1 Define Cyber Kill Chain?

2 Define objective of information security?

3 Classify two stages of the Cyber Kill Chain that involve exploiting a target system..

4 Define hacking in the context of computer security.

5 Differentiate between ethical hacking and malicious hacking?.

6 Clasify an example of a technical control used to protect information in an organization.

7 Explain the primary purpose of Footprinting in the context of information gathering for a cyber
attack?

8 Explain How can search engines be used by attackers for Footprinting? Provide one example.

9 Briefly explain how attackers can employ web services for Footprinting.

10 Explain How can attackers utilize social networking sites for Footprinting purposes?

11 What is Website Footprinting, and why is it considered an essential step in the information
gathering process?

12 Describe how Email Footprinting can aid attackers in collecting information about a target.

13 Define Whois Footprinting, and how can it be used by attackers?

14 Describe How does DNS Footprinting help attackers in their reconnaissance phase?

15 Define primary purpose of network scanning in cybersecurity?

16 Classify two commonly used network scanning tools employed by cybersecurity professionals

17 Describe why scanning beyond Intrusion Detection Systems (IDS) and firewalls is crucial for
comprehensive network security.

18 Differentiate between the types of vulnerabilities based on their severity in a vulnerability

assessment.

19 Explain the Cyber Kill Chain concept and its significance in understanding the stages of a cyber
attack.

20 Explain the process of system hacking and discuss the various objectives an attacker may have
during this phase.

21 Discuss the process of NetBios enumeration and the type of information attackers can gather
through this technique.
22 Define footprinting in the context of cybersecurity, and why is it considered the initial phase of a
cyber attack?

23 Briefly explain the CIA Triad and its significance in information security.

24 Define Name three stages of the Cyber Kill Chain, and provide a brief description of each stage.

25 Define ethical hacking and discuss the key responsibilities of an ethical hacker.

26 Differentiate between remote and local system hacking, providing an example of each.

27 Define vulnerability assessment and describe its role in proactive cybersecurity practices.

28 Describe the importance of Footprinting in the reconnaissance phase of an attack.

29 Explain How can attackers use search engines for Footprinting, and what sensitive information
can they find?

30 Define enumeration, and how does it assist attackers in gathering information about a target
system?

31 Explain the concept of network scanning and its importance in cybersecurity.

32 Explain the key steps involved in conducting a vulnerability assessment. Discuss the importance
of vulnerability scanning, vulnerability analysis, and risk assessment in the process.

33 Classify vulnerabilities based on their severity and impact on a system. Differentiate between
unauthenticated and authenticated vulnerability assessments, highlighting their respective advantages
and limitations.

34 Outline the risks associated with aggressive network scanning and how to mitigate them.

35 Describe the components of a comprehensive vulnerability assessment report. Include details

on the format, critical findings, recommended remediation steps, and the significance of the report in
improving overall cybersecurity posture.

36 Explain the Cyber Kill Chain model comprehensively, including its seven stages and the role each
stage plays in a cyber attack. Elaborate on how understanding the Cyber Kill Chain can aid organizations
in strengthening their cyber defenses..

37 Define hacking in the context of computer security and discuss the various motives behind
hacking activities. Provide real-world examples to support your explanation.

38 Differentiate between ethical hacking and malicious hacking, outlining the objectives and
methodologies of ethical hackers in securing systems and networks.

39 Discuss the different categories of information security controls, including administrative,

technical, and physical controls. Provide specific examples of each type and explain how they collectively
contribute to an organization's overall security posture.

40 Define footprinting and its significance in the reconnaissance phase of a cyber attack.
41 Explain network scanning in detail, including its purpose, benefits, and challenges. Discuss how
network scanning tools can aid in vulnerability assessment and network security improvement.

42 Describe the concept of enumeration in ethical hacking, focusing on its role in gathering critical
information about target systems. Discuss various enumeration techniques and their implications for
system security.

43 Define the term "malware" stand for, and its primary purpose?

44 Describe How can users protect their computers from malware infections?

45 Illustrate "APT" in the context of cybersecurity, and how does it differ from typical
cyberattacks?

46 Describe common motivations behind APT attacks?

47 Explain the concept of a "Trojan" in the context of computer security.

48 Describe How might a user inadvertently install a Trojan on their system?.

49 Define computer "virus," and how does it spread?

50 Describe How does a virus differ from other types of malware like worms and Trojans?

51 Define "worm" in the context of cybersecurity, and how does it propagate?

52 Describe potential impact of a worm's rapid propagation?

53 Describe"fireless malware" refers to in the context of cybersecurity.

54 Name two common types of anti-malware software.

55 Explain how fireless malware can evade traditional detection methods.

56 Describe the main goal of malware analysis in cybersecurity.

57 Compare and contrast fireless malware with malware that writes data to the disk in terms of
detection and mitigation challenges.

