🔐 Cyber Security

100 Ethical Hacking Quiz Questions & Answers 2026

Kali Linux, Metasploit, penetration testing, OWASP, SQL injection and hacking tools

📖 11 min read ❓ 100 quiz questions 🗓️ Updated Jul 2026
Ready to test your knowledge? Take the Quiz →

Ethical Hacking Fundamentals — 25 Questions

  1. What is ethical hacking? (Authorized testing of systems to find vulnerabilities before malicious actors)
  2. What are the three types of hackers? (White hat — ethical; Black hat — malicious; Gray hat — between)
  3. What is penetration testing? (Simulated attack with permission to identify security weaknesses)
  4. What are the 5 phases of ethical hacking? (Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks)
  5. What is reconnaissance? (Information gathering about target — passive and active)
  6. What is passive reconnaissance? (Gathering info without interacting with target — OSINT)
  7. What is active reconnaissance? (Directly interacting with target — port scanning, ping sweeps)
  8. What is OSINT? (Open Source Intelligence — using publicly available information)
  9. What is a vulnerability assessment? (Identifying and quantifying security vulnerabilities)
  10. What is threat modeling? (Identifying and prioritizing potential threats to a system)
  11. What is a scope of engagement? (Agreed boundaries of what a pentester is authorized to test)
  12. What is a report in pentesting? (Documentation of findings, risks, and recommendations)
  13. What is CVSS? (Common Vulnerability Scoring System — rates vulnerability severity 0-10)
  14. What is CVE? (Common Vulnerabilities and Exposures — unique IDs for known vulnerabilities)
  15. What is a payload? (Code that executes on a target system after exploitation)

Hacking Tools & Techniques — 25 Questions

  1. What is Kali Linux? (Penetration testing Linux distribution with pre-installed security tools)
  2. What is Metasploit? (Framework for developing, testing, and executing exploits)
  3. What is Nmap? (Network scanner for port scanning and host discovery)
  4. What is Wireshark? (Network protocol analyzer for capturing and analyzing traffic)
  5. What is Burp Suite? (Web security testing platform for finding web app vulnerabilities)
  6. What is John the Ripper? (Password cracking tool)
  7. What is Hashcat? (Advanced password recovery tool)
  8. What is Hydra? (Network login cracker for brute force attacks)
  9. What is Aircrack-ng? (WiFi security auditing tools)
  10. What is SQLmap? (Automated tool for detecting and exploiting SQL injection)
  11. What is a port scan? (Checking which ports are open on a target host)
  12. What is a reverse shell? (Compromised system connects back to attacker)
  13. What is privilege escalation? (Gaining higher permissions than initially obtained)
  14. What is lateral movement? (Moving through a network after initial compromise)
  15. What is pivoting? (Using compromised host as gateway to attack internal network)
  16. What is Netcat used for? (A versatile networking utility for reading/writing data over network connections)
  17. What is Nikto? (A web server scanner that checks for vulnerabilities and misconfigurations)
  18. What is OWASP ZAP? (An open-source web application security scanner)
  19. What is Cobalt Strike used for? (A commercial penetration testing tool for adversary simulation)
  20. What is a fuzzer used for in security testing? (Sending random or malformed input to find software vulnerabilities)
  21. What is Shodan? (A search engine for internet-connected devices, often used for reconnaissance)
  22. What is Maltego used for? (Visualizing relationships in OSINT investigations)
  23. What is BeEF (Browser Exploitation Framework)? (A tool focused on exploiting web browser vulnerabilities)
  24. What is the purpose of a wordlist in password attacks? (Providing a list of likely passwords to try during cracking attempts)

OWASP & Web Vulnerabilities — 25 Questions

  1. What does OWASP stand for? (Open Worldwide Application Security Project)
  2. What is the OWASP Top 10? (A regularly updated list of the most critical web application security risks)
  3. What is broken access control, an OWASP Top 10 risk? (When users can access resources or perform actions beyond their permissions)
  4. What is a security misconfiguration? (Incorrectly configured security settings that create vulnerabilities)
  5. What is insecure deserialization? (A vulnerability where untrusted data is used to manipulate application logic)
  6. What is a cryptographic failure, per OWASP? (Weak or missing encryption that exposes sensitive data)
  7. What is SSRF (Server-Side Request Forgery)? (An attack tricking a server into making unintended requests)
  8. What is a path traversal attack? (Manipulating file paths to access files outside an intended directory)
  9. What is command injection? (Executing arbitrary system commands through a vulnerable application)
  10. What is a buffer overflow vulnerability? (Writing more data to a buffer than it can hold, potentially corrupting memory)
  11. What is CSRF (Cross-Site Request Forgery)? (Tricking a user's browser into performing unwanted actions on a site they're logged into)
  12. What is clickjacking? (Tricking users into clicking something different from what they perceive)
  13. What is session hijacking? (Taking over a valid user session to gain unauthorized access)
  14. What is an insecure direct object reference (IDOR)? (A vulnerability allowing access to objects by manipulating reference values)
  15. What is input validation used to prevent? (Many injection-based attacks by checking and sanitizing user input)
  16. What is a WAF (Web Application Firewall)? (A firewall specifically designed to protect web applications from attacks)
  17. What is the purpose of parameterized queries in preventing SQL injection? (Separating SQL code from data to prevent malicious input from being executed)
  18. What is a "race condition" vulnerability? (A flaw arising from the timing of concurrent operations)
  19. What is an XML External Entity (XXE) attack? (Exploiting XML parsers to access internal files or systems)
  20. What is security misconfiguration's most common cause? (Default settings or unnecessary features left enabled)
  21. What is the purpose of Content Security Policy (CSP) headers? (Restricting what resources a web page is allowed to load, mitigating XSS)
  22. What is a supply chain attack in software security? (Compromising software through vulnerabilities in third-party components)
  23. What is API security primarily concerned with? (Protecting application programming interfaces from abuse and exploitation)
  24. What is broken authentication, an OWASP risk category? (Flaws in login mechanisms that allow attackers to compromise credentials)
  25. What is the purpose of rate limiting in web security? (Preventing abuse by limiting how many requests a user can make in a time period)

