at any time.
IP cope with: To each tool IP cope with is assigned, in order that gadget can be positioned at the community. In other phrases it is like a postal cope with, in which each person who is aware of your postal cope with can ship the letter.

28. List out the gears used by moral hackers?

Ans:

  • John The Ripper
  • Cord Shark
  • Meta Sploit
  • Maltego

29. What is Brute force hack, explain?

Ans:

It is the technique used for hacking passwords and get admission to to device and network sources, it takes lot of time for hacker to study the scripts. For this we use device name “Hydra”.

30. What is network sniffing, Explain?

Ans:

The community sniffer video display units statistics flowing over pc community hyperlinks, and enable you to seize and look at the packet stage records on network sniffer tool that can help you to find community troubles. This can be used for both stealing statistics off a community and additionally for legitimate community control.


 

31. What are the hacking stages? Explain each stage.

Ans:

Hacking, or targeting a specific machine, should follow and go through the following five phases:
Reconnaissance: This is the first phase where the hacker attempts to collect as much information as possible about the target.
Scanning: This stage involves exploiting the information gathered during reconnaissance phase and using it to examine the victim. The hacker can use automated tools during the scanning phase which can include port scanners, mappers and vulnerability scanners.
Gaining access: This is the phase where the real hacking takes place. The hacker now attempts to exploit vulnerabilities discovered during the reconnaissance and scanning phase to gain access.
Maintaining access: Once access is gained, hackers want to keep that access for future exploitation and attacks by securing their exclusive access with backdoors, rootkits and trojans.
Covering tracks: Once hackers have been able to gain and maintain access, they cover their tracks and traces to avoid detection. This also allows them to continue the use of the hacked system and avoid legal actions.

32. What is scanning and what are some examples of the types of scanning used?

Ans:

Scanning may be referred to as a set of procedures for identifying hosts, ports and the services attached to a network. Scanning is a critical component for information gathering. It allows the hacker to create a profile on the site of the organization to be hacked. Types of scanning include:

  • Port scanning
  • Vulnerability scanning
  • Network scanning

33. What is footprinting? What are the techniques used for footprinting?

Ans:

Footprinting refers to accumulating and uncovering information about the target network before attempting to gain access. Hacking techniques include:
Open source footprinting: This technique will search for administrator contact information, which can be later used for guessing the correct password in social engineering.
Network enumeration: This is when the hacker attempts to identify the domain names and network blocks of the targeted
Scanning: Once the network is known, the second step is to pry on the active IP addresses on the network.
Stack fingerprinting: This techinique should be the final footprinting step that takes place once the port and host are mapped.

34. What are some of the standard tools used by ethical hackers?

Ans:

To facilitate some manual tasks and speed up the hacking process, hackers can use a set of tools such as:
Metasploit
Wireshark
NMAP
Burp Suite
OWASP ZAP
Nikto
SQLmap

35. What is Burp Suite? What tools does it contain?

Ans:

Burp Suite is an integrated platform used for attacking web applications. It contains all the possible tools a hacker would require for attacking an application. Some of these functionalities include, but are not limited to:
Proxy
Spider
Scanner
Intruder
Repeater
Decoder
Comparer
Sequencer

36. What is network sniffing?

Ans:

Network sniffing involves using sniffer tools that enable real-time monitoring and analysis of data packets flowing over computer networks. Sniffers can be used for different purposes, whether it’s to steal information or manage networks.
Network sniffing is used for ethical as well as unethical purposes. Network administrators use these as network monitoring and analysis tools to diagnose and prevent network-related problems such as traffic bottlenecks. Cybercriminals use these tools for dishonest purposes such as identity usurpation, email, sensitive data hijacking and more.

