Network Programming Quiz Questions
.
Questions and Answers
- 1.
You have just completed a scan of your servers, and you found port 31337 open. Which of the following programs uses that port by default?
- A.
NetBus
- B.
Back Orifice
- C.
Option 3
- D.
Donald Dick
Correct Answer
B. Back OrificeExplanation
Back Orifice is a remote administration tool that allows unauthorized access to a computer system. It is known for using port 31337 as its default port. Therefore, if port 31337 is open on the server, it suggests that Back Orifice may be running on the system. NetBus is another remote administration tool but it uses a different default port. Option 3 and Donald Dick are not relevant to the given question.Rate this question:
-
- 2.
Which of the following programs can be used for port redirection?
- A.
Loki
- B.
Recub
- C.
Girlfriend
- D.
FPipe
Correct Answer
D. FPipeExplanation
FPipe is a program that can be used for port redirection. Port redirection involves redirecting network traffic from one port to another, allowing for the rerouting of incoming connections. FPipe is a versatile tool that enables users to redirect TCP/IP or UDP/IP data streams between ports on different machines. It can be used for various purposes, such as load balancing, network testing, and troubleshooting.Rate this question:
-
- 3.
Which of the following best describes a covert communications? A program that appears desirable, but actually contains something harmful
- A.
A program that appears desirable, but actually contains something harmful
- B.
A way of getting into a guarded system without using the required password
- C.
A program or algorithm that replicates itself over a computer network and usually performs malicious actions
- D.
Sending and receiving unauthorized information or data by using a protocol, service, or server to transmit info in a way in which it was not intended to be used
Correct Answer
D. Sending and receiving unauthorized information or data by using a protocol, service, or server to transmit info in a way in which it was not intended to be usedExplanation
Covert communications refer to the act of sending and receiving unauthorized information or data by using a protocol, service, or server to transmit information in a way that it was not intended to be used. This means that individuals are secretly exchanging information in a manner that is not allowed or expected by the system or network. It involves bypassing security measures or exploiting vulnerabilities to engage in unauthorized communication.Rate this question:
-
- 4.
Which of the following best describes Netcat?
- A.
Netcat is a more powerful version of Snort and can be used for network monitoring and data acquisition. This program enables you to dump the traffic on a network. It can also be used to print out the headers of packets on a network interface that matches a given expression.
- B.
Netcat is called the TCP/IP Swiss army knife. It works with Windows and Linux and can read and write data across network connections using TCP or UDP.
- C.
Netcat is called the TCP/IP Swiss army knife. It is a simple Linux-only utility that reads and writes data across network connections using TCP or UDP.
- D.
Netcat is called the TCP/IP Swiss army knife. It is a simple windows only utility that reads and writes data across network connections using TCP or UDP.
Correct Answer
B. Netcat is called the TCP/IP Swiss army knife. It works with Windows and Linux and can read and write data across network connections using TCP or UDP.Explanation
Netcat is a versatile tool that is often referred to as the TCP/IP Swiss army knife. It is compatible with both Windows and Linux operating systems. Netcat allows users to read and write data across network connections using either TCP or UDP protocols. This makes it a powerful tool for network monitoring and data acquisition. It can also be used to dump traffic on a network and print out packet headers that match a specific expression.Rate this question:
-
- 5.
One of your user’s Windows computers has been running slowly and performing erratically. After looking it over, you find a suspicious-looking file named watching.dll. Which of the following programs uses that file?
- A.
SubSeven
- B.
Donald Dick
- C.
Loki
- D.
NetBus
Correct Answer
A. SubSevenExplanation
The correct answer is SubSeven. SubSeven is a remote administration tool (RAT) that is often used by hackers to gain unauthorized access to a computer. The suspicious-looking file named watching.dll is likely associated with SubSeven, indicating that the computer may have been compromised by a hacker using this program.Rate this question:
-
- 6.
Jane has noticed that her system is running strangely. However, even when she ran Netstat, everything looked fine. What should she do next?
- A.
Restore from a recent backup
- B.
Remove any entries from the Windows startup folder
- C.
Use a third party tool with a verified fingerprint
- D.
Install patch.exe
Correct Answer
C. Use a third party tool with a verified fingerprintExplanation
Jane should use a third party tool with a verified fingerprint next. This means she should use a tool that has been authenticated and deemed trustworthy by a reliable source. This can help her identify any potential threats or issues that may not have been detected by Netstat.Rate this question:
-
- 7.
