WGU C701: ETHICAL HACKING AND PENETRATION TESTING EXAM
2025|184 QUESTIONS WITH ACCURATE SOLUTIONS
1. If Jake had been trained in cybersecurity awareness, how might he have
responded differently to the friend request to avoid falling victim to the
honey trap?
He would have provided minimal information without concern.
He would have accepted the request and shared his work email.
He would have engaged in conversation to verify her identity.
He would have ignored the friend request from an unknown
person and reported it.
2. An attacker submitted a modified uniform resource locator (URL) link to a
website that eventually established connections to back-end databases
and exposed internal service configurations. The attacker did not hijack a
user to perform this attack. This describes which of the following types of
attacks?
Server-side request forgery
Client-side request forgery
Cross-site scripting
Resource exhaustion
3. Joan, a professional hacker, was hired to retrieve sensitive information
from a target organization. In this process, she used a post-exploitation
tool to check common misconfigurations and find a way to escalate
privileges. Which of the following tools helps Joan in escalating
privileges?
ShellPhish
BeRoot
,GFI LanGuard
, Netcraft
4. The _____ group in the CVSS represents the basic qualities of a
vulnerability that are constant over time and across user environments.
Base
Temporal
Environmental
Security Requirements
5. On a compromised computer, you have found that a user without
administrative privileges was able to perform a task limited to only
administrative accounts. What type of exploit has occurred?
DNS cache poisoning
Privilege escalation
Man-in-the-middle
ARP poisoning
6. Describe the primary goal of a Bluesmacking attack in the context of
Bluetooth security.
Bluesmacking is used to steal personal information from
Bluetooth devices.
The primary goal of a Bluesmacking attack is to exploit a
vulnerability in Bluetooth devices by sending oversized packets
to cause a buffer overflow, potentially leading to device crashes
or unauthorized access.
The goal of Bluesmacking is to send unsolicited messages to
Bluetooth-enabled devices.
Bluesmacking aims to intercept data being transmitted between
Bluetooth devices.
, 7. What type of information can an attacker gather by analyzing AWS error
messages?
S3 bucket names
AWS account IDs
Bucket permissions
IAM roles
8. Which of the following techniques helps the attacker in identifying the OS
used on the target host in order to detect vulnerabilities on a target
system?
source routing.
port scanning.
IP address decoy.
banner grabbing.
9. In one of the following social engineering techniques, an attacker
assumes the role of a knowledgeable professional so that the
organization's employees ask them for information. The attacker then
manipulates questions to draw out the required information. What is this
technique?
Baiting
Reverse social engineering
Quid pro quo
Dumpster diving
10. What is the term for the automated process of collecting information
from a target website?
Website mirroring
Website link extraction
2025|184 QUESTIONS WITH ACCURATE SOLUTIONS
1. If Jake had been trained in cybersecurity awareness, how might he have
responded differently to the friend request to avoid falling victim to the
honey trap?
He would have provided minimal information without concern.
He would have accepted the request and shared his work email.
He would have engaged in conversation to verify her identity.
He would have ignored the friend request from an unknown
person and reported it.
2. An attacker submitted a modified uniform resource locator (URL) link to a
website that eventually established connections to back-end databases
and exposed internal service configurations. The attacker did not hijack a
user to perform this attack. This describes which of the following types of
attacks?
Server-side request forgery
Client-side request forgery
Cross-site scripting
Resource exhaustion
3. Joan, a professional hacker, was hired to retrieve sensitive information
from a target organization. In this process, she used a post-exploitation
tool to check common misconfigurations and find a way to escalate
privileges. Which of the following tools helps Joan in escalating
privileges?
ShellPhish
BeRoot
,GFI LanGuard
, Netcraft
4. The _____ group in the CVSS represents the basic qualities of a
vulnerability that are constant over time and across user environments.
Base
Temporal
Environmental
Security Requirements
5. On a compromised computer, you have found that a user without
administrative privileges was able to perform a task limited to only
administrative accounts. What type of exploit has occurred?
DNS cache poisoning
Privilege escalation
Man-in-the-middle
ARP poisoning
6. Describe the primary goal of a Bluesmacking attack in the context of
Bluetooth security.
Bluesmacking is used to steal personal information from
Bluetooth devices.
The primary goal of a Bluesmacking attack is to exploit a
vulnerability in Bluetooth devices by sending oversized packets
to cause a buffer overflow, potentially leading to device crashes
or unauthorized access.
The goal of Bluesmacking is to send unsolicited messages to
Bluetooth-enabled devices.
Bluesmacking aims to intercept data being transmitted between
Bluetooth devices.
, 7. What type of information can an attacker gather by analyzing AWS error
messages?
S3 bucket names
AWS account IDs
Bucket permissions
IAM roles
8. Which of the following techniques helps the attacker in identifying the OS
used on the target host in order to detect vulnerabilities on a target
system?
source routing.
port scanning.
IP address decoy.
banner grabbing.
9. In one of the following social engineering techniques, an attacker
assumes the role of a knowledgeable professional so that the
organization's employees ask them for information. The attacker then
manipulates questions to draw out the required information. What is this
technique?
Baiting
Reverse social engineering
Quid pro quo
Dumpster diving
10. What is the term for the automated process of collecting information
from a target website?
Website mirroring
Website link extraction