37. What is SQL injection and its types?

Ans:

A SQL injection occurs when the application does not sanitize the user input. Thus a malicious hacker would inject SQL query to gain unauthorized access and execute administration operations on the database. SQL injections can be classified as follows:
Error-based SQL injection
Blind SQL injection
Time-based SQL injection

38. What is cross-site scripting and its different variations?

Ans:

Cross-site scripting (XSS) attacks are a type of injection where malicious scripts are injected into otherwise benign and trusted websites. XSS takes place when an attacker inserts a malicious payload, usually in the form of JavaScript code in a web form. XSS vulnerabilities are categorized as follows:
Reflected cross-site scripting
Stored cross-site scripting
DOM-based cross-site scripting

39. What is a denial of service (DOS) attack and what are the common forms?

Ans:

DOS attacks involve flooding servers, systems or networks with traffic to cause over-consumption of victim resources. This makes it difficult or impossible for legitimate users to access or use targeted sites.
Common DOS attacks include:
Buffer overflow attacks
ICMP flood
SYN flood
Teardrop attack
Smurf attack

40. How can you avoid or prevent ARP poisoning?

Ans:

ARP poisoning is a form of network attack that can be mitigated through the following methods:
Use packet filtering: Packet filters can filter out and block packets with conflicting source address information.
Avoid trust relationship: Organizations should develop a protocol that relies on trust relationship as little as possible.
Use ARP spoofing detection software: Some programs inspect and certify data before it is transmitted and blocks data that is spoofed.
Use cryptographic network protocols: ARP spoofing attacks can be mitigated by the use of secure protocols such as SSH, TLS and HTTPS which send data encrypted before transmission and after reception.



 

41. Who is hacker?

Ans:

A hacker is an intelligent individual with excellent programming skills, and who would have the ability to create and explore computer software.

42. What is footprinting ?

Ans:

Foot printing is known as uncovering and collecting as much as information about a target network as possible about a target network.

43. Definition and types of scanning.

Ans:

Scanning may be referred to as a set of procedures for identifying hosts, ports and the services attached to a network. Scanning is a very important component for information gathering for the hacker to create a profile in the site or the organization to be hacked.
Types of scanning:
There are 3 types of scanning-
a. Port scanning
b. Venerability scanning
c. Network scanning.

44. What is Enumeration ?

Ans:

Enumeration is defined as the process of extracting user names, machine names, network resources, shares, and services from a system. Enumeration techniques are conducted in an Intranet Environment.

45. What is SNMP( Simple Network Management Protocol ) ?

Ans:

the Simple network management program can be defined as a simple TCP/IP protocol used for remote monitoring and managing hosts, routers and other such devices on the network.

46. What is MIB ( Management Information Base )?

Ans:

It is a database (virtual) that contains information about all the network objects that are their in the SNMP. This data base in hierarchic and all the objects contained in it are addressed by object identifier.

47. What is LDAP ( Lightweight Directory Access Protocol ) ?

Ans:

It is a protocol that is used for getting access to the directory listing in the present active directory or also from the other directory services.

48. What is NTP ?

Ans:

This is protocol whose main function is to synchronize the clocks in the networked or connected computers.

49. What are the types of hacking stages ?

Ans:

a. Gain access
b. Getting privilages
c. Executing applications
d. Hiding the files
e. Covering the tracks

50. Types of password cracking techniques?

Ans:

a. Dictionary attacks
b. Brute Forcing Attacks
c. Hybrid Attack
d. Syllable Attack
e. Rule – based Attack




 

51. What is SQL injection, Explain?

Ans:

It is type of method used to thieve statistics from the company, created in a software code. square injection occurs when you insert the content material into a square query string & result mode content into asq. Question string and the results modifies the syntax of question in methods you did now not intend.

52. Give an explanation for Defacement and Pharming?

Ans:

Defacement: In this process attacker restore the corporation website with a exceptional web page. It includes messages, pictures and hacker name.
Pharming: In this method attacker will settle down on the DNS server, or the person system in order that site visitors is directed to a malign website.

53. What is MIB, Explain?

Ans:

It is virtual database and is hierarchical, each controlled objects are specified by object identifiers (OID). This consists of information about the network gadgets, that is controlled by using SNMP.

