CEH Quick Pop Quiz
Just a small bit from the CEH
Questions and Answers
- 1.
_____ is the pre-attack information gathering and organization of collected data, which is used to document the security profile of an organization.
- A.
Scanning
- B.
Foot printing
- C.
Dumpster diving
- D.
Enumeration
Correct Answer
B. Foot printingExplanation
Footprinting is the pre-attack process of gathering information about a target organization, which is then used to create a security profile. This involves collecting data about the organization's network, systems, employees, and infrastructure. The purpose of foot printing is to identify potential vulnerabilities and weaknesses that can be exploited in a cyber attack. It includes activities such as searching online, analyzing public records, social engineering, and gathering information from publicly available sources. By conducting foot printing, attackers can understand the organization's security posture and plan their attack accordingly.Rate this question:
-
- 2.
Identify the 3 pre-attack phases
- A.
Rooting
- B.
Scanning
- C.
Social engineering
- D.
Enumeration
- E.
Foot printing
Correct Answer(s)
B. Scanning
D. Enumeration
E. Foot printingExplanation
The correct answer is scanning, enumeration, and foot printing. These three phases are part of the pre-attack process in which an attacker gathers information and identifies vulnerabilities in a target system or network. Scanning involves actively probing the target to discover open ports, services, and potential entry points. Enumeration is the process of gathering more detailed information about the target, such as user accounts, network resources, and system configurations. Foot printing is the initial phase where the attacker collects general information about the target, including IP addresses, domain names, and publicly available data. These three phases are crucial for an attacker to plan and execute a successful attack.Rate this question:
-
- 3.
The information gathering stage has ___ phases
- A.
7
- B.
5
- C.
10
- D.
3
Correct Answer
A. 7Explanation
The information gathering stage consists of multiple phases, and the correct answer is 7. This suggests that there are seven distinct phases involved in the process of gathering information.Rate this question:
-
- 4.
Which of the following stages of information gathering fall under "foot printing"?
- A.
Discover open ports
- B.
Uncover services on ports
- C.
Detect operating system
- D.
Unearth initial information
- E.
Locate the network range
Correct Answer(s)
D. Unearth initial information
E. Locate the network rangeExplanation
The stages of information gathering that fall under "foot printing" are unearth initial information and locate the network range. Unearthing initial information involves collecting basic details about the target such as domain names, email addresses, or employee names. Locating the network range involves identifying the range of IP addresses that belong to the target organization. These two stages are crucial in the initial reconnaissance phase of a security assessment, as they provide a foundation for further investigation and vulnerability identification.Rate this question:
-
- 5.
Which of the following tools might you use during foot printing?
- A.
Nmap
- B.
Sam Spade
- C.
Ethereal
- D.
Netcat
Correct Answer
B. Sam SpadeExplanation
Sam Spade is a tool that can be used during foot printing. It is a network analysis tool that helps in gathering information about a target network or system. It can perform tasks like DNS lookup, whois queries, IP address scanning, and other network reconnaissance activities. By using Sam Spade, an attacker can gather valuable information about the target, such as IP addresses, domain names, email addresses, and network services. This information can then be used to identify vulnerabilities and plan further attacks.Rate this question:
-
- 6.
Determine the first DNS server in the following WHOIS output:Domain ID:D81180127-LRORDomain Name:ECCOUNCIL.ORGCreated On:14-Dec-2001 10:13:06 UTCLast Updated On:08-Oct-2003 09:32:10 UTCExpiration Date:14-Dec-2004 10:13:06 UTCSponsoring Registrar:R11-LRORStatus:OKRegistrant ID:tuTv2ItRZBMNd4lARegistrant Name:Paul KwitowskiRegistrant Organization:International Council of E-Commerce ConsultantsRegistrant Street1:67 Wall Street, 22nd FloorRegistrant City:New YorkRegistrant State/Province:NYRegistrant Postal Code:10005-3198Registrant Country:USRegistrant Phone:+1.2127098253Registrant FAX:+1.2129432300Registrant Email:[email protected] ID:tus9DYvpp5mrbLNdAdmin Name:Ethan RussellAdmin Organization:International Council of E-Commerce ConsultantsAdmin Street1:67 Wall Street, 22nd FloorAdmin City:New YorkAdmin State/Province:NYAdmin Postal Code:10005-3198Admin Country:USAdmin Phone:+1.2127098253Admin Email:[email protected] ID:tuE1cgAfi1VnFkpuTech Name:Jacob EckelTech Organization:International Council of E-Commerce ConsultantsTech Street1:67 Wall Street, 22nd FloorTech City:New YorkTech State/Province:NYTech Postal Code:10005-3198Tech Country:USTech Phone:+1.2127098253Tech Email:[email protected] Server:AUTH1.NS.NYI.NETName Server:AUTH2.NS.NYI.NET
Correct Answer
AUTH1.NS.NYI.NETExplanation
The first DNS server in the WHOIS output is AUTH1.NS.NYI.NET.Rate this question:
- 7.
