WGU C701: ETHICAL HACKING AND PENETRATION TESTING
EXAM 2025
1. Which of the following statements BEST describes disgruntled
employees?
Less of a threat than black hat hackers, but more of a threat than
gray hat hackers
Most serious threat the organization faces
Less of a threat than gray hat hackers, but more of a threat than
white hat hackers
Pose no threat to the organization
2. What type of algorithm is Triple Data Encryption Standard (3DES)?
Symmetric algorithm
Asymmetric algorithm
Stream cipher
Hashing algorithm
3. If a company only stores backup tapes on-site and experiences a fire,
what would be the most immediate consequence?
No impact on data recovery
Loss of all backup data
Increased recovery speed
Successful recovery of data
4. If a company is transitioning from a CORBA-based system to a SOAP-
based system, what performance issue might they encounter?
Improved speed due to better transport protocols
, Increased latency due to XML parsing overhead
No change in performance as both are equally efficient
Decreased security due to less robust protocols
5. You need to send an encrypted message to another user. Both you and
the recipient have private and public keys. As the sender, you must
obtain the recipient's public key to send the message. Which
cryptographic technology are you most likely using?
RC4
SHA-1
PGP
3DES
6. Which of the following descriptions is true about a static NAT?
A static NAT uses a many-to-one mapping.
A static NAT uses a many-to-many mapping.
A static NAT uses a one-to-many mapping.
A static NAT uses a one-to-one mapping.
7. What information should an IT system analysis provide to the risk
assessor?
Management buy-in
Impact analysis
Threat statement
Security architecture
8. Why is limiting interactive logon privileges considered an effective
countermeasure against privilege escalation?
, It ensures that all accounts have administrative rights for
efficiency.
It encrypts sensitive data to protect against unauthorized access.
It prevents attackers from gaining administrative access from
low-level accounts by restricting user privileges.
It allows users to access more resources than necessary for their
job.
9. Describe why the copying of sensitive data to a USB drive is not directly
related to missing security patches.
USB drives are automatically secured by security patches.
Missing security patches directly prevent USB drive access.
Security patches are designed to enhance USB drive security.
The copying of sensitive data to a USB drive is a concern related
to USB port control, not security patches.
10. The program shown is a crypter. Which of the following best defines
what this program does?
A crypter is the main piece of the malware, the part of the
program that performs the malware's intended activity.
A crypter compresses the malware to reduce its size and help
hide it from anti-malware software.
A crypter can encrypt, obfuscate, and manipulate malware to
make it difficult to detect.
A crypter takes advantage of a bug or vulnerability to execute
the malware's payload.
11. What is the purpose of the command 'echo bad stuff > good.txt:shh' in
the context of alternate data streams?
To hide malicious content in a file
, To create a backup of good.txt
To display the contents of good.txt
To delete the good.txt file
12. As an ethical hacker, you are using Nmap port scanning and must try to
evade a certain type of device. You are using the following techniques:
Break the network scans up into smaller ranges, with delays in between
each scan.
Break up IP packets into fragments.
Which type of device are you most likely attempting to evade?
Router
NAC
Firewall
IDS
13. In a scenario where an organization has implemented multi-factor
authentication and encryption but still faces privilege escalation issues,
what additional step should they take to strengthen their security
posture?
Increase the number of administrative accounts
Limit interactive logon privileges
Allow unrestricted access to all users for efficiency
Disable all user accounts temporarily
14. What is a mantrap used for in security contexts?
To secure data encryption
To prevent phishing attacks
To enhance network security
EXAM 2025
1. Which of the following statements BEST describes disgruntled
employees?
Less of a threat than black hat hackers, but more of a threat than
gray hat hackers
Most serious threat the organization faces
Less of a threat than gray hat hackers, but more of a threat than
white hat hackers
Pose no threat to the organization
2. What type of algorithm is Triple Data Encryption Standard (3DES)?
Symmetric algorithm
Asymmetric algorithm
Stream cipher
Hashing algorithm
3. If a company only stores backup tapes on-site and experiences a fire,
what would be the most immediate consequence?
No impact on data recovery
Loss of all backup data
Increased recovery speed
Successful recovery of data
4. If a company is transitioning from a CORBA-based system to a SOAP-
based system, what performance issue might they encounter?
Improved speed due to better transport protocols
, Increased latency due to XML parsing overhead
No change in performance as both are equally efficient
Decreased security due to less robust protocols
5. You need to send an encrypted message to another user. Both you and
the recipient have private and public keys. As the sender, you must
obtain the recipient's public key to send the message. Which
cryptographic technology are you most likely using?
RC4
SHA-1
PGP
3DES
6. Which of the following descriptions is true about a static NAT?
A static NAT uses a many-to-one mapping.
A static NAT uses a many-to-many mapping.
A static NAT uses a one-to-many mapping.
A static NAT uses a one-to-one mapping.
7. What information should an IT system analysis provide to the risk
assessor?
Management buy-in
Impact analysis
Threat statement
Security architecture
8. Why is limiting interactive logon privileges considered an effective
countermeasure against privilege escalation?
, It ensures that all accounts have administrative rights for
efficiency.
It encrypts sensitive data to protect against unauthorized access.
It prevents attackers from gaining administrative access from
low-level accounts by restricting user privileges.
It allows users to access more resources than necessary for their
job.
9. Describe why the copying of sensitive data to a USB drive is not directly
related to missing security patches.
USB drives are automatically secured by security patches.
Missing security patches directly prevent USB drive access.
Security patches are designed to enhance USB drive security.
The copying of sensitive data to a USB drive is a concern related
to USB port control, not security patches.
10. The program shown is a crypter. Which of the following best defines
what this program does?
A crypter is the main piece of the malware, the part of the
program that performs the malware's intended activity.
A crypter compresses the malware to reduce its size and help
hide it from anti-malware software.
A crypter can encrypt, obfuscate, and manipulate malware to
make it difficult to detect.
A crypter takes advantage of a bug or vulnerability to execute
the malware's payload.
11. What is the purpose of the command 'echo bad stuff > good.txt:shh' in
the context of alternate data streams?
To hide malicious content in a file
, To create a backup of good.txt
To display the contents of good.txt
To delete the good.txt file
12. As an ethical hacker, you are using Nmap port scanning and must try to
evade a certain type of device. You are using the following techniques:
Break the network scans up into smaller ranges, with delays in between
each scan.
Break up IP packets into fragments.
Which type of device are you most likely attempting to evade?
Router
NAC
Firewall
IDS
13. In a scenario where an organization has implemented multi-factor
authentication and encryption but still faces privilege escalation issues,
what additional step should they take to strengthen their security
posture?
Increase the number of administrative accounts
Limit interactive logon privileges
Allow unrestricted access to all users for efficiency
Disable all user accounts temporarily
14. What is a mantrap used for in security contexts?
To secure data encryption
To prevent phishing attacks
To enhance network security