54. What is CSRF (cross site Request Forgery)? Explain in detail.

Ans:

It is an malign internet site with the intention to send a Request to the person, who is already verified by other internet site. To save you from this, for each request you may append unpredictable mission token and combine them with users consultation.it will protect the developer that the request obtained is from a legitimate supply.

55. What are the forms of password cracking techniques?

Ans:

The styles of password cracking method includes
AttackBrute Forcing
AttacksHybrid
AttackSyllable
AttackRule

56. What is LDAP ( lightweight listing get right of entry to Protocol ) ?

Ans:

It is a protocol that is used for getting access to the listing list in the present active directory or also from the alternative listing offerings.

57. In order to authenticate the hacking to be ethical one has to follow the rules:

Ans:

1. One need to take permission first to probe the network to find the potential threats to the security of the network.
2. One needs to respect the companies privacy policy and not intrude.
3. You need to report all the security venerability found to the company. Leaving none.
4. You must inform the software developer about any security issue in the software.

58. What are the tools used for ethical hacking?

Ans:

These are the few tools used for ethical hacking.
Metasploit
Acunetix is a web vulnerability scanner (WVS) that scans and finds out the flaws in a website that could prove fatal.
Nmap.
Wireshark.
oclHashcat.
Nessus Vulnerability Scanner.
Maltego.

59. Why is ethical hacking so important?

Ans:

As opposed to malicious “black hat” hacking, ethical “white hat” hacking (also called penetration testing) involves using computer hacking skills to identify network security vulnerabilities and patch security holes before anyone can abuse them.

60. What are the stages of ethical hacking?

Ans:

Here is a brief overview of the five phases of penetration testing (ethical hacking):
Phase 1 | Reconnaissance. Reconnaissance is the act of gathering preliminary data or intelligence on your target.
Phase 2 | Scanning.
Phase 3 | Gaining Access.
Phase 4 | Maintaining Access.
Phase 5 | Covering Tracks.


 

61. What are the types of hacking?

Ans:

Types of Hacking are,
Website Hacking
Network Hacking
Ethical Hacking
Email Hacking
Password Hacking
Online Banking Hacking
Computer Hacking

62. What is Website Hacking?

Ans:

Hacking a website means taking control from the website owner to a person who hacks the website.

63. What is Network Hacking?

Ans:

Network Hacking is generally means gathering information about domain by using tools like Telnet, Ns look UP, Ping, Tracert, Netstat, etc… over the network.

64. What is Ethical Hacking?

Ans:

Ethical hacking is where a person hacks to find weaknesses in a system and then usually patches them.

65. What is Email Hacking?

Ans:

Email hacking is illicit access to an email account or email correspondence.

66. What is Password Hacking?

Ans:

Password Hacking Password cracking is the process of recovering secret passwords from data that has been stored in or transmitted by a computer system.

67. What is Online Banking Hacking?

Ans:

Online banking Hacking Unauthorized accessing bank accounts without knowing the password or without permission of account holder is known as Online banking hacking.

68. What is Computer Hacking?

Ans:

Computer Hacking is when files on your computer are viewed, created, or edited without your authorization.

69. What is footprinting in hacking?

Ans:

Footprinting is the first and most convenient way that hackers use to gather information. about computer systems and the companies they belong to. The purpose of footprinting to. learn as much as you can about a system, it’s remote access capabilities, its ports and. services, and the aspects of its security.

70. What is scanning in ethical hacking?

Ans:

After footprinting and reconnaissance, scanning is the second phase of information gathering that hackers use to size up a network. Scanning is where they dive deeper into the system to look for valuable data and services in a specific IP address range.



 

71. What is Cowpatty?

Ans:

coWPAtty Package Description. Implementation of an offline dictionary attack against WPA/WPA2 networks using PSK-based authentication (e.g. WPA-Personal). Cowpatty can implement an accelerated attack if a precomputed PMK file is available for the SSID that is being assessed.