Which of the following could be used to learn the ASN that an organization is using?
- A.
EDGAR
- B.
WHOIS
- C.
ARIN
- D.
NSLOOKUP
Correct Answer
C. ARINExplanation
ARIN (American Registry for Internet Numbers) could be used to learn the ASN (Autonomous System Number) that an organization is using. ARIN is responsible for the allocation and registration of IP addresses and ASNs in North America. Therefore, by accessing ARIN's database, one can find information about the ASNs assigned to different organizations.Rate this question:
-
- 8.
If you wanted to know the geographic location of the routers, servers etc. which of these would you use?
- A.
Visual Trace
- B.
Visual Route
- C.
GeoTrace
- D.
Tracert
Correct Answer
B. Visual RouteExplanation
Visual Route is the correct answer because it is a software application that visually displays the geographic location of routers, servers, and other network devices. It uses maps and graphs to show the path of network traffic and provides information about the physical location of each device along the route. This tool is commonly used by network administrators and technicians to troubleshoot network issues and optimize network performance.Rate this question:
-
- 9.
Which of the following can help detect intrusions?
- A.
NetDetect
- B.
Nmap
- C.
VisualLookout
- D.
Sam Spade
- E.
Snort
Correct Answer(s)
C. VisualLookout
E. SnortExplanation
VisualLookout and Snort can help detect intrusions. VisualLookout is a software tool that monitors network traffic and identifies any suspicious activities or anomalies that may indicate an intrusion. Snort, on the other hand, is an open-source intrusion detection system that analyzes network packets in real-time to detect and alert on potential attacks. Both tools are designed to enhance network security by identifying and responding to intrusions in a timely manner.Rate this question:
-
- 10.
Which of the following would you use to determine if an email that you have sent gets opened?
- A.
VisualRoute Mail Tracker
- B.
Mailtracking.com
- C.
Sam Spade
- D.
EMailTrackerPro
Correct Answer
B. Mailtracking.comExplanation
Mailtracking.com is the correct answer because it is a service specifically designed to track email opens. It provides users with real-time notifications when their emails are opened, allowing them to monitor the success and effectiveness of their email campaigns. This service tracks various metrics such as open rates, click-through rates, and even location data of the recipients. By using Mailtracking.com, users can gain valuable insights into the engagement and reach of their emails.Rate this question:
-
- 11.
How might one determine if network hosts are alive?
- A.
War dialers
- B.
DoS Scripts
- C.
Netcat
- D.
Trojan horses
- E.
Ping utilities
Correct Answer(s)
A. War dialers
E. Ping utilitiesExplanation
One can determine if network hosts are alive by using war dialers and ping utilities. War dialers are tools that automatically dial a range of phone numbers to identify active phone lines, which can be used to determine if network hosts are alive. On the other hand, ping utilities send a small packet of data to a specific IP address and wait for a response, indicating if the host is alive or not. Therefore, both war dialers and ping utilities are effective methods for determining the status of network hosts.Rate this question:
-
- 12.
Which of the following might one use to war dial?
- A.
Dialnet
- B.
Snort
- C.
THC-Scan
- D.
ToneLoc
Correct Answer(s)
C. THC-Scan
D. ToneLocExplanation
THC-Scan and ToneLoc are both tools that can be used for war dialing. War dialing is the process of dialing a large range of telephone numbers in order to identify computer systems that may be connected to modems. THC-Scan and ToneLoc are specifically designed for this purpose and provide features such as automated scanning, detection of modems, and logging of results. These tools are commonly used by security professionals to identify vulnerable systems and potential entry points for unauthorized access.Rate this question:
-
- 13.
Identify utilities for pinging
- A.
Icmpenum
- B.
Genius
- C.
BlackICE
- D.
Netscan Tools
- E.
Hping
Correct Answer(s)
A. Icmpenum
D. Netscan Tools
E. HpingExplanation
The utilities mentioned in the answer are icmpenum, Netscan Tools, and Hping. These are all tools that can be used for pinging. icmpenum is a tool specifically designed for ICMP enumeration, Netscan Tools is a comprehensive network scanning tool that includes a ping utility, and Hping is a command-line tool that can send custom ICMP packets for various purposes, including ping. These utilities can be used to test network connectivity and check the availability of hosts.Rate this question:
-
- 14.
An open scan would be also known as a
- A.
UDP scan
- B.
Strobe scan
- C.
Vanilla scan
- D.
Sweep scan
Correct Answer
C. Vanilla scanExplanation
The term "vanilla scan" refers to an open scan. This type of scan involves sending a series of packets to a target system in order to gather information about open ports and services. It is called "vanilla" because it is a basic and straightforward method of scanning, without any additional techniques or complexities. Other options mentioned in the question, such as UDP scan, Strobe scan, and Sweep scan, are different types of scanning techniques with their own characteristics and purposes.Rate this question:
-
- 15.
