[HEM] Hacking Ethical Manager Certification Exam
Preparation
**Question 1.** Which ethical hacking methodology is primarily focused on improving an
organization’s security posture with the explicit permission of the target?
A) Black‑Hat
B) Grey‑Hat
C) White‑Hat
D) Hacktivist
Answer: C
Explanation: White‑Hat hackers work under a contract or permission, aiming to discover and
remediate vulnerabilities for the benefit of the organization.
**Question 2.** Under the GDPR, which principle requires that personal data be processed only
for a specific, explicit, and legitimate purpose?
A) Data minimisation
B) Purpose limitation
C) Integrity and confidentiality
D) Accountability
Answer: B
Explanation: Purpose limitation mandates that data collection and processing must be tied to a
clearly defined purpose.
**Question 3.** In a Rules of Engagement (RoE) document, the “scope” section most
commonly defines which of the following?
A) The legal jurisdiction of the test
B) The specific systems, networks, and applications that may be tested
C) The compensation for the testing team
D) The reporting format for findings
Answer: B
, [HEM] Hacking Ethical Manager Certification Exam
Preparation
Explanation: Scope delineates the exact assets that are authorized for testing, preventing
out‑of‑bounds activities.
**Question 4.** Which of the following is a legal consequence of performing an unauthorized
penetration test in the United Arab Emirates?
A) Imprisonment under Federal Decree Law No. 5 of 2012
B) Mandatory community service only
C) No legal repercussions if no damage occurs
D) Automatic revocation of all professional certifications
Answer: A
Explanation: UAE cybercrime law criminalises unauthorised access, potentially leading to
imprisonment.
**Question 5.** When a manager discovers sensitive customer data during a test, the most
appropriate first action is to:
A) Publish the data on a public forum to demonstrate the breach
B) Immediately notify the organization’s incident response team and follow disclosure policy
C) Delete the data to avoid liability
D) Sell the data to a third party for profit
Answer: B
Explanation: Responsible disclosure requires informing the appropriate internal team before any
other action.
**Question 6.** Which OSINT technique uses advanced Google search operators to locate
hidden files and directories?
A) WHOIS lookup
B) Shodan scanning
, [HEM] Hacking Ethical Manager Certification Exam
Preparation
C) Google Dorking
D) DNS zone transfer
Answer: C
Explanation: Google Dorking leverages specific query syntax to uncover indexed but non‑public
resources.
**Question 7.** A “passive” reconnaissance activity is characterised by:
A) Sending packets to the target to elicit responses
B) Interacting directly with the target’s services
C) Collecting information without alerting the target’s defenses
D) Exploiting known vulnerabilities in real‑time
Answer: C
Explanation: Passive recon avoids direct interaction, reducing the chance of detection.
**Question 8.** Which tool is primarily used for WHOIS queries to identify domain registration
details?
A) Dig
B) nslookup
C) thewhois command line utility
D) Nmap
Answer: C
Explanation: The whois utility retrieves registration information such as registrant name and
contact details.
**Question 9.** In active reconnaissance, a “stealth” scan is preferred when:
A) Speed is more important than detection avoidance
, [HEM] Hacking Ethical Manager Certification Exam
Preparation
B) The target network has strict IDS/IPS monitoring
C) The tester wants to generate maximum traffic
D) The tester is performing a denial‑of‑service test
Answer: B
Explanation: Stealth scans (e.g., SYN scan) attempt to evade detection by IDS/IPS.
**Question 10.** Which of the following Nmap scan types sends a full TCP connect request?
A) SYN scan (-sS)
B) FIN scan (-sF)
C) TCP connect scan (-sT)
D) Null scan (-sN)
Answer: C
Explanation: The TCP connect scan completes the three‑way handshake, making it easy to
detect but useful when SYN scanning is blocked.
**Question 11.** The primary purpose of creating a baseline during the vulnerability
assessment lifecycle is to:
A) Establish a performance metric for network speed
B) Identify the normal configuration and state of assets before testing
C) Generate a list of all possible exploits
D) Determine the budget for remediation
Answer: B
Explanation: A baseline records the known good state, allowing deviations to be identified as
potential vulnerabilities.
**Question 12.** According to the CVSS v3.1, which metric reflects the impact on
confidentiality, integrity, and availability?