72. Which programming language is used for hacking?

Ans:

It’s best, actually, to learn all five of Python, C/C++, Java, Perl, and LISP. Besides being the most important hacking languages, they represent very different approaches to programming, and each will educate you in valuable ways.

73. Why is python used for hacking?

Ans:

Most widely used scripting language for hackers is Python. Python has some important features that make it particularly useful for hacking, but probably most importantly, it has some pre-built libraries that provide some powerful functionality.

74. What programs do you use to hack?

Ans:

Metasploit
Metasploit by Rapid 7.
Nessus Vulnerability Scanner.
Cain and Able Hacking software.
Kali Linux Penetration software.
Hydra Hacking software.

75. What are the types of hacking attacks?

Ans:

Here are the some important hacking techniques that are commonly used to get your personal information in an unauthorized way.
Keylogger.
Denial of Service (DoS\DDoS)
Waterhole attacks.
Fake WAP.
Eavesdropping (Passive Attacks)
Phishing.
Virus, Trojan etc.
ClickJacking Attacks.

76. What are three types of hackers?

Ans:

The three types of hackers are the white hat hacker, the grey hat hacker, and the black hat hacker. Each type of hacker hacks for a different reason, a cause, or both.

77. Which operating system is best for hacking?

Ans:

Kali Linux: Developed by Offensive Security as the rewrite of BackTrack, Kali Linux distro tops our list of the best operating systems for hacking purposes.
Parrot Security OS
BackBox
Samurai Web Testing Framework
Pentoo Linux
DEFT Linux
Caine
Network Security Toolkit (NST)

78. What are the types of cyber attacks?

Ans:

Let’s examine eight of the most common cyber attacks that your business could face and ways to avoid them.
Malware.
Phishing.
Password Attacks.
Denial-of-Service (DoS) Attacks.
“Man in the Middle” (MITM)
Drive-By Downloads.
Malvertising.
Rogue Software.

79. What is a script kitty?

Ans:

In programming and hacking culture, a script kiddie or skiddie is an unskilled individual who uses scripts or programs developed by others to attack computer systems and networks and deface websites.

80. What is a blue hat hacker?

Ans:

A blue hat hacker is someone outside computer security consulting firms who bug tests a system prior to its launch, looking for exploits so they can be closed. Blue Hat Hacker also refers to the security professional invited by Microsoft to find vulnerabilities in Windows.




 

81. What is cyber attacks with examples?

Ans:

A cyberattack is any type of offensive manoeuvre employed by nation-states, individuals, groups, or organizations that targets computer information systems, infrastructures, computer networks, and/or personal computer devices by various means of malicious acts usually originating from an anonymous source.

82. What are the types of password attacks?

Ans:

Guessing. Simple, repeated attempts using common passwords or known facts about the user.
Stealing. Physically or electronically acquiring a users password – can include sniffing of network communications.
Dictionary Attack.
Brute Force Attack.
Rainbow Tables.
Hybrid Password Attack.
Birthday Attack.

83. What is a gray hat hacker?

Ans:

The term “grey hat”, “greyhat” or “gray hat” (gureihato) refers to a computer hacker or computer security expert who may sometimes violate laws or typical ethical standards, but does not have the malicious intent typical of a black hat hacker.

84. What is a Cyberextortionist?

Ans:

Cyberextortion is a crime involving an attack or threat of attack coupled with a demand for money to avert or stop the attack. Cyberextortion can take many forms.

85. What is the white hat hacker?

Ans:

The term “white hat” in Internet slang refers to an ethical computer hacker, or a computer security expert, who specializes in penetration testing and in other testing methodologies to ensure the security of an organization’s information systems.

86. What is a brute force hack?

Ans:

Brute force (also known as brute force cracking) is a trial and error method used by application programs to decode encrypted data such as passwords or Data Encryption Standard (DES) keys, through exhaustive effort (using brute force) rather than employing intellectual strategies.

87. What can an ethical hacker do?

Ans:

An ethical hacker is a computer and networking expert who systematically attempts to penetrate a computer system or network on behalf of its owners for the purpose of finding security vulnerabilities that a malicious hacker could potentially exploit.