58 Analyze the potential weaknesses of relying solely on signature-based anti-malware software to

defend against evolving malware threats.

59 Define "sniffing" refers to in the context of computer networks.

60 Describe the purpose of ARP poisoning in a sniffing attack?

61 Explain the difference between MAC address and IP address, and how MAC addresses can be
exploited in sniffing attacks.

62 Describe How does DNS poisoning relate to spoofing attacks, and what are the potential
consequences of a successful DNS poisoning attack?
63 Describe the techniques used in amplification attacks during DDoS. How do attackers exploit
these techniques?

64 Explain the role of botnets in DDoS attacks. How are botnets created and controlled?

65 Differentiate between a DoS attack and a DDoS attack. Provide an example of each.

66 Discuss the significance of having a well-prepared incident response plan when facing a DDoS
attack.

67 Define How can network segmentation contribute to mitigating sniffing attacks?

68 Define sniffing detection technique,

69 Name a commonly used sniffing tool.

70 Briefly explain the concept of "sniffing" in the context of computer networks.

71 Define ARP poisoning.

72 Describe a DHCP attack.

73 Define DNS poisoning, and how can it lead to successful sniffing attacks?.

74 Define "social engineering" in the context of cybersecurity.

75 What is an "insider threat" in cybersecurity, and how does it differ from external threats?

76 Explain the concept of "impersonation" in the context of social networking sites and how it can
lead to security breaches.

77 How can identity theft occur as a result of successful social engineering attacks?

78 As a security professional, suggest three countermeasures an organization could implement to

mitigate the risks associated with social engineering attacks.

79 Explain how ARP spoofing can be used to perform a spoofing attack.

80 Classify common countermeasure against ARP poisoning attacks.

81 How can encryption enhance the security of data against sniffing attacks?

82 Describe the functioning of a Firewall. How does it enhance network security, and what are its
limitations?

83 Elaborate on the concept of a Honeypot in cybersecurity. How does a Honeypot work, and what
purposes does it serve in network security? Explain how it can be used to gather threat intelligence.

84 Explain the concepts of Intrusion Detection System (IDS) and Intrusion Prevention System (IPS).
Describe their roles in network security and the key differences between them. Provide examples of
situations where each is particularly useful.

85 Define SQL injection?

86 Describe Why is SQL injection a security concern?

87 Define Mobile Device Management (MDM)

88 List two main goals of an SQL injection attack?

89 Name two mobile security tools or apps that can help protect a user's mobile device

90 Explain the concept of SSID.

91 Compare and contrast between passive and active wireless scanning.

92 Disscuss bluejacking, bluesnarfing, and bluebugging attacks.

93 Describe error-based SQL injection?

94 List at least three benefits of using MDM solutions for enterprise mobile device management.

95 Define wireless intrusion detection system (WIDS).

96 name two tools or frameworks commonly used for scanning and analyzing OT networks.

97 Describe the process of identifying and assessing IoT device vulnerabilities in a controlled
environment?

98 List three common types of attacks that target OT systems.

99 Describe the process of identifying and exploiting vulnerabilities in PLCs (Programmable Logic
Controllers).

100 Define Operational Technology (OT) and differentiate it from Information Technology (IT).

101 Describe the goal of exploitation in SQL injection?

102 Explain the role of SCADA (Supervisory Control and Data Acquisition) systems in OT.

103 Disscuss Internet of Things (IoT), and how does it differ from traditional internet-connected
devices?

104 Analyze tools used for automated SQL injection detection.

105 Give an example of a simple evasion technique used to bypass security measures during SQL
injection.

106 Disscuss the concept of "sandboxing" in mobile app security.

107 State the importance of encryption in securing wireless networks..

108 Discuss common encryption protocols used in Wi-Fi networks (e.g., WEP, WPA, WPA2)..

109 List and briefly describe three common attack vectors targeting mobile devices.

110 Outline the steps an ethical hacker might follow when assessing the security of an IoT device.

What is ethical hacking?

What is the difference between ethical hacking and malicious hacking?

What are the different types of ethical hacking?

What are the steps involved in the ethical hacking process?

What is vulnerability assessment?

What is penetration testing?

What is social engineering?

What is a network scan?

What is a port scan?

What is a vulnerability scan?

What is SQL injection?

What is cross-site scripting (XSS)?

What is a denial-of-service (DoS) attack?

What is a distributed denial-of-service (DDoS) attack?

What is a man-in-the-middle (MitM) attack?

What is a phishing attack?

What is a password attack?

What is a firewall?

What is an intrusion detection system (IDS)?

What are some best practices for ethical hacking