Ethical Hacking Cheat Sheet 2026

The 30 highest-yield Ethical Hacking facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.

125 questions
240 min time limit
70.00% to pass
  1. Which OWASP Top 10 vulnerability occurs when untrusted data is sent to an interpreter as part of a command? Injection
  2. What is a 'rogue access point' in the context of wireless penetration testing? An unauthorized AP set up to intercept or provide unauthorized access to a network
  3. What does placing a wireless adapter in 'monitor mode' allow a penetration tester to do? Passively capture all wireless frames in range without associating with an AP
  4. What tool is used by ethical hackers to capture WPA2 handshakes for offline cracking? Aircrack-ng suite (airodump-ng)
  5. What type of malware is specifically designed to hide its presence and maintain persistent privileged access on a compromised system? Rootkit
  6. Which authentication attack uses precomputed hash tables to reverse password hashes? Rainbow table attack
  7. What is a 'backdoor' malware? Malware that provides persistent remote access to a compromised system
  8. Which technique involves sending malformed packets to crash or reveal information about a target system? Fuzzing
  9. What is 'key exchange' in cryptography and which protocol is most commonly used? Securely establishing a shared secret over an untrusted channel; Diffie-Hellman
  10. Which attack attempts every possible key combination to decrypt encrypted data? Brute force attack
  11. Which behavior is a strong indicator of ransomware activity on a network? Mass file renaming and encryption combined with a ransom note creation
  12. What does a keylogger do? Records keystrokes to capture passwords and sensitive input
  13. What is directory traversal in web application hacking? Accessing files outside the web root by manipulating path variables
  14. When a hacker impersonates a legitimate user on a system, what is the term for it? Impersonation
  15. Which persistence mechanism involves adding registry entries under Windows Run keys to execute malicious code automatically each time the system starts? Registry Run key persistence (e.g., HKLM\Software\Microsoft\Windows\CurrentVersion\Run)
  16. Which Metasploit command is used to search for available exploit modules? search
  17. What does TTL (Time to Live) value in a ping response help a penetration tester determine? Operating system type
  18. What is 'fileless malware' and why is it harder to detect? Malware that resides only in memory without writing to disk, evading file-based detection
  19. Which tool is used for wireless packet injection and monitoring in penetration tests? Aircrack-ng
  20. What is a CSRF attack? Forging requests from an authenticated user's browser
  21. Which symmetric encryption algorithm is considered the current US government standard and is used widely in security applications? AES
  22. What is a 'watering hole attack'? Infecting websites frequently visited by the target organization
  23. Which process injection technique inserts malicious code into a legitimate running process to evade detection? DLL injection
  24. Which wireless attack exploits the WPS PIN by targeting a vulnerability in the pseudo-random number generator used during offline authentication? Pixie Dust attack
  25. What is 'HTTP verb tampering' in web security testing? Sending unexpected HTTP methods like PUT or DELETE to bypass access controls
  26. During a penetration test, what does 'enumeration' primarily involve? Gathering detailed information about network resources, users, and services
  27. Which of the following is a buffer overflow countermeasure? Bounds checking
  28. What is 'clickjacking' in web application security? Embedding a target page in an iframe to trick users into clicking hidden elements
  29. What is the default port used by the SMB protocol that penetration testers frequently target? 445
  30. Which Windows subsystem service stores user credentials in memory to support single sign-on and is a primary target for credential dumping tools like Mimikatz? LSASS (Local Security Authority Subsystem Service)