You overheard a co-worker who is upset about not getting a promotion threaten to load FakeGina on to the boss’s computer. What does FakeGina do?
- A.
It captures all keystrokes entered after the system starts up
- B.
It captues login usernames and password that are entered at system startup
- C.
It is a hardware keystroke capture program
- D.
It's a password trojan that emails password and usernames to a predetermined email address
Correct Answer
B. It captues login usernames and password that are entered at system startupExplanation
FakeGina captures login usernames and passwords that are entered at system startup. This means that if the co-worker loads FakeGina onto the boss's computer, it will record any login credentials that the boss enters when logging into the system. This can pose a serious security threat as the co-worker may use the captured information for unauthorized access or malicious purposes. It is important to prevent the installation of such programs to protect sensitive information and maintain the security of the system.Rate this question:
-
- 8.
Which covert communication program has the capability to bypass router ACLs that block incoming SYN traffic on port 80?
- A.
Firekiller 2000
- B.
ACKCMD
- C.
Stealth Tools
- D.
Loki
Correct Answer
B. ACKCMDExplanation
ACKCMD is the covert communication program that has the capability to bypass router ACLs that block incoming SYN traffic on port 80. This program likely uses the ACK flag in TCP packets to establish a connection, rather than the SYN flag which is typically blocked by router ACLs. By using this technique, ACKCMD can successfully bypass the ACLs and establish communication on port 80.Rate this question:
-
- 9.
What does the command nc –n –v –l -p 25 accomplish?
- A.
Forwards email on the remote server to the hacker's computer on port 25
- B.
Opens up a netcat listener on the local computer on port 25
- C.
Allows the hacker to use a victim's mail server to send spam
- D.
Blocks all incoming traffic on port 25
Correct Answer
B. Opens up a netcat listener on the local computer on port 25Explanation
The command "nc -n -v -l -p 25" opens up a netcat listener on the local computer on port 25. Netcat is a versatile networking tool that can be used for various purposes, such as port scanning, file transfer, and network debugging. In this case, the command is specifically used to create a listener on port 25, which is the default port for SMTP (Simple Mail Transfer Protocol) used for email communication. By opening this listener, the computer can receive incoming connections and data on port 25.Rate this question:
-
- 10.
What is Datapipe used for?
- A.
It is a virus
- B.
It is similar to Netstat and can report running processes and ports
- C.
It is a remote-control Trojan
- D.
It is a redirector. Remediation link - Cover communications
Correct Answer
D. It is a redirector. Remediation link - Cover communicationsExplanation
Datapipe is used as a redirector, meaning it redirects network traffic from one location to another. It does not have any malicious intent like a virus or a remote-control Trojan. It is also not similar to Netstat, which is a command-line tool used for monitoring network connections. The reference to "Cover communications" in the remediation link suggests that Datapipe may be used to obfuscate or hide communication channels.Rate this question:
-
- 11.
How can a Linux user list which processes are running if he suspects something has been loaded that is not approved?
- A.
Ps
- B.
Echo
- C.
Ls
- D.
Netstat
Correct Answer
A. PsExplanation
The correct answer is "ps". The "ps" command in Linux is used to list the currently running processes on a system. By running "ps", a Linux user can see a list of all processes running on their system and identify any suspicious or unauthorized processes that may have been loaded. This can help in identifying and investigating any potential security threats or unauthorized activities on the system.Rate this question:
-
- 12.
You have been hired by Bob’s Burgers to scan its network for vulnerabilities. They would like you to perform a system-level scan. Which of the following programs should you use?
- A.
N-Stealth
- B.
SARA
- C.
Flawfinder
- D.
Whisker
Correct Answer
B. SARAExplanation
SARA is the most suitable program for performing a system-level scan. SARA stands for Security Auditor's Research Assistant and it is designed specifically for network vulnerability assessment. It scans the network and identifies potential vulnerabilities in the system. N-Stealth is a web server security assessment tool, Flawfinder is a static analysis tool for C/C++ code, and Whisker is a web application vulnerability scanner. While these tools may be useful for specific purposes, SARA is the best choice for a system-level scan.Rate this question:
-
- 13.
You have been able to get a Terminal window open on a remote Linux host. You now need to use a command-line web browser to download a privilege-escalation tool. Which of the following will work?
