Module 6: System Hacking

Question 1

What is the primary objective of System Hacking in CEH?

Answer 1

To gain, escalate, maintain access to a target system and cover tracks

Question 2

What is meant by gaining access in System Hacking?

Answer 2

Obtaining the ability to authenticate to or execute on a target system

Question 3

Which phase follows Vulnerability Analysis in CEH methodology?

Answer 3

System Hacking

Question 4

What is the most common technique used to gain initial system access?

Answer 4

Password-based attacks

Question 5

What is password cracking?

Answer 5

Recovering plaintext passwords from hashed or encrypted values

Question 6

What is password guessing?

Answer 6

Attempting authentication using likely or common passwords

Question 7

What is the difference between online and offline password attacks?

Answer 7

Online attacks interact with live systems, offline attacks use stolen hashes

Question 8

Why are weak passwords dangerous?

Answer 8

They allow attackers to gain unauthorized system access

Question 9

What is credential harvesting?

Answer 9

Collecting user credentials through technical or social means

Question 10

What is a credential reuse attack?

Answer 10

Using credentials from one system to access another system

Question 11

Why is password reuse a major security risk?

Answer 11

Compromise of one system can lead to multiple system breaches

Question 12

What is meant by exploiting OS vulnerabilities?

Answer 12

Abusing known flaws in an operating system to gain access

Question 13

What role do unpatched systems play in system hacking?

Answer 13

They expose known vulnerabilities attackers can exploit

Question 14

What is a misconfigured service?

Answer 14

A service that violates security best practices or least privilege

Question 15

Why are misconfigurations commonly exploited?

Answer 15

They often bypass security controls without exploiting vulnerabilities

Question 16

What is privilege abuse?

Answer 16

Using excessive permissions granted to services or users

Question 17

What is the principle of least privilege?

Answer 17

Users and services should have only the permissions they need

Question 18

Why is least privilege important for system security?

Answer 18

It limits the impact of a compromised account

Question 19

What is authentication protocol weakness exploitation?

Answer 19

Abusing flaws in authentication design rather than passwords

Question 20

Why are legacy authentication protocols risky?

Answer 20

They often lack strong encryption or mutual authentication

Question 21

What is trust exploitation in system hacking?

Answer 21

Abusing implicit trust between systems or users

Question 22

What is social engineering in the context of system hacking?

Answer 22

Manipulating users to gain system access

Question 23

Why is social engineering effective?

Answer 23

It targets human behavior instead of technical controls

Question 24

What is the role of human error in system hacking?

Answer 24

It can bypass strong technical security measures

Question 25

What is physical access system hacking?

Answer 25

Gaining access through direct interaction with hardware

Question 26

Why is physical access considered high risk?

Answer 26

It can bypass many logical security controls

Question 27

What is the boot process attack conceptually?

Answer 27

Manipulating system startup to bypass authentication

Question 28

Why is full disk encryption important?

Answer 28

It protects data if physical access is obtained

Question 29

What is initial foothold in system hacking?

Answer 29

The first successful level of access to a system

Question 30

Why is an initial foothold valuable to attackers?

Answer 30

It enables privilege escalation and persistence

Question 31

What is the difference between access and privilege escalation?

Answer 31

Access grants entry, escalation increases permissions

Question 32

What is post-exploitation access?

Answer 32

Expanding limited access into usable or persistent control

Question 33

What is maintaining access?

Answer 33

Ensuring continued system access after initial compromise

Question 34

What is persistence in system hacking?

Answer 34

The ability to retain access after reboot or logout

Question 35

Why do attackers clear logs?

Answer 35

To avoid detection and forensic investigation

Question 36

What is the purpose of clearing tracks?

Answer 36

To hide evidence of system compromise

Question 37

Which CEH module focuses on gaining system access?

Answer 37

Module 6 – System Hacking

Question 38

What security control best mitigates password attacks?

Answer 38

Strong authentication and credential management

Question 39

What control reduces misconfiguration risk?

Answer 39

Secure configuration management

Question 40

What control helps prevent exploitation of known vulnerabilities?

Answer 40

Patch management

Question 41

What control reduces social engineering impact?

Answer 41

Security awareness training

Question 42

What control limits damage after system access is gained?

Answer 42

Least privilege and monitoring

Question 43

What is the CEH exam focus for system hacking techniques?

Answer 43

Understanding concepts, risks, and defenses

Question 44

What does CEH test more: execution or recognition?

Answer 44

Recognition and understanding

Question 45

What mindset does CEH expect when learning system hacking?

Answer 45

Think like an attacker to defend like a professional