Cybersecurity Certifications & Careers — 25 Questions

  1. What does CEH stand for? (Certified Ethical Hacker)
  2. What does OSCP stand for? (Offensive Security Certified Professional)
  3. What is considered the gold standard practical certification for penetration testers? (OSCP)
  4. What does eJPT stand for? (eLearnSecurity Junior Penetration Tester)
  5. What organization offers the CEH certification? (EC-Council)
  6. What does CompTIA Security+ certify at a foundational level? (Core cybersecurity skills and knowledge)
  7. What is a "bug bounty hunter"? (An independent researcher who finds and reports vulnerabilities for rewards)
  8. What platform is well known for hosting bug bounty programs? (HackerOne or Bugcrowd)
  9. What is the role of a penetration tester in a company? (Simulating attacks to find and report security weaknesses)
  10. What is the role of a security consultant? (Advising organizations on how to improve their security posture)
  11. What is a "red team exercise"? (A simulated attack to test an organization's detection and response capabilities)
  12. What does OSWE stand for, an advanced Offensive Security certification? (Offensive Security Web Expert)
  13. What is a CTF (Capture the Flag) competition used for in training? (Practicing hacking skills in a legal, gamified environment)
  14. What is the purpose of a "rules of engagement" document in a pentest? (Defining the scope, methods, and boundaries authorized for testing)
  15. What is a "Get Out of Jail Free" letter in penetration testing? (Written authorization proving a tester has permission to perform the test)
  16. What is the difference between a vulnerability assessment and a penetration test? (A vulnerability assessment identifies weaknesses; a pentest actively exploits them)
  17. What is a "black box" penetration test? (Testing without prior knowledge of the target system's internals)
  18. What is a "white box" penetration test? (Testing with full knowledge of the target system's internals)
  19. What is a "gray box" penetration test? (Testing with partial knowledge of the target system)
  20. What government-recognized body provides cybersecurity guidance in the US? (NIST — National Institute of Standards and Technology)
  21. What is the NIST Cybersecurity Framework used for? (Providing guidelines for managing and reducing cybersecurity risk)
  22. What is the typical career progression from a junior penetration tester? (Senior pentester, security consultant, or security architect roles)
  23. What programming/scripting skill is most valuable for ethical hackers? (Python, due to its versatility for scripting exploits and automation)
  24. What is a "responsible disclosure" policy? (A process for reporting vulnerabilities privately before public release)
  25. What is the purpose of legal contracts before any penetration test begins? (Protecting both the tester and client by clearly defining authorized scope)
  26. What is "social engineering" testing in a pentest engagement? (Assessing human vulnerability to manipulation tactics like phishing)
  27. What does a "scope creep" risk mean during a penetration test? (Testing expanding beyond the originally agreed boundaries, which can be legally risky)
  28. What is "post-exploitation" in penetration testing? (Activities performed after successfully gaining access, like data collection)
  29. What is the purpose of cleanup after a penetration test? (Removing any tools, backdoors, or changes made during testing)
  30. What is a "kill chain" model used to describe in cybersecurity? (The stages of a cyberattack from reconnaissance to objectives)
  31. What is MITRE ATT&CK used for? (A framework cataloging known adversary tactics and techniques)
  32. What is the purpose of a "tabletop exercise" in security testing? (A discussion-based simulation of a security incident response)
  33. What does "C2" stand for in the context of hacking tools? (Command and Control — infrastructure used to manage compromised systems)
  34. What is an "attack surface"? (All the possible points where an unauthorized user could try to enter a system)
  35. What is "privilege creep" in a corporate security context? (Users gradually accumulating more access rights than they need over time)
  36. What is the purpose of regular access reviews in an organization? (Ensuring users only retain the permissions they currently need)

❓ Frequently Asked Questions

What is the difference between ethical and malicious hacking?

Ethical (white hat) hacking is authorized — performed with permission to find and fix vulnerabilities. Malicious (black hat) hacking is unauthorized and illegal. Gray hat hackers fall in between.

What certifications do ethical hackers pursue?

Top certifications: CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional), CompTIA Security+, CISSP, and eJPT. OSCP is considered the gold standard for practical hacking skills.

🔐

Ready to Test Your Cyber Security Knowledge?

Take our Cyber Security quiz and see how you rank against players worldwide!

Play Cyber Security Quizzes →
📱
Share this study guide Help your friends prepare for quizzes
📲 Share on WhatsApp