Network Programming Quiz Questions

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Reggie21225
R
Reggie21225
Community Contributor
Quizzes Created: 1 | Total Attempts: 551
Questions: 31 | Attempts: 551

SettingsSettingsSettings
Network Programming Quiz Questions - Quiz

.


Questions and Answers
  • 1. 

    You have just completed a scan of your servers, and you found port 31337 open. Which of the following programs uses that port by default? 

    • A.

      NetBus

    • B.

      Back Orifice

    • C.

      Option 3

    • D.

      Donald Dick

    Correct Answer
    B. Back Orifice
    Explanation
    Back Orifice is a remote administration tool that allows unauthorized access to a computer system. It is known for using port 31337 as its default port. Therefore, if port 31337 is open on the server, it suggests that Back Orifice may be running on the system. NetBus is another remote administration tool but it uses a different default port. Option 3 and Donald Dick are not relevant to the given question.

    Rate this question:

  • 2. 

    Which of the following programs can be used for port redirection? 

    • A.

      Loki

    • B.

      Recub

    • C.

      Girlfriend

    • D.

      FPipe

    Correct Answer
    D. FPipe
    Explanation
    FPipe is a program that can be used for port redirection. Port redirection involves redirecting network traffic from one port to another, allowing for the rerouting of incoming connections. FPipe is a versatile tool that enables users to redirect TCP/IP or UDP/IP data streams between ports on different machines. It can be used for various purposes, such as load balancing, network testing, and troubleshooting.

    Rate this question:

  • 3. 

    Which of the following best describes a covert communications? A program that appears desirable, but actually contains something harmful    

    • A.

      A program that appears desirable, but actually contains something harmful

    • B.

      A way of getting into a guarded system without using the required password

    • C.

      A program or algorithm that replicates itself over a computer network and usually performs malicious actions

    • D.

      Sending and receiving unauthorized information or data by using a protocol, service, or server to transmit info in a way in which it was not intended to be used

    Correct Answer
    D. Sending and receiving unauthorized information or data by using a protocol, service, or server to transmit info in a way in which it was not intended to be used
    Explanation
    Covert communications refer to the act of sending and receiving unauthorized information or data by using a protocol, service, or server to transmit information in a way that it was not intended to be used. This means that individuals are secretly exchanging information in a manner that is not allowed or expected by the system or network. It involves bypassing security measures or exploiting vulnerabilities to engage in unauthorized communication.

    Rate this question:

  • 4. 

    Which of the following best describes Netcat? 

    • A.

      Netcat is a more powerful version of Snort and can be used for network monitoring and data acquisition. This program enables you to dump the traffic on a network. It can also be used to print out the headers of packets on a network interface that matches a given expression.

    • B.

      Netcat is called the TCP/IP Swiss army knife. It works with Windows and Linux and can read and write data across network connections using TCP or UDP.

    • C.

      Netcat is called the TCP/IP Swiss army knife. It is a simple Linux-only utility that reads and writes data across network connections using TCP or UDP.

    • D.

      Netcat is called the TCP/IP Swiss army knife. It is a simple windows only utility that reads and writes data across network connections using TCP or UDP.

    Correct Answer
    B. Netcat is called the TCP/IP Swiss army knife. It works with Windows and Linux and can read and write data across network connections using TCP or UDP.
    Explanation
    Netcat is a versatile tool that is often referred to as the TCP/IP Swiss army knife. It is compatible with both Windows and Linux operating systems. Netcat allows users to read and write data across network connections using either TCP or UDP protocols. This makes it a powerful tool for network monitoring and data acquisition. It can also be used to dump traffic on a network and print out packet headers that match a specific expression.

    Rate this question:

  • 5. 

    One of your user’s Windows computers has been running slowly and performing erratically. After looking it over, you find a suspicious-looking file named watching.dll. Which of the following programs uses that file? 

    • A.

      SubSeven

    • B.

        Donald Dick      

    • C.

      Loki

    • D.

      NetBus

    Correct Answer
    A. SubSeven
    Explanation
    The correct answer is SubSeven. SubSeven is a remote administration tool (RAT) that is often used by hackers to gain unauthorized access to a computer. The suspicious-looking file named watching.dll is likely associated with SubSeven, indicating that the computer may have been compromised by a hacker using this program.

    Rate this question:

  • 6. 

    Jane has noticed that her system is running strangely. However, even when she ran Netstat, everything looked fine. What should she do next? 

