Ethicalquiz

Approved & Edited by ProProfs Editorial Team
The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.
Learn about Our Editorial Process
| By Terry519vx
T
Terry519vx
Community Contributor
Quizzes Created: 2 | Total Attempts: 1,855
Questions: 147 | Attempts: 1,156

SettingsSettingsSettings
Ethicalquiz - Quiz

.


Questions and Answers
  • 1. 

    What is the length of the IPv6 datagram header? 

    • A.

      10 bytes

    • B.

      25 bytes

    • C.

      30 bytes

    • D.

      40 bytes

    Correct Answer
    D. 40 bytes
    Explanation
    The length of the IPv6 datagram header is 40 bytes. The IPv6 header consists of several fields such as the source and destination addresses, traffic class, flow label, payload length, next header, hop limit, and others. These fields collectively occupy a total of 40 bytes in the header.

    Rate this question:

  • 2. 

    In the IPv6 header, the traffic class field is similar to which field in the IPv4 header? 

    • A.

      Fragmentation field

    • B.

      Fast switching

    • C.

      TOS field

    • D.

      Option field

    Correct Answer
    C. TOS field
    Explanation
    In the IPv6 header, the traffic class field is similar to the TOS (Type of Service) field in the IPv4 header. Both fields are used to prioritize and classify different types of network traffic. They allow network administrators to define the quality of service and handling requirements for packets, such as prioritizing real-time traffic or giving higher priority to certain applications. The traffic class field in IPv6 serves a similar purpose as the TOS field in IPv4, providing a way to differentiate and prioritize traffic in the network.

    Rate this question:

  • 3. 

    Which of the following features are present in IPv4 header but not in IPv6 header? [Select the BEST answer] 

    • A.

      Fragmentation

    • B.

      Header checksum

    • C.

      Options

    • D.

      All of the above

    Correct Answer
    D. All of the above
    Explanation
    The correct answer is "All of the above". In IPv4, fragmentation, header checksum, and options are all present in the header. However, in IPv6, these features are not included in the header. Fragmentation is not supported in IPv6, as it is the responsibility of the sending host to ensure that packets do not exceed the maximum transmission unit. The header checksum is also not necessary in IPv6 due to the use of a different error detection mechanism. Lastly, options are not included in the IPv6 header to simplify and streamline the protocol.

    Rate this question:

  • 4. 

    Which statement is the MOST accurate regarding firewalls?

    • A.

      They route traffic based upon inspecting packets.

    • B.

      They filter traffic based upon inspecting packets.

    • C.

      They switch packets based upon inspecting packets.

    • D.

      They forward packets to the Internet based upon inspecting packets.

    Correct Answer
    B. They filter traffic based upon inspecting packets.
    Explanation
    Firewalls are network security devices that monitor and control incoming and outgoing network traffic. They act as a barrier between a trusted internal network and an untrusted external network, such as the Internet. The most accurate statement regarding firewalls is that they filter traffic based upon inspecting packets. Firewalls examine the packets of data that are being transmitted and apply predefined rules to determine whether to allow or block the traffic. By filtering and inspecting packets, firewalls can enforce security policies and protect the network from unauthorized access or malicious activities.

    Rate this question:

  • 5. 

    Which of the following are private IP addresses that can be assigned to a host? [Select all that apply] 

    • A.

      12.17.1.45

    • B.

      10.255.255.254

    • C.

      172.15.255.248

    • D.

      192.168.1.5

    Correct Answer(s)
    B. 10.255.255.254
    D. 192.168.1.5
    Explanation
    Private IP addresses are used for internal networks and cannot be routed on the public internet. The addresses 10.255.255.254 and 192.168.1.5 are both within the ranges specified for private IP addresses. The address 12.17.1.45 is a public IP address and not a private one. The address 172.15.255.248 is also a public IP address and not a private one.

    Rate this question:

  • 6. 

    Which of the following are valid types of IPv6 address? [Select all that apply]

    • A.

      Global unicast

    • B.

      Unique local

    • C.

      Multicast

    • D.

      Broadcast

    Correct Answer(s)
    A. Global unicast
    B. Unique local
    C. Multicast
    Explanation
    Global unicast, unique local, and multicast are all valid types of IPv6 addresses. Global unicast addresses are used for communication over the internet and are globally unique. Unique local addresses are used for communication within a specific organization or network and are not globally routable. Multicast addresses are used for one-to-many communication, where a single packet is sent to multiple recipients. Broadcast addresses, on the other hand, are not valid in IPv6 as multicast addresses are used instead.

    Rate this question:

  • 7. 

