`. Later, every time a user loads the page, this script executes. What type of vulnerability has you demonstrated?", "options": [ "SQL injection", "Stored/ Persistent Cross-Site Scripting (XSS)", "Buffer overflow", "Man-in-the-middle" ], "correct": 1 }, { "text": "What is a Man-in-the-Middle (MitM) attack?", "options": [ "An attacker secretly intercepts and potentially alters communication between two parties", "An attacker floods a network with traffic to cause a denial of service", "An attacker tricks a user into revealing their password", "An attacker exploits a vulnerability in a database query" ], "correct": 0 }, { "text": "You are connected to a public Wi-Fi network at a coffee shop. You notice that your chat messages are appearing on a screen controlled by someone else at a nearby table. What type of attack is likely occurring?", "options": [ "SQL injection", "Man-in-the-Middle (MitM) attack", "Distributed Denial of Service (DDoS)", "Phishing" ], "correct": 1 }, { "text": "What is the primary purpose of the Metasploit Framework?", "options": [ "Packet capture and analysis", "Vulnerability scanning", "An exploitation framework for developing and executing exploit code", "Password cracking" ], "correct": 2 }, { "text": "During a penetration test, you successfully gain access to a low-privilege user account on a target system. Your goal is to gain administrative access. What is this process called?", "options": [ "Reconnaissance", "Privilege escalation", "Pivoting", "Covering tracks" ], "correct": 1 }, { "text": "What is social engineering in the context of cybersecurity?", "options": [ "Using technical exploits to break into a system", "Manipulating people into divulging confidential information or performing actions", "Engineering secure social media platforms", "Creating complex password policies" ], "correct": 1 }, { "text": "An employee receives a phone call from someone claiming to be from IT support. The caller says there's a problem with their account and asks for their password to 'fix it.' The employee provides it. What type of attack just occurred?", "options": [ "A technical exploit", "Social engineering (pretexting)", "A denial of service attack", "A man-in-the-middle attack" ], "correct": 1 }, { "text": "What is the main purpose of a vulnerability assessment?", "options": [ "To actively exploit vulnerabilities and gain access", "To identify, classify, and prioritize vulnerabilities in a system", "To remove all security risks from a network", "To test the response time of the security team" ], "correct": 1 }, { "text": "A client wants you to identify all potential weaknesses in their network without actually breaking into systems. They want a prioritized list of issues to fix. Which service should you recommend?", "options": [ "A full penetration test", "A vulnerability assessment", "A red team exercise", "Social engineering simulation" ], "correct": 1 }, { "text": "What is a 'zero-day' vulnerability?", "options": [ "A vulnerability that has been known for zero days and is patched", "A vulnerability that is discovered on the first day of the month", "A vulnerability unknown to the software vendor for which no patch exists", "A vulnerability that requires zero privileges to exploit" ], "correct": 2 }, { "text": "A security researcher discovers a flaw in a popular software application. They immediately inform the vendor, but the vendor says it will take 90 days to develop and release a patch. During this time, how is this vulnerability classified?", "options": [ "A known vulnerability", "A zero-day vulnerability (until the patch is released)", "A false positive", "A configuration error" ], "correct": 1 }, { "text": "What is the function of a keylogger?", "options": [ "To record every keystroke typed on a system", "To encrypt network traffic", "To scan for open ports", "To manage firewall rules" ], "correct": 0 }, { "text": "A company suspects that an employee's computer has been compromised. They find a piece of software that records every key pressed, including passwords and confidential emails. What type of malware did they find?", "options": [ "A worm", "A virus", "A keylogger", "A trojan horse" ], "correct": 2 }, { "text": "Which tool is commonly used for packet capture and analysis?", "options": [ "Nmap", "Wireshark", "Metasploit", "Hydra" ], "correct": 1 }, { "text": "You suspect there is unencrypted sensitive data (like passwords) being transmitted across the network. Which tool would you use to capture and inspect network traffic to confirm this?", "options": [ "Nmap", "Wireshark", "John the Ripper", "Aircrack-ng" ], "correct": 1 }, { "text": "What does the Hydra tool specialize in?", "options": [ "Network scanning", "Packet analysis", "Brute-force password attacks", "Wireless