CEH Quick Pop Quiz

The first DNS server in the WHOIS output is AUTH1.NS.NYI.NET.

Nmap is considered the best port scanning tool currently available due to its extensive features and capabilities. It is an open-source and highly flexible tool that can be used for network exploration, security auditing, and vulnerability assessment. Nmap supports a wide range of scanning techniques, including TCP connect scanning, SYN scanning, and UDP scanning. It also provides advanced features like OS detection, version detection, script scanning, and the ability to scan thousands of ports quickly. Additionally, Nmap has a large and active community that constantly updates and improves its functionality, making it a reliable and widely trusted tool in the cybersecurity field.

OS fingerprinting is a technique used to determine the operating system (OS) of a remote host. It involves analyzing various characteristics and behaviors of network packets sent by the remote host. By comparing these patterns with a database of known OS fingerprints, the technique can identify the most likely OS running on the remote host. This information is valuable for network administrators to understand the target system's vulnerabilities and to tailor their security measures accordingly.

Footprinting is the pre-attack process of gathering information about a target organization, which is then used to create a security profile. This involves collecting data about the organization's network, systems, employees, and infrastructure. The purpose of foot printing is to identify potential vulnerabilities and weaknesses that can be exploited in a cyber attack. It includes activities such as searching online, analyzing public records, social engineering, and gathering information from publicly available sources. By conducting foot printing, attackers can understand the organization's security posture and plan their attack accordingly.

A null scan is a type of scan where a packet is sent with no flags set. This means that no specific request or action is being made to the target system. By sending a null scan, the attacker can determine the state of the port based on the response received. If the port is open, no response will be received, indicating that the port is filtered or protected. If the port is closed, a response will be received, indicating that the port is closed and accessible. This type of scan is often used by attackers to gather information about a target system without triggering any alarms.

The correct answer is scanning, enumeration, and foot printing. These three phases are part of the pre-attack process in which an attacker gathers information and identifies vulnerabilities in a target system or network. Scanning involves actively probing the target to discover open ports, services, and potential entry points. Enumeration is the process of gathering more detailed information about the target, such as user accounts, network resources, and system configurations. Foot printing is the initial phase where the attacker collects general information about the target, including IP addresses, domain names, and publicly available data. These three phases are crucial for an attacker to plan and execute a successful attack.

Passive fingerprinting is the correct answer because it involves capturing traffic from a target host and analyzing it to determine the remote operating system without actively engaging with the host. This method allows for the collection of data without alerting the target host. Sniffprinting, packet fingerprinting, and open fingerprinting do not accurately describe the process of capturing traffic and analyzing it for remote OS determination.

An Xmas scan is a type of TCP scan where all the available flags in the TCP header are set to 1. This includes the URG, PSH, and FIN flags. By sending packets with these flags set, the scanner attempts to elicit responses from the target system. If the target system responds with a RST packet, it indicates that the port is closed. If there is no response, it suggests that the port is open. Therefore, an Xmas scan is used to identify open and closed ports on a target system.

Mailtracking.com is the correct answer because it is a service specifically designed to track email opens. It provides users with real-time notifications when their emails are opened, allowing them to monitor the success and effectiveness of their email campaigns. This service tracks various metrics such as open rates, click-through rates, and even location data of the recipients. By using Mailtracking.com, users can gain valuable insights into the engagement and reach of their emails.

The information gathering stage consists of multiple phases, and the correct answer is 7. This suggests that there are seven distinct phases involved in the process of gathering information.

Sam Spade is a tool that can be used during foot printing. It is a network analysis tool that helps in gathering information about a target network or system. It can perform tasks like DNS lookup, whois queries, IP address scanning, and other network reconnaissance activities. By using Sam Spade, an attacker can gather valuable information about the target, such as IP addresses, domain names, email addresses, and network services. This information can then be used to identify vulnerabilities and plan further attacks.

The term "vanilla scan" refers to an open scan. This type of scan involves sending a series of packets to a target system in order to gather information about open ports and services. It is called "vanilla" because it is a basic and straightforward method of scanning, without any additional techniques or complexities. Other options mentioned in the question, such as UDP scan, Strobe scan, and Sweep scan, are different types of scanning techniques with their own characteristics and purposes.

ARIN (American Registry for Internet Numbers) could be used to learn the ASN (Autonomous System Number) that an organization is using. ARIN is responsible for the allocation and registration of IP addresses and ASNs in North America. Therefore, by accessing ARIN's database, one can find information about the ASNs assigned to different organizations.

The "ipsecscan" utility is used to scan for the existence of VPN implementations by searching for IPSec characteristics on the remote device. IPSec supports two encryption modes: transport and tunnel. In transport mode, only the payload of the IP packet is encrypted, while in tunnel mode, the entire IP packet is encapsulated and encrypted. Both transport and tunnel modes provide secure communication, but they differ in the level of encryption applied.

Visual Route is the correct answer because it is a software application that visually displays the geographic location of routers, servers, and other network devices. It uses maps and graphs to show the path of network traffic and provides information about the physical location of each device along the route. This tool is commonly used by network administrators and technicians to troubleshoot network issues and optimize network performance.

The stages of information gathering that fall under "foot printing" are unearth initial information and locate the network range. Unearthing initial information involves collecting basic details about the target such as domain names, email addresses, or employee names. Locating the network range involves identifying the range of IP addresses that belong to the target organization. These two stages are crucial in the initial reconnaissance phase of a security assessment, as they provide a foundation for further investigation and vulnerability identification.

The utilities mentioned in the answer are icmpenum, Netscan Tools, and Hping. These are all tools that can be used for pinging. icmpenum is a tool specifically designed for ICMP enumeration, Netscan Tools is a comprehensive network scanning tool that includes a ping utility, and Hping is a command-line tool that can send custom ICMP packets for various purposes, including ping. These utilities can be used to test network connectivity and check the availability of hosts.

One can determine if network hosts are alive by using war dialers and ping utilities. War dialers are tools that automatically dial a range of phone numbers to identify active phone lines, which can be used to determine if network hosts are alive. On the other hand, ping utilities send a small packet of data to a specific IP address and wait for a response, indicating if the host is alive or not. Therefore, both war dialers and ping utilities are effective methods for determining the status of network hosts.

THC-Scan and ToneLoc are both tools that can be used for war dialing. War dialing is the process of dialing a large range of telephone numbers in order to identify computer systems that may be connected to modems. THC-Scan and ToneLoc are specifically designed for this purpose and provide features such as automated scanning, detection of modems, and logging of results. These tools are commonly used by security professionals to identify vulnerable systems and potential entry points for unauthorized access.

VisualLookout and Snort can help detect intrusions. VisualLookout is a software tool that monitors network traffic and identifies any suspicious activities or anomalies that may indicate an intrusion. Snort, on the other hand, is an open-source intrusion detection system that analyzes network packets in real-time to detect and alert on potential attacks. Both tools are designed to enhance network security by identifying and responding to intrusions in a timely manner.