    MAC spoofing applies a legitimate MAC address to an unauthenticated host, which allows the attacker to pose as a valid user. Based on your understanding of ARP, what would indicate a bogus client? 

    • A.

      The MAC address doesn’t map to a manufacturer.

    • B.

      The MAC address is two digits too long.

    • C.

      A reverse ARP request maps to two hosts.

    • D.

      The host is receiving its own traffic.

    Correct Answer
    C. A reverse ARP request maps to two hosts.
    Explanation
    A reverse ARP request maps to two hosts. Reverse ARP (RARP) is a protocol used to discover the IP address of a device based on its MAC address. In a normal scenario, a RARP request should map a single MAC address to a single IP address. If a RARP request maps to two hosts, it indicates a bogus client because it suggests that there are multiple devices claiming the same MAC address, which is not possible in a legitimate network. This could be a sign of MAC spoofing or other malicious activities.

    Rate this question:

  • 8. 

    ARP poisoning alters ARP table mappings to align all traffic to the attacker’s interface before traveling to the proper destination. What does this allow to an attacker? [Select two] 

    • A.

      Capture all traffic on the network

    • B.

      Entice the victim to open or activate the payload

    • C.

      Install software to perform any function

    • D.

      Jumping-off point for future attacks

    Correct Answer(s)
    A. Capture all traffic on the network
    D. Jumping-off point for future attacks
    Explanation
    ARP poisoning allows an attacker to capture all traffic on the network by redirecting it to their interface. This enables the attacker to intercept and analyze sensitive information such as passwords, usernames, and other data transmitted over the network. Additionally, ARP poisoning provides a jumping-off point for future attacks, as the attacker can use the compromised network position to launch further exploits or gain unauthorized access to other systems on the network.

    Rate this question:

  • 9. 

    There are some programs that can be used to provide unexpected or random inputs to computer programs. This is referred to as:

    • A.

      Fuzzing

    • B.

      Penetration test

    • C.

      MAC Spoofing

    • D.

      Port Mirroring

    Correct Answer
    A. Fuzzing
    Explanation
    Fuzzing refers to the practice of providing unexpected or random inputs to computer programs. It is a technique used to uncover vulnerabilities or bugs in software by bombarding it with invalid, unexpected, or random data. Fuzzing can help identify security flaws and improve the overall reliability and robustness of computer programs.

    Rate this question:

  • 10. 

    Host 1 is trying to communicate with Host 2. The e0 interface on Router C is down. Which of the following are true? [Select two]

    • A.

      Router C will use ICMP to inform Host 1 that Host 2 cannot be reached.

    • B.

      Router C will use ICMP to inform Host 1, Router A, and Router B that Host 2 cannot be reached

    • C.

      Router C will use ICMP to inform Router B that Host 2 cannot be reached

    • D.

      Router C will send a Destination Unreachable message type

    Correct Answer(s)
    A. Router C will use ICMP to inform Host 1 that Host 2 cannot be reached.
    D. Router C will send a Destination Unreachable message type
    Explanation
    When the e0 interface on Router C is down, Router C will use ICMP (Internet Control Message Protocol) to inform Host 1 that Host 2 cannot be reached. This is because ICMP is a network protocol used to send error messages and operational information indicating the unavailability of a destination host. Additionally, Router C will send a Destination Unreachable message type to indicate that the desired destination cannot be reached. However, it will not inform Router A or Router B about this unreachability.

    Rate this question:

  • 11. 

    Which statement describes how public/private key pair is used to protect confidentiality when using asymmetric encryption? 

    • A.

      The sender encrypts the data using the sender's private key, and the receiver decrypts the data using the sender's public key.

    • B.

      The sender encrypts the data using the sender's public key, and the receiver decrypts the data using the sender's private key.

    • C.

      The sender encrypts the data using the receiver's public key, and the receiver decrypts the data using the receiver's private key.

    • D.

      The sender encrypts the data using the receiver's private key, and the receiver decrypts the data using the sender's public key.

    Correct Answer
    C. The sender encrypts the data using the receiver's public key, and the receiver decrypts the data using the receiver's private key.
    Explanation
    The correct answer is the sender encrypts the data using the receiver's public key, and the receiver decrypts the data using the receiver's private key. In asymmetric encryption, the public key is used for encryption and the private key is used for decryption. The receiver's public key is used to encrypt the data, ensuring that only the receiver with the corresponding private key can decrypt it. This provides confidentiality as only the intended receiver can access the decrypted data.

    Rate this question:

  • 12. 