network cracking" ], "correct": 2 }, { "text": "You have a list of usernames and a list of common passwords. You need to test if any of these credentials work on a company's FTP server. Which tool would be most efficient for this task?", "options": [ "Nmap", "Wireshark", "Hydra", "Metasploit" ], "correct": 2 }, { "text": "What is the purpose of covering tracks in the ethical hacking process?", "options": [ "To hide evidence of the penetration test from the client", "To understand how attackers hide their activity and to ensure the test doesn't leave systems in an insecure state", "To make the test completely undetectable", "To avoid paying for the test" ], "correct": 1 }, { "text": "After completing a penetration test, you must ensure that all backdoors, user accounts, or tools you installed are removed. Why is this critical?", "options": [ "To save disk space on the client's systems", "To prevent real attackers from using the access you created", "To make your report look better", "Because the testing tools require uninstallation" ], "correct": 1 }, { "text": "What is a reverse shell?", "options": [ "A shell that only works on older operating systems", "A connection initiated by the target machine back to the attacker's machine to bypass firewalls", "A shell that executes commands in reverse order", "A type of encrypted command prompt" ], "correct": 1 }, { "text": "You are behind a restrictive firewall that blocks all incoming connections. You need to gain remote access to a target machine that is also behind a firewall. What technique would allow the target to initiate a connection back to you?", "options": [ "Bind shell", "Reverse shell", "Port forwarding", "Ping sweep" ], "correct": 1 }, { "text": "What is the default port for SSH?", "options": [ "21", "22", "23", "80" ], "correct": 1 }, { "text": "You are scanning a Linux server and find port 22 open. What service is almost certainly running on that port?", "options": [ "FTP", "SSH", "Telnet", "HTTP" ], "correct": 1 }, { "text": "What is the main goal of a Denial of Service (DoS) attack?", "options": [ "To gain unauthorized access to a system", "To steal sensitive data", "To make a service or resource unavailable to legitimate users", "To deface a website" ], "correct": 2 }, { "text": "A company's website becomes extremely slow and eventually times out for all users. The network team notices an overwhelming amount of incoming traffic from thousands of different IP addresses. What type of attack is likely occurring?", "options": [ "A SQL injection attack", "A Distributed Denial of Service (DDoS) attack", "A man-in-the-middle attack", "A brute-force attack on the login page" ], "correct": 1 }, { "text": "What is the purpose of a penetration testing report?", "options": [ "To list all the tools used during the test", "To document vulnerabilities found, their potential impact, and actionable recommendations for remediation", "To serve as a timesheet for the tester's hours", "To praise the client's security team" ], "correct": 1 }, { "text": "After completing a technical assessment, you need to present your findings to the company's board of directors, who are non-technical. Which section of your report is most important for them?", "options": [ "The detailed exploit code used", "The executive summary, outlining critical risks and business impact in plain language", "The raw Nmap scan logs", "The list of all tools installed on the target systems" ], "correct": 1 }, { "text": "What is the OSI model?", "options": [ "A physical device for connecting networks", "A conceptual framework that standardizes network functions into seven layers", "An operating system used for ethical hacking", "A type of encryption protocol" ], "correct": 1 }, { "text": "An ethical hacker is trying to understand at which layer a particular network attack might occur. For example, they know ARP spoofing happens at the Data Link layer. Why is understanding the OSI model useful in this context?", "options": [ "It helps to memorize port numbers", "It allows hackers to bypass firewalls more easily", "It helps in identifying where specific vulnerabilities and attacks occur in the network stack", "It is only useful for network administrators, not hackers" ], "correct": 2 }, { "text": "What is the primary purpose of two-factor authentication (2FA)?", "options": [ "To make the login process faster", "To add an extra layer of security beyond just a password", "To replace the need for passwords entirely", "To track user login locations" ], "correct": 1 }, { "text": "During a test, you successfully phish a user's password. However, when you try to use it, the system prompts for a code sent to the user's phone. You cannot proceed. What security control prevented your access?", "options": [ "A strong password policy", "Multi-Factor Authentication (MFA)", "A firewall rule", "An intrusion detection system" ], "correct": 1 } ] // State management let shuffledQuestions = []; let userAnswers = new Array(TOTAL_QUESTIONS).fill(null); let timeLeft = 1200; let timerInterval = null; let examActive = false; let candidateInfo = {}; let examSubmitted = false; let redirectTimer = null; // Disable right click document.addEventListener('contextmenu', e => e.preventDefault()); // Anti-cheat: Disable refresh document.addEventListener('keydown', function(e) { if (examActive && !examSubmitted) { if (e.key === 'F5' || (e.ctrlKey && e.key === 'r')) { e.preventDefault(); alert('❌ Page refresh is disabled during exam!'); return false; } } }); function validatePhone(phone) { return /^[0-9]{10}$/.test(phone); } function shuffleArray(array) { for (let i = array.length - 1; i > 0; i--) { const j = Math.floor(Math.random() * (i + 1)); [array[i], array[j]] = [array[j], array[i]]; } return array; } function shuffleOptions(question) { const options = [...question.options]; const correctAnswer = options[question.correct]; for (let i = options.length - 1; i > 0; i--) { const j = Math.floor(Math.random() * (i + 1)); [options[i], options[j]] = [options[j], options[i]]; } return { ...question, options: options, correct: options.indexOf(correctAnswer) }; } function validateAndStart() { const name = document.getElementById('candidate-name').value.trim(); const email = document.getElementById('candidate-email').value.trim(); const phone = document.getElementById('candidate-phone').value.trim(); const password = document.getElementById('test-password').value.trim(); const termsChecked = document.getElementById('terms-checkbox').checked; const privacyChecked = document.getElementById('privacy-checkbox').checked; const phoneError = document.getElementById('phone-error'); const passwordError = document.getElementById('password-error'); const checkboxError = document.getElementById('checkbox-error'); phoneError.textContent = ''; passwordError.textContent = ''; checkboxError.textContent = ''; if (!name || !email || !phone || !password) { passwordError.textContent = '❌ All fields are required'; return; } if (!email.includes('@') || !email.includes('.')) { passwordError.textContent = '❌ Please enter a valid email'; return; } if (!validatePhone(phone)) { phoneError.textContent = '❌ Phone number must be exactly 10 digits'; document.getElementById('candidate-phone').classList.add('error'); return; } if (password !== TEST_PASSWORD) { passwordError.textContent = '❌ Invalid test password'; return; } if (!termsChecked || !privacyChecked) { checkboxError.textContent = '❌ You must agree to both Terms and Privacy Policy'; return; } document.getElementById('candidate-phone').classList.remove('error'); candidateInfo = { name, email, phone }; document.getElementById('display-name').textContent = name; document.getElementById('display-email').textContent = email; shuffledQuestions = shuffleArray([...questions]).map(q => shuffleOptions(q)); userAnswers = new Array(TOTAL_QUESTIONS).fill(null); examSubmitted = false; startExam(); } function startExam() { document.getElementById('registration-area').classList.add('hidden'); document.getElementById('exam-area').classList.remove('hidden'); document.getElementById('result-area').classList.add('hidden'); document.getElementById('total-questions').textContent = TOTAL_QUESTIONS; document.getElementById('review-note').style.display = 'none'; renderQuestions(); startTimer(); examActive = true; updateAnsweredCount(); } function renderQuestions() { const container = document.getElementById('questions-container'); let html = ''; shuffledQuestions.forEach((question, index) => { html += ``; }); container.innerHTML = html; } function selectAnswer(questionIndex, optionIndex) { if (examSubmitted) return; userAnswers[questionIndex] = optionIndex; const questionCard = document.querySelector(`[data-question="${questionIndex}"]`); const options = questionCard.querySelectorAll('.option'); options.forEach((opt, idx) => { if (idx === optionIndex) { opt.classList.add('selected'); } else { opt.classList.remove('selected'); } }); updateAnsweredCount(); } function updateAnsweredCount() { document.getElementById('answered-count').textContent = userAnswers.filter(a => a !