    • A.

      Restore from a recent backup

    • B.

      Remove any entries from the Windows startup folder

    • C.

      Use a third party tool with a verified fingerprint

    • D.

      Install patch.exe

    Correct Answer
    C. Use a third party tool with a verified fingerprint
    Explanation
    Jane should use a third party tool with a verified fingerprint next. This means she should use a tool that has been authenticated and deemed trustworthy by a reliable source. This can help her identify any potential threats or issues that may not have been detected by Netstat.

    Rate this question:

  • 7. 

    You overheard a co-worker who is upset about not getting a promotion threaten to load FakeGina on to the boss’s computer. What does FakeGina do? 

    • A.

      It captures all keystrokes entered after the system starts up

    • B.

      It captues login usernames and password that are entered at system startup

    • C.

      It is a hardware keystroke capture program

    • D.

      It's a password trojan that emails password and usernames to a predetermined email address

    Correct Answer
    B. It captues login usernames and password that are entered at system startup
    Explanation
    FakeGina captures login usernames and passwords that are entered at system startup. This means that if the co-worker loads FakeGina onto the boss's computer, it will record any login credentials that the boss enters when logging into the system. This can pose a serious security threat as the co-worker may use the captured information for unauthorized access or malicious purposes. It is important to prevent the installation of such programs to protect sensitive information and maintain the security of the system.

    Rate this question:

  • 8. 

    Which covert communication program has the capability to bypass router ACLs that block incoming SYN traffic on port 80? 

    • A.

      Firekiller 2000

    • B.

      ACKCMD

    • C.

      Stealth Tools

    • D.

      Loki

    Correct Answer
    B. ACKCMD
    Explanation
    ACKCMD is the covert communication program that has the capability to bypass router ACLs that block incoming SYN traffic on port 80. This program likely uses the ACK flag in TCP packets to establish a connection, rather than the SYN flag which is typically blocked by router ACLs. By using this technique, ACKCMD can successfully bypass the ACLs and establish communication on port 80.

    Rate this question:

  • 9. 

    What does the command nc –n –v –l -p 25 accomplish? 

    • A.

      Forwards email on the remote server to the hacker's computer on port 25

    • B.

      Opens up a netcat listener on the local computer on port 25

    • C.

      Allows the hacker to use a victim's mail server to send spam

    • D.

      Blocks all incoming traffic on port 25

    Correct Answer
    B. Opens up a netcat listener on the local computer on port 25
    Explanation
    The command "nc -n -v -l -p 25" opens up a netcat listener on the local computer on port 25. Netcat is a versatile networking tool that can be used for various purposes, such as port scanning, file transfer, and network debugging. In this case, the command is specifically used to create a listener on port 25, which is the default port for SMTP (Simple Mail Transfer Protocol) used for email communication. By opening this listener, the computer can receive incoming connections and data on port 25.

    Rate this question:

  • 10. 

    What is Datapipe used for? 

    • A.

      It is a virus

    • B.

      It is similar to Netstat and can report running processes and ports

    • C.

      It is a remote-control Trojan

    • D.

      It is a redirector. Remediation link - Cover communications

    Correct Answer
    D. It is a redirector. Remediation link - Cover communications
    Explanation
    Datapipe is used as a redirector, meaning it redirects network traffic from one location to another. It does not have any malicious intent like a virus or a remote-control Trojan. It is also not similar to Netstat, which is a command-line tool used for monitoring network connections. The reference to "Cover communications" in the remediation link suggests that Datapipe may be used to obfuscate or hide communication channels.

    Rate this question:

  • 11. 

    How can a Linux user list which processes are running if he suspects something has been loaded that is not approved?

    • A.

      Ps

    • B.

      Echo

    • C.

      Ls

    • D.

      Netstat

    Correct Answer
    A. Ps
    Explanation
    The correct answer is "ps". The "ps" command in Linux is used to list the currently running processes on a system. By running "ps", a Linux user can see a list of all processes running on their system and identify any suspicious or unauthorized processes that may have been loaded. This can help in identifying and investigating any potential security threats or unauthorized activities on the system.

    Rate this question:

  • 12. 

    You have been hired by Bob’s Burgers to scan its network for vulnerabilities. They would like you to perform a system-level scan. Which of the following programs should you use?

    • A.

      N-Stealth

    • B.