Preparation
**Question 1.** Which ethical hacking methodology is primarily focused on improving an
organization’s security posture with the explicit permission of the target?
A) Black‑Hat
B) Grey‑Hat
C) White‑Hat
D) Hacktivist
Answer: C
Explanation: White‑Hat hackers work under a contract or permission, aiming to discover and
remediate vulnerabilities for the benefit of the organization.
**Question 2.** Under the GDPR, which principle requires that personal data be processed only
for a specific, explicit, and legitimate purpose?
A) Data minimisation
B) Purpose limitation
C) Integrity and confidentiality
D) Accountability
Answer: B
Explanation: Purpose limitation mandates that data collection and processing must be tied to a
clearly defined purpose.
**Question 3.** In a Rules of Engagement (RoE) document, the “scope” section most
commonly defines which of the following?
A) The legal jurisdiction of the test
B) The specific systems, networks, and applications that may be tested
C) The compensation for the testing team
D) The reporting format for findings
Answer: B
, [HEM] Hacking Ethical Manager Certification Exam
Preparation
Explanation: Scope delineates the exact assets that are authorized for testing, preventing
out‑of‑bounds activities.
**Question 4.** Which of the following is a legal consequence of performing an unauthorized
penetration test in the United Arab Emirates?
A) Imprisonment under Federal Decree Law No. 5 of 2012
B) Mandatory community service only
C) No legal repercussions if no damage occurs
D) Automatic revocation of all professional certifications
Answer: A
Explanation: UAE cybercrime law criminalises unauthorised access, potentially leading to
imprisonment.
**Question 5.** When a manager discovers sensitive customer data during a test, the most
appropriate first action is to:
A) Publish the data on a public forum to demonstrate the breach
B) Immediately notify the organization’s incident response team and follow disclosure policy
C) Delete the data to avoid liability
D) Sell the data to a third party for profit
Answer: B
Explanation: Responsible disclosure requires informing the appropriate internal team before any
other action.
**Question 6.** Which OSINT technique uses advanced Google search operators to locate
hidden files and directories?
A) WHOIS lookup
B) Shodan scanning
, [HEM] Hacking Ethical Manager Certification Exam
Preparation
C) Google Dorking
D) DNS zone transfer
Answer: C
Explanation: Google Dorking leverages specific query syntax to uncover indexed but non‑public
resources.
**Question 7.** A “passive” reconnaissance activity is characterised by:
A) Sending packets to the target to elicit responses
B) Interacting directly with the target’s services
C) Collecting information without alerting the target’s defenses
D) Exploiting known vulnerabilities in real‑time
Answer: C
Explanation: Passive recon avoids direct interaction, reducing the chance of detection.
**Question 8.** Which tool is primarily used for WHOIS queries to identify domain registration
details?
A) Dig
B) nslookup
C) thewhois command line utility
D) Nmap
Answer: C
Explanation: The whois utility retrieves registration information such as registrant name and
contact details.
**Question 9.** In active reconnaissance, a “stealth” scan is preferred when:
A) Speed is more important than detection avoidance
, [HEM] Hacking Ethical Manager Certification Exam
Preparation
B) The target network has strict IDS/IPS monitoring
C) The tester wants to generate maximum traffic
D) The tester is performing a denial‑of‑service test
Answer: B
Explanation: Stealth scans (e.g., SYN scan) attempt to evade detection by IDS/IPS.
**Question 10.** Which of the following Nmap scan types sends a full TCP connect request?
A) SYN scan (-sS)
B) FIN scan (-sF)
C) TCP connect scan (-sT)
D) Null scan (-sN)
Answer: C
Explanation: The TCP connect scan completes the three‑way handshake, making it easy to
detect but useful when SYN scanning is blocked.
**Question 11.** The primary purpose of creating a baseline during the vulnerability
assessment lifecycle is to:
A) Establish a performance metric for network speed
B) Identify the normal configuration and state of assets before testing
C) Generate a list of all possible exploits
D) Determine the budget for remediation
Answer: B
Explanation: A baseline records the known good state, allowing deviations to be identified as
potential vulnerabilities.
**Question 12.** According to the CVSS v3.1, which metric reflects the impact on
confidentiality, integrity, and availability?