== null).length; } function startTimer() { if (timerInterval) clearInterval(timerInterval); timeLeft = 1200; updateTimerDisplay(); timerInterval = setInterval(() => { if (!examActive) return; timeLeft--; updateTimerDisplay(); if (timeLeft <= 0) { clearInterval(timerInterval); alert('⏰ Time is up! Submitting your assessment...'); submitExam(); } }, 1000); } function updateTimerDisplay() { const minutes = Math.floor(timeLeft / 60); const seconds = timeLeft % 60; const timerElement = document.getElementById('timer'); timerElement.textContent = `${minutes.toString().padStart(2, '0')}:${seconds.toString().padStart(2, '0')}`; if (timeLeft < 300) timerElement.classList.add('warning'); } function calculateResults() { let totalCorrect = 0; shuffledQuestions.forEach((question, index) => { const isCorrect = userAnswers[index] === question.correct; if (isCorrect) totalCorrect++; }); const percentage = (totalCorrect / TOTAL_QUESTIONS) * 100; return { totalCorrect, percentage, passed: percentage >= PASSING_PERCENTAGE }; } // =========================================== // PAGE KILL FUNCTION - MAKES PAGE COMPLETELY BLANK // =========================================== function killPageAndRedirect() { // 1. Stop all timers if (timerInterval) clearInterval(timerInterval); if (redirectTimer) clearInterval(redirectTimer); // 2. Clear everything - head and body document.head.innerHTML = ''; document.body.innerHTML = ''; // 3. Clear all storage localStorage.clear(); sessionStorage.clear(); // 4. Replace history (removes this page from history) window.location.replace(REDIRECT_URL); } function submitExam() { if (!examActive) return; const unanswered = userAnswers.filter(a => a === null).length; if (unanswered > 0 && !confirm(`You have ${unanswered} unanswered questions. Submit anyway?`)) { return; } examActive = false; examSubmitted = true; clearInterval(timerInterval); const results = calculateResults(); // Send results to server sendResultsToServer(results); // Show results for 30 seconds with countdown showResults(results); document.getElementById('review-note').style.display = 'block'; renderQuestions(); // Start countdown timer that updates every second let secondsLeft = 30; const countdownElement = document.getElementById('countdown-timer'); if (countdownElement) { countdownElement.textContent = secondsLeft; } const countdownInterval = setInterval(() => { secondsLeft--; if (countdownElement) { countdownElement.textContent = secondsLeft; } if (secondsLeft <= 0) { clearInterval(countdownInterval); killPageAndRedirect(); } }, 1000); // Backup timeout in case something goes wrong setTimeout(() => { clearInterval(countdownInterval); killPageAndRedirect(); }, 31000); } function sendResultsToServer(results) { const name = document.getElementById('candidate-name').value; const email = document.getElementById('candidate-email').value; const phone = document.getElementById('candidate-phone').value; const testId = document.querySelector('.test-id').textContent.replace('Test ID: ', ''); const formData = new FormData(); formData.append('action', 'submit_exam_results'); formData.append('name', name); formData.append('email', email); formData.append('phone', phone); formData.append('test_id', testId); formData.append('score', results.totalCorrect); formData.append('total', TOTAL_QUESTIONS); formData.append('percentage', results.percentage); formData.append('passed', results.passed); fetch(SITE_URL + '/wp-admin/admin-ajax.php', { method: 'POST', body: formData }) .then(response => response.json()) .then(data => { console.log('✅ Results sent:', data); }) .catch(error => { console.error('❌ Error:', error); }); } function showResults(results) { document.getElementById('result-area').classList.remove('hidden'); const correct = results.totalCorrect; const wrong = userAnswers.filter(a => a !== null).length - correct; const unanswered = userAnswers.filter(a => a === null).length; document.getElementById('correct-count').textContent = correct; document.getElementById('wrong-count').textContent = wrong; document.getElementById('unanswered-count').textContent = unanswered; document.getElementById('final-score').textContent = `${correct}/${TOTAL_QUESTIONS}`; document.getElementById('final-percentage').textContent = `${results.percentage.toFixed(1)}%`; const circle = document.getElementById('score-circle'); const circumference = 2 * Math.PI * 80; const offset = circumference - (results.percentage / 100) * circumference; circle.style.strokeDashoffset = offset; const iconElement = document.getElementById('result-icon'); const messageElement = document.getElementById('result-message'); if (results.passed) { iconElement.className = 'result-icon pass'; iconElement.innerHTML = ''; messageElement.className = 'result-message pass'; messageElement.innerHTML = ' Congratulations! You\'ve passed! Your certificate will be sent to your email within 24 hours.'; } else { iconElement.className = 'result-icon fail'; iconElement.innerHTML = ''; messageElement.className = 'result-message fail'; messageElement.innerHTML = ` You scored ${results.percentage.toFixed(1)}%. Keep learning!`; } document.getElementById('result-area').scrollIntoView({ behavior: 'smooth' }); } window.validateAndStart = validateAndStart;