      SARA

    • C.

      Flawfinder

    • D.

      Whisker

    Correct Answer
    B. SARA
    Explanation
    SARA is the most suitable program for performing a system-level scan. SARA stands for Security Auditor's Research Assistant and it is designed specifically for network vulnerability assessment. It scans the network and identifies potential vulnerabilities in the system. N-Stealth is a web server security assessment tool, Flawfinder is a static analysis tool for C/C++ code, and Whisker is a web application vulnerability scanner. While these tools may be useful for specific purposes, SARA is the best choice for a system-level scan.

    Rate this question:

  • 13. 

    You have been able to get a Terminal window open on a remote Linux host. You now need to use a command-line web browser to download a privilege-escalation tool. Which of the following will work?

    • A.

      TFTP

    • B.

      Lynx

    • C.

      Explorer

    • D.

      Firefox

    Correct Answer
    B. Lynx
    Explanation
    Lynx is a command-line web browser that can be used to download files from the internet. Since you need to download a privilege-escalation tool, Lynx is the most suitable option among the given choices. TFTP is a file transfer protocol, not a web browser. Explorer and Firefox are graphical web browsers and cannot be used in a Terminal window.

    Rate this question:

  • 14. 

    Which of the following will allow you to set the user to full access, the group to read-only, and all others to no access?

    • A.

      Chmod 777

    • B.

      Chroot 740

    • C.

      Chroot 777

    • D.

      Chmod 740

    Correct Answer
    D. Chmod 740
    Explanation
    The correct answer is "chmod 740". The chmod command is used to change the permissions of a file or directory. In this case, the numbers represent the permissions for the user, group, and others respectively. The number 7 gives full access, 4 gives read-only access, and 0 gives no access. Therefore, "chmod 740" will set the user to full access (7), the group to read-only (4), and all others to no access (0).

    Rate this question:

  • 15. 

    While hacking away at your roommate’s Linux computer, you accessed his passwd file. Here is what you found.       root :x: 0 : 0 : root: /root : /bin/bash     bin : x : 1 : 1 : bin : /bin :     daemon : x : 2 : 2 : daemon : /sbin : Where is the root password?

    • A.

      No password has been set

    • B.

      The password has been shadowed

    • C.

      The password is not visible because you are not logged in as root

    • D.

      The password is not in this file; it is in the SAM

    Correct Answer
    B. The password has been shadowed
    Explanation
    The correct answer is "The password has been shadowed". In Linux, the password file (/etc/passwd) stores user account information, including the username, user ID, group ID, home directory, and shell. However, it does not store the actual passwords. Instead, the passwords are stored in a separate file called the shadow file (/etc/shadow), which is only accessible by the root user. The shadow file contains encrypted passwords and other security-related information. By finding the password file but not seeing the actual password, it indicates that the password has been shadowed.

    Rate this question:

  • 16. 

    Your team lead has asked you to make absolute changes to a file’s permissions. Which of the following would be correct?

    • A.

      Chroot a+rwx

    • B.

      Chroot 320

    • C.

      Chmod a+rwx

    • D.

      Chmod 320

    Correct Answer
    D. Chmod 320
    Explanation
    The correct answer is "chmod 320". The "chmod" command is used to change the permissions of a file or directory. In this case, the "320" argument specifies the new permissions for the file. The number "3" represents the owner's permissions, "2" represents the group's permissions, and "0" represents the permissions for others. The "2" in "320" indicates that the group will have write permissions, while the owner and others will have no permissions.

    Rate this question:

  • 17. 

    Which of the following is not a valid Linux user group?

    • A.

      Guests

    • B.

      Normal Users

    • C.

      System Users

    • D.

      Super Users

    Correct Answer
    A. Guests
    Explanation
    The given options consist of different types of Linux user groups. Guests is not a valid Linux user group because it is not a commonly recognized type of user group in Linux systems. The other options, Normal Users, System Users, and Super Users, are valid and commonly used user groups in Linux.

    Rate this question:

  • 18. 

    You have been exploring the files and directory structure of the new Linux server. What are the entries of the /etc/hosts file made up of?

    • A.

      The IP addres, the subnet mask, and the default gateway

    • B.

      The IP address, the hostname, and any alias

    • C.

      The IP address and status of approved or denied addresses

    • D.