- A.
TFTP
- B.
Lynx
- C.
Explorer
- D.
Firefox
Correct Answer
B. LynxExplanation
Lynx is a command-line web browser that can be used to download files from the internet. Since you need to download a privilege-escalation tool, Lynx is the most suitable option among the given choices. TFTP is a file transfer protocol, not a web browser. Explorer and Firefox are graphical web browsers and cannot be used in a Terminal window.Rate this question:
-
- 14.
Which of the following will allow you to set the user to full access, the group to read-only, and all others to no access?
- A.
Chmod 777
- B.
Chroot 740
- C.
Chroot 777
- D.
Chmod 740
Correct Answer
D. Chmod 740Explanation
The correct answer is "chmod 740". The chmod command is used to change the permissions of a file or directory. In this case, the numbers represent the permissions for the user, group, and others respectively. The number 7 gives full access, 4 gives read-only access, and 0 gives no access. Therefore, "chmod 740" will set the user to full access (7), the group to read-only (4), and all others to no access (0).Rate this question:
-
- 15.
While hacking away at your roommate’s Linux computer, you accessed his passwd file. Here is what you found. root :x: 0 : 0 : root: /root : /bin/bash bin : x : 1 : 1 : bin : /bin : daemon : x : 2 : 2 : daemon : /sbin : Where is the root password?
- A.
No password has been set
- B.
The password has been shadowed
- C.
The password is not visible because you are not logged in as root
- D.
The password is not in this file; it is in the SAM
Correct Answer
B. The password has been shadowedExplanation
The correct answer is "The password has been shadowed". In Linux, the password file (/etc/passwd) stores user account information, including the username, user ID, group ID, home directory, and shell. However, it does not store the actual passwords. Instead, the passwords are stored in a separate file called the shadow file (/etc/shadow), which is only accessible by the root user. The shadow file contains encrypted passwords and other security-related information. By finding the password file but not seeing the actual password, it indicates that the password has been shadowed.Rate this question:
-
- 16.
Your team lead has asked you to make absolute changes to a file’s permissions. Which of the following would be correct?
- A.
Chroot a+rwx
- B.
Chroot 320
- C.
Chmod a+rwx
- D.
Chmod 320
Correct Answer
D. Chmod 320Explanation
The correct answer is "chmod 320". The "chmod" command is used to change the permissions of a file or directory. In this case, the "320" argument specifies the new permissions for the file. The number "3" represents the owner's permissions, "2" represents the group's permissions, and "0" represents the permissions for others. The "2" in "320" indicates that the group will have write permissions, while the owner and others will have no permissions.Rate this question:
-
- 17.
Which of the following is not a valid Linux user group?
- A.
Guests
- B.
Normal Users
- C.
System Users
- D.
Super Users
Correct Answer
A. GuestsExplanation
The given options consist of different types of Linux user groups. Guests is not a valid Linux user group because it is not a commonly recognized type of user group in Linux systems. The other options, Normal Users, System Users, and Super Users, are valid and commonly used user groups in Linux.Rate this question:
-
- 18.
You have been exploring the files and directory structure of the new Linux server. What are the entries of the /etc/hosts file made up of?
- A.
The IP addres, the subnet mask, and the default gateway
- B.
The IP address, the hostname, and any alias
- C.
The IP address and status of approved or denied addresses
- D.
The IP address, the mask, and the deny or allow statement
Correct Answer
B. The IP address, the hostname, and any aliasExplanation
The /etc/hosts file in Linux contains entries that associate IP addresses with hostnames and aliases. It does not include subnet masks, default gateways, status of approved or denied addresses, or deny/allow statements. This file is used for local hostname resolution before querying DNS servers.Rate this question:
-
- 19.
At the prompt of your Linux server, you enter cat /etc/passwd. In the following output line, what is the function of 100?chubs : 2cX1eDm8cFiJYc : 500 : 100 : chubs Lex : /home/chubs/bin/bash
- A.
A binary value
- B.
The 100th users created
- C.
The user ID
- D.
The group ID
Correct Answer
D. The group IDExplanation
In the output line, "100" represents the group ID. In Linux, each user is assigned a unique user ID (UID) and a group ID (GID). The group ID is used to determine the group that the user belongs to. It helps in managing file and directory permissions, as well as in controlling access to resources on the system.Rate this question:
-
- 20.