88. What is meant by spoofing attack?

Ans:

A spoofing attack is when a malicious party impersonates another device or user on a network in order to launch attacks against network hosts, steal data, spread malware or bypass access controls. There are several different types of spoofing attacks that malicious parties can use to accomplish this.

89. What are the different types of spoofing?

Ans:

Types of Spoofing Attacks
ARP Spoofing Attack. The Address Resolution Protocol (ARP) is a protocol used to translate IP addresses into Media Access Control (MAC) addresses in order to be properly transmitted.
DNS Spoofing Attack.
IP Spoofing Attack.

90. What is difference between sniffing and spoofing?

Ans:

To start with, there are two common types of Internet security breaches, sniffing and spoofing. *Sniffing is the act of intercepting and inspecting data packets using sniffers (Software or hardware devices) over the Net. On the other hand, *Spoofing is the act of identity impersonation.


 

91. What is footprinting in hacking?

Ans:

Footprinting is the first and most convenient way that hackers use to gather information. about computer systems and the companies they belong to. The purpose of footprinting to. learn as much as you can about a system, it’s remote access capabilities, its ports and. services, and the aspects of its security.

92. What is footprinting in ethical hacking?

Ans:

Footprinting (also known as reconnaissance) is the technique used for gathering information about computer systems and the entities they belong to. To get this information, a hacker might use various tools and technologies. This information is very useful to a hacker who is trying to crack a whole system.

93. What is the difference between phishing and spoofing?

Ans:

Phishing and spoofing are clearly different beneath the surface. One downloads malware to your computer or network, and the other tricks you into giving up sensitive financial information to a cyber crook. Phishing is a method of retrieval, while spoofing is a means of delivery.

94. What is reconnaissance in the world of hacking?

Ans:

The process of collecting information about an intended target of a malicious hack by probing the target system. Active reconnaissance typically involves port scanning in order to find weaknesses in the target system (i.e., which ports are left vulnerable and/or if there are ways around the firewall and routers).

95. What is active and passive reconnaissance?

Ans:

Passive reconnaissance is an attempt to gain information about targeted computers and networks without actively engaging with the systems. In active reconnaissance, in contrast, the attacker engages with the target system, typically conducting a port scan to determine find any open ports.

96. What is enumeration in hacking?

Ans:

Network enumeration is a computing activity in which usernames and info on groups, shares, and services of networked computers are retrieved. It should not be confused with network mapping, which only retrieves information about which servers are connected to a specific network and what operating system runs on them.

97. What is network enumeration?

Ans:

Network Enumeration is the discovery of hosts/devices on a network, they tend to use overt discovery protocols such as ICMP and SNMP to gather information, they may also scan various ports on remote hosts for looking for well known services in an attempt to further identify the function of a remote host.

98. What is a banner grab?

Ans:

Banner grabbing is a technique used to glean information about a computer system on a network and the services running on its open ports. Administrators can use this to take inventory of the systems and services on their network.

99. What is operating system fingerprinting?

Ans:

OS fingerprinting is the process of determining the operating system used by a host on a network.

100. What is a TCP IP fingerprint?

Ans:

TCP/IP stack fingerprinting is the passive collection of configuration attributes from a remote device during standard layer 4 network communications. The combination of parameters may then be used to infer the remote machine’s operating system (aka, OS fingerprinting), or incorporated into a device fingerprint.



 

101. Why is ethical hacking so important?

Ans:

As opposed to malicious “black hat” hacking, ethical “white hat” hacking (also called penetration testing) involves using computer hacking skills to identify network security vulnerabilities and patch security holes before anyone can abuse them.

102. Who are the best hacker in the world today?

Ans:

Here is the list of top hackers.
Gary McKinnon.
LulzSec.
Adrian Lamo.
Mathew Bevan and Richard Pryce.
Jonathan James.
Kevin Poulsen.
Kevin Mitnick.
Anonymous.