Which type of scans sends a packet with no flags set?
- A.
Half-open scan
- B.
Null scan
- C.
Xmas scan
- D.
Open scan
Correct Answer
B. Null scanExplanation
A null scan is a type of scan where a packet is sent with no flags set. This means that no specific request or action is being made to the target system. By sending a null scan, the attacker can determine the state of the port based on the response received. If the port is open, no response will be received, indicating that the port is filtered or protected. If the port is closed, a response will be received, indicating that the port is closed and accessible. This type of scan is often used by attackers to gather information about a target system without triggering any alarms.Rate this question:
-
- 16.
Which type of scan has all of the available flags in the TCP header set?
- A.
Xmas
- B.
Closed
- C.
Open
- D.
Full
Correct Answer
A. XmasExplanation
An Xmas scan is a type of TCP scan where all the available flags in the TCP header are set to 1. This includes the URG, PSH, and FIN flags. By sending packets with these flags set, the scanner attempts to elicit responses from the target system. If the target system responds with a RST packet, it indicates that the port is closed. If there is no response, it suggests that the port is open. Therefore, an Xmas scan is used to identify open and closed ports on a target system.Rate this question:
-
- 17.
The "ipsecscan" utility is useful for scanning for the existence of VPN implementations by searching for IPSec characteristics on the remote device. IPSec supports which of the following encryption modes?
- A.
Relay
- B.
Peer to peer
- C.
Transfer
- D.
Transport
- E.
Tunnel
Correct Answer(s)
D. Transport
E. TunnelExplanation
The "ipsecscan" utility is used to scan for the existence of VPN implementations by searching for IPSec characteristics on the remote device. IPSec supports two encryption modes: transport and tunnel. In transport mode, only the payload of the IP packet is encrypted, while in tunnel mode, the entire IP packet is encapsulated and encrypted. Both transport and tunnel modes provide secure communication, but they differ in the level of encryption applied.Rate this question:
-
- 18.
The best port scanning tool currently available is?
- A.
Netscan Tools Pro
- B.
Superscan
- C.
Nmap
- D.
IpEye
Correct Answer
C. NmapExplanation
Nmap is considered the best port scanning tool currently available due to its extensive features and capabilities. It is an open-source and highly flexible tool that can be used for network exploration, security auditing, and vulnerability assessment. Nmap supports a wide range of scanning techniques, including TCP connect scanning, SYN scanning, and UDP scanning. It also provides advanced features like OS detection, version detection, script scanning, and the ability to scan thousands of ports quickly. Additionally, Nmap has a large and active community that constantly updates and improves its functionality, making it a reliable and widely trusted tool in the cybersecurity field.Rate this question:
-
- 19.
What technique is used to determine the OS of a remote host?
- A.
OS ID
- B.
OS fingerprinting
- C.
OS scanning
- D.
OS investigation
Correct Answer
B. OS fingerprintingExplanation
OS fingerprinting is a technique used to determine the operating system (OS) of a remote host. It involves analyzing various characteristics and behaviors of network packets sent by the remote host. By comparing these patterns with a database of known OS fingerprints, the technique can identify the most likely OS running on the remote host. This information is valuable for network administrators to understand the target system's vulnerabilities and to tailor their security measures accordingly.Rate this question:
-
- 20.
What type of fingerprinting captures traffic from a target host and analyzes it to determine the remote OS?
- A.
Sniffprinting
- B.
Passive fingerprinting
- C.
Packet fingerprinting
- D.
Open fingerprinting
Correct Answer
B. Passive fingerprintingExplanation
Passive fingerprinting is the correct answer because it involves capturing traffic from a target host and analyzing it to determine the remote operating system without actively engaging with the host. This method allows for the collection of data without alerting the target host. Sniffprinting, packet fingerprinting, and open fingerprinting do not accurately describe the process of capturing traffic and analyzing it for remote OS determination.Rate this question:
-
Quiz Review Timeline +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Mar 21, 2023Quiz Edited by
ProProfs Editorial Team -
Dec 01, 2009Quiz Created by
Cruizrisner
- ACA Quizzes
- ACCA Quizzes
- ACE Quizzes
- BCBA Quizzes
- CCP Quizzes
- CDC Quizzes
- CDCs Quizzes
- CISA Quizzes
- CISCO Quizzes
- CISSP Quizzes
- CompTIA Quizzes
- CPA Quizzes
- CPAT Quizzes
- CPFA Quizzes
- CPP Quizzes
- CPT Quizzes
- CSA Quizzes
- CSET Quizzes
- CST Quizzes
- CSWIP Quizzes
- FTCE Quizzes
- HIPAA Quizzes
- IAHCSMM Quizzes
- ISTQB Quizzes
- LEED Ga Quizzes
- MBLEx Quizzes
- NCIDQ Quizzes
- PMP Quizzes
- PRAXIS Quizzes
- PTCB Quizzes
- Six Sigma Quizzes
- TEAS Quizzes
Back to top