Where will an attacker find the system password file in a Linux machine that is restricted to root and contains encrypted passwords?
- A.
/etc/hosts
- B.
/etc/passwd
- C.
/etc/inetd.conf
- D.
/etc/shadow
Correct Answer
D. /etc/shadowExplanation
The system password file in a Linux machine, which contains encrypted passwords, can be found in the /etc/shadow directory. This directory is restricted to the root user, making it difficult for attackers to access the encrypted passwords. The /etc/hosts file contains IP address to hostname mappings, the /etc/passwd file contains user account information, and the /etc/inetd.conf file contains configuration settings for internet services, but none of these files store the encrypted passwords.Rate this question:
-
- 21.
How many steps are in the ARP process?
- A.
2
- B.
1
- C.
4
- D.
3
Correct Answer
A. 2Explanation
The ARP (Address Resolution Protocol) process involves two steps. The first step is the ARP request, where a device sends a broadcast message to the network asking for the MAC address of a specific IP address. The second step is the ARP reply, where the device with the corresponding IP address sends its MAC address back to the requesting device. Therefore, there are two steps in the ARP process.Rate this question:
-
- 22.
One of the members of your red team would like to run Dsniff on a span of the network that is composed of hubs. Which of the following type best describes this attack?
- A.
Passive Sniffing
- B.
MAC Flooding
- C.
ARP Poisoning
- D.
Active Sniffing
Correct Answer
A. Passive SniffingExplanation
Passive Sniffing is the best type to describe this attack because Dsniff is a passive network monitoring tool that captures and analyzes network traffic. It does not actively send any packets or modify network settings. Since the network is composed of hubs, which are less secure than switches, Dsniff can easily capture and analyze all the network traffic passing through the hub without being detected. Therefore, the attacker can passively sniff and gather information without actively interfering with the network.Rate this question:
-
- 23.
You have been able to intercept many packets with Wireshark that are addressed to the broadcast address on your network and are shown to be from the web server. The web server is not sending this traffic, so it is being spoofed. What type of attack is the network experiencing?
- A.
Land
- B.
SYN
- C.
Smurf
- D.
Chargen
Correct Answer
C. SmurfExplanation
The network is experiencing a Smurf attack. In a Smurf attack, the attacker spoofs the IP address of the victim and sends a large number of ICMP echo requests (ping) to the broadcast address of a network. This causes all devices on the network to respond to the victim's IP address, overwhelming it with traffic and causing a denial of service. In this case, the packets intercepted by Wireshark are addressed to the broadcast address and appear to be from the web server, indicating that the traffic is being spoofed and the network is under a Smurf attack.Rate this question:
-
- 24.
What does the following command in Ettercap do?ettercap -T -q -F cd.ef -M ARP /192.168.13.100
- A.
This command scans for NIC's in promiscuous mode
- B.
The command will detach Ettercap from the console and log all sniffed password
- C.
This command tells Ettercap to do a text mode man-in-the-middle attack
- D.
This command will check to see if someone else is performing ARP poisoning
Correct Answer
C. This command tells Ettercap to do a text mode man-in-the-middle attackExplanation
The given command "ettercap -T -q -F cd.ef -M ARP /192.168.13.100" tells Ettercap to perform a text mode man-in-the-middle attack. The "-T" flag specifies text mode, "-q" flag makes the output quiet, "-F cd.ef" specifies the filter file to use, "-M ARP" sets the ARP poisoning method, and "/192.168.13.100" specifies the target IP address. This combination of flags and parameters indicates that the command is configuring Ettercap to intercept and manipulate network traffic in a man-in-the-middle attack in text mode.Rate this question:
-
- 25.
This form of active sniffing is characterized by a large number of packets with bogus MAC addresses.
- A.
MAC flooding
- B.
Passive sniffing
- C.
Active sniffing
- D.
ARP poisoning
Correct Answer
A. MAC floodingExplanation
MAC flooding is a form of active sniffing where a large number of packets with fake or bogus MAC addresses are sent to a switch. This overwhelms the switch's MAC address table, causing it to enter a fail-open mode where it broadcasts all incoming packets to all ports. This allows the attacker to intercept and sniff network traffic, potentially gaining unauthorized access to sensitive information.Rate this question:
-
- 26.