      The IP address, the mask, and the deny or allow statement

    Correct Answer
    B. The IP address, the hostname, and any alias
    Explanation
    The /etc/hosts file in Linux contains entries that associate IP addresses with hostnames and aliases. It does not include subnet masks, default gateways, status of approved or denied addresses, or deny/allow statements. This file is used for local hostname resolution before querying DNS servers.

    Rate this question:

  • 19. 

    At the prompt of your Linux server, you enter cat /etc/passwd. In the following output line, what is the function of 100?chubs : 2cX1eDm8cFiJYc : 500 : 100 : chubs Lex : /home/chubs/bin/bash

    • A.

      A binary value

    • B.

      The 100th users created

    • C.

      The user ID

    • D.

      The group ID

    Correct Answer
    D. The group ID
    Explanation
    In the output line, "100" represents the group ID. In Linux, each user is assigned a unique user ID (UID) and a group ID (GID). The group ID is used to determine the group that the user belongs to. It helps in managing file and directory permissions, as well as in controlling access to resources on the system.

    Rate this question:

  • 20. 

    Where will an attacker find the system password file in a Linux machine that is restricted to root and contains encrypted passwords?

    • A.

      /etc/hosts

    • B.

      /etc/passwd

    • C.

      /etc/inetd.conf

    • D.

      /etc/shadow

    Correct Answer
    D. /etc/shadow
    Explanation
    The system password file in a Linux machine, which contains encrypted passwords, can be found in the /etc/shadow directory. This directory is restricted to the root user, making it difficult for attackers to access the encrypted passwords. The /etc/hosts file contains IP address to hostname mappings, the /etc/passwd file contains user account information, and the /etc/inetd.conf file contains configuration settings for internet services, but none of these files store the encrypted passwords.

    Rate this question:

  • 21. 

    How many steps are in the ARP process?

    • A.

      2

    • B.

      1

    • C.

      4

    • D.

      3

    Correct Answer
    A. 2
    Explanation
    The ARP (Address Resolution Protocol) process involves two steps. The first step is the ARP request, where a device sends a broadcast message to the network asking for the MAC address of a specific IP address. The second step is the ARP reply, where the device with the corresponding IP address sends its MAC address back to the requesting device. Therefore, there are two steps in the ARP process.

    Rate this question:

  • 22. 

    One of the members of your red team would like to run Dsniff on a span of the network that is composed of hubs. Which of the following type best describes this attack? 

    • A.

      Passive Sniffing

    • B.

      MAC Flooding

    • C.

      ARP Poisoning

    • D.

      Active Sniffing

    Correct Answer
    A. Passive Sniffing
    Explanation
    Passive Sniffing is the best type to describe this attack because Dsniff is a passive network monitoring tool that captures and analyzes network traffic. It does not actively send any packets or modify network settings. Since the network is composed of hubs, which are less secure than switches, Dsniff can easily capture and analyze all the network traffic passing through the hub without being detected. Therefore, the attacker can passively sniff and gather information without actively interfering with the network.

    Rate this question:

  • 23. 

    You have been able to intercept many packets with Wireshark that are addressed to the broadcast address on your network and are shown to be from the web server. The web server is not sending this traffic, so it is being spoofed. What type of attack is the network experiencing?

    • A.

      Land

    • B.

      SYN

    • C.

      Smurf

    • D.

      Chargen

    Correct Answer
    C. Smurf
    Explanation
    The network is experiencing a Smurf attack. In a Smurf attack, the attacker spoofs the IP address of the victim and sends a large number of ICMP echo requests (ping) to the broadcast address of a network. This causes all devices on the network to respond to the victim's IP address, overwhelming it with traffic and causing a denial of service. In this case, the packets intercepted by Wireshark are addressed to the broadcast address and appear to be from the web server, indicating that the traffic is being spoofed and the network is under a Smurf attack.

    Rate this question:

  • 24. 

    What does the following command in Ettercap do?ettercap -T -q -F cd.ef -M ARP /192.168.13.100

    • A.

      This command scans for NIC's in promiscuous mode

    • B.

      The command will detach Ettercap from the console and log all sniffed password

    • C.

      This command tells Ettercap to do a text mode man-in-the-middle attack

    • D.