Which DDoS tool uses TCP port 6667?
- A.
Trinity
- B.
DDOSPing
- C.
Trinoo
- D.
Shaft
Correct Answer
A. TrinityExplanation
Trinity is the correct answer because it is a DDoS tool that uses TCP port 6667. The other options, DDOSPing, Trinoo, and Shaft, do not specifically use TCP port 6667 for their DDoS attacks.Rate this question:
-
- 27.
Which of the following is a tool used to find DDoS programs?
- A.
DDOSPing
- B.
Shaft
- C.
Trinoo
- D.
MStream
Correct Answer
A. DDOSPingExplanation
DDOSPing is a tool used to find DDoS programs. It is specifically designed to test the vulnerability of a network or website to distributed denial of service (DDoS) attacks. By simulating a DDoS attack, DDOSPing can help identify weaknesses in the network's defenses and assist in developing appropriate countermeasures. This tool is commonly used by network administrators and security professionals to proactively protect their systems from potential DDoS attacks.Rate this question:
-
- 28.
Which of the following is not a DoS program?
- A.
Land
- B.
Smurf
- C.
Stacheldraht
- D.
Fraggle
Correct Answer
C. StacheldrahtExplanation
Stacheldraht is not a DoS program because it is actually a type of DDoS (Distributed Denial of Service) tool. Unlike traditional DoS programs that are run from a single source, Stacheldraht allows multiple attackers to coordinate their efforts and launch a DDoS attack on a target. This tool was popular in the late 1990s and early 2000s and was known for its ability to amplify the impact of an attack by using multiple sources to overwhelm a target's resources.Rate this question:
-
- 29.
Why is SYN flood attack detectable?
- A.
A large number of SYN packets will appear on the network without the corresponding reply
- B.
A large number of ACK packets will appear on the network without the corresponding reply
- C.
A large number of SYN ACK packets will appear on the network with-out the corresponding reply
- D.
The source and destination port of all the packets will be the same
Correct Answer
A. A large number of SYN packets will appear on the network without the corresponding replyExplanation
A SYN flood attack is detectable because it involves a large number of SYN packets being sent to a target server without receiving the corresponding reply. This creates an imbalance in the network traffic, as the server becomes overwhelmed with incoming SYN packets and is unable to establish legitimate connections. Network monitoring tools can detect this abnormal behavior by analyzing the packet flow and identifying the high volume of SYN packets without proper responses.Rate this question:
-
- 30.
When would an attacker ant to perform a session hijack?
- A.
Before authentication
- B.
Right before the four-step shutdown
- C.
After authentication
- D.
At the point that the three-step handshake completes
Correct Answer
C. After authenticationExplanation
An attacker would want to perform a session hijack after authentication because at this point, the user's session has been established and they have access to the system. By hijacking the session, the attacker can gain unauthorized access to the user's account and potentially perform malicious activities without being detected.Rate this question:
-
- 31.
Which one do you like?
- A.
Option 1
- B.
Option 2
- C.
Option 3
- D.
Option 4
Correct Answer
A. Option 1 -
Quiz Review Timeline +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Mar 21, 2023Quiz Edited by
ProProfs Editorial Team -
Dec 14, 2017Quiz Created by
Reggie21225
PowerShell Commands Quiz: Test Your Command Prompt Knowledge
PowerShell Commands Quiz: Test Your Command Prompt Knowledge
Pascal Programming Quiz: Test Your Basic Programming Knowledge
Pascal Programming Quiz: Test Your Basic Programming Knowledge
- Binary Code Quizzes
- Computer Concept Quizzes
- Computer Essential Quizzes
- Computer Forensics Quizzes
- Computer Hardware Quizzes
- Computer Networking Quizzes
- Computer Parts Quizzes
- Computer Programming Quizzes
- Computer Science Quizzes
- Computer Security Quizzes
- Computer Shortcut Key Quizzes
- Computer Skills Quizzes
- Computer Virus Quizzes
- Cyber Security Quizzes
- Data Quizzes
- Data Security Quizzes
- Hacking Quizzes
- HCI Quizzes
- Internet Quizzes
- IT SecurITy Quizzes
- Malware Quizzes
- Microprocessor Quizzes
- Network Quizzes
- Operating System Quizzes
- Phishing Quizzes
- Programming Language Quizzes
- Server Quizzes
Back to top