      This command will check to see if someone else is performing ARP poisoning

    Correct Answer
    C. This command tells Ettercap to do a text mode man-in-the-middle attack
    Explanation
    The given command "ettercap -T -q -F cd.ef -M ARP /192.168.13.100" tells Ettercap to perform a text mode man-in-the-middle attack. The "-T" flag specifies text mode, "-q" flag makes the output quiet, "-F cd.ef" specifies the filter file to use, "-M ARP" sets the ARP poisoning method, and "/192.168.13.100" specifies the target IP address. This combination of flags and parameters indicates that the command is configuring Ettercap to intercept and manipulate network traffic in a man-in-the-middle attack in text mode.

    Rate this question:

  • 25. 

    This form of active sniffing is characterized by a large number of packets with bogus MAC addresses.

    • A.

      MAC flooding

    • B.

      Passive sniffing

    • C.

      Active sniffing

    • D.

      ARP poisoning

    Correct Answer
    A. MAC flooding
    Explanation
    MAC flooding is a form of active sniffing where a large number of packets with fake or bogus MAC addresses are sent to a switch. This overwhelms the switch's MAC address table, causing it to enter a fail-open mode where it broadcasts all incoming packets to all ports. This allows the attacker to intercept and sniff network traffic, potentially gaining unauthorized access to sensitive information.

    Rate this question:

  • 26. 

    Which DDoS tool uses TCP port 6667?

    • A.

      Trinity

    • B.

      DDOSPing

    • C.

      Trinoo

    • D.

      Shaft

    Correct Answer
    A. Trinity
    Explanation
    Trinity is the correct answer because it is a DDoS tool that uses TCP port 6667. The other options, DDOSPing, Trinoo, and Shaft, do not specifically use TCP port 6667 for their DDoS attacks.

    Rate this question:

  • 27. 

    Which of the following is a tool used to find DDoS programs?

    • A.

      DDOSPing

    • B.

      Shaft

    • C.

      Trinoo

    • D.

      MStream

    Correct Answer
    A. DDOSPing
    Explanation
    DDOSPing is a tool used to find DDoS programs. It is specifically designed to test the vulnerability of a network or website to distributed denial of service (DDoS) attacks. By simulating a DDoS attack, DDOSPing can help identify weaknesses in the network's defenses and assist in developing appropriate countermeasures. This tool is commonly used by network administrators and security professionals to proactively protect their systems from potential DDoS attacks.

    Rate this question:

  • 28. 

    Which of the following is not a DoS program?

    • A.

      Land

    • B.

      Smurf

    • C.

      Stacheldraht

    • D.

      Fraggle

    Correct Answer
    C. Stacheldraht
    Explanation
    Stacheldraht is not a DoS program because it is actually a type of DDoS (Distributed Denial of Service) tool. Unlike traditional DoS programs that are run from a single source, Stacheldraht allows multiple attackers to coordinate their efforts and launch a DDoS attack on a target. This tool was popular in the late 1990s and early 2000s and was known for its ability to amplify the impact of an attack by using multiple sources to overwhelm a target's resources.

    Rate this question:

  • 29. 

    Why is SYN flood attack detectable?

    • A.

      A large number of SYN packets will appear on the network without the corresponding reply

    • B.

      A large number of ACK packets will appear on the network without the corresponding reply

    • C.

      A large number of SYN ACK packets will appear on the network with-out the corresponding reply

    • D.

      The source and destination port of all the packets will be the same

    Correct Answer
    A. A large number of SYN packets will appear on the network without the corresponding reply
    Explanation
    A SYN flood attack is detectable because it involves a large number of SYN packets being sent to a target server without receiving the corresponding reply. This creates an imbalance in the network traffic, as the server becomes overwhelmed with incoming SYN packets and is unable to establish legitimate connections. Network monitoring tools can detect this abnormal behavior by analyzing the packet flow and identifying the high volume of SYN packets without proper responses.

    Rate this question:

  • 30. 

    When would an attacker ant to perform a session hijack?

    • A.

      Before authentication

    • B.

      Right before the four-step shutdown

    • C.

      After authentication

    • D.

      At the point that the three-step handshake completes

    Correct Answer
    C. After authentication
    Explanation
    An attacker would want to perform a session hijack after authentication because at this point, the user's session has been established and they have access to the system. By hijacking the session, the attacker can gain unauthorized access to the user's account and potentially perform malicious activities without being detected.

    Rate this question:

  • 31. 

    Which one do you like?

    • A.

      Option 1

    • B.

      Option 2

    • C.

      Option 3

    • D.

      Option 4

    Correct Answer
    A. Option 1
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.