    SSIDs serve many functions, but the primary goal is which of the following? 

    • A.

      Mask a network

    • B.

      Prioritize traffic

    • C.

      Identify clients to the network

    • D.

      Identify the network to clients or potential clients

    Correct Answer
    D. Identify the network to clients or potential clients
    Explanation
    SSIDs, or Service Set Identifiers, are used to identify and differentiate wireless networks. They are broadcasted by access points to allow clients to connect to the correct network. Therefore, the primary goal of SSIDs is to identify the network to clients or potential clients. This helps users in locating and connecting to the desired network among several available options.

    Rate this question:

  • 13. 

    Which device is typically used with software such as Wireshark to aid in wireless network traffic analysis? 

    • A.

      AirPcap

    • B.

      Honeypot

    • C.

      Access point

    • D.

      Router

    Correct Answer
    A. AirPcap
    Explanation
    AirPcap is a device that is typically used with software like Wireshark to aid in wireless network traffic analysis. It allows users to capture and analyze wireless network packets, providing detailed information about the network traffic. This device is specifically designed for wireless network monitoring and analysis, making it an ideal tool for professionals who need to analyze and troubleshoot wireless networks.

    Rate this question:

  • 14. 

    Because of its obvious rule-breaking nature, what scan method flagged by almost all intrusion prevention or intrusion detection systems?

    • A.

      SYN scan

    • B.

      FIN scan

    • C.

      Stealth scan

    • D.

      Christmas tree scan

    Correct Answer
    D. Christmas tree scan
    Explanation
    The Christmas tree scan is flagged by almost all intrusion prevention or intrusion detection systems because it involves setting multiple TCP flags in a packet, which goes against the normal behavior of TCP communication. This scan method is considered suspicious and potentially malicious because it attempts to exploit vulnerabilities in the target system by sending a packet with all possible TCP flags set to "on", resembling a lit-up Christmas tree.

    Rate this question:

  • 15. 

    The port numbers range from 0 to 65,535 and are split into three different groups. Registered ports are: 

    • A.

      0-1023

    • B.

      1024-49151

    • C.

      49152-65535

    • D.

      1024-2024

    Correct Answer
    B. 1024-49151
    Explanation
    The given answer, 1024-49151, correctly identifies the range of registered ports. In the TCP/IP protocol, port numbers are used to identify specific processes or services running on a device. The range 1024-49151 is reserved for registered ports, which are assigned by the Internet Assigned Numbers Authority (IANA) to specific services or applications. These ports are commonly used by various applications such as web browsing, email, file transfer, and more.

    Rate this question:

  • 16. 

    Which of the following is a denial-of-service attack against a Bluetooth device? 

    • A.

      Bluesmacking

    • B.

      Bluejacking

    • C.

      Bluesniffing

    • D.

      Bluescarfing

    Correct Answer
    A. Bluesmacking
    Explanation
    Bluesmacking is a denial-of-service attack against a Bluetooth device. This attack involves sending an excessive amount of Bluetooth ping packets to the target device, overwhelming its resources and causing it to crash or become unresponsive. This type of attack can disrupt the normal functioning of the Bluetooth device and prevent legitimate users from accessing it.

    Rate this question:

  • 17. 

    (Inherent risk) - (impact of risk controls) = ?

    • A.

      Residual risk

    • B.

      Accepted risk

    • C.

      Return On Investment (ROI)

    • D.

      Vulnerability

    Correct Answer
    A. Residual risk
    Explanation
    The equation (Inherent risk) - (impact of risk controls) = Residual risk suggests that the residual risk is the remaining level of risk after the impact of risk controls has been taken into account. In other words, it represents the risk that still exists despite the implementation of risk controls. Therefore, the correct answer is Residual risk.

    Rate this question:

  • 18. 

    In the context of the Microsoft Windows NT, which Security Identifier (SID) represents the administrator account?  

    • A.

      S-1-5- and end with -500

    • B.

      S-1-0-0

    • C.

      S-1-1-0

    • D.

      S-1-3-1

    Correct Answer
    A. S-1-5- and end with -500
    Explanation
    The correct answer is "S-1-5- and end with -500." In Microsoft Windows NT, the Security Identifier (SID) that represents the administrator account is a SID that starts with "S-1-5-" and ends with "-500." SIDs are unique identifiers assigned to user accounts and groups in Windows NT systems, and the SID ending with "-500" is specifically assigned to the built-in administrator account.

    Rate this question:

  • 19. 

    Vulnerability mapping occurs after which phase of a penetration test? 

    • A.

      Host scanning

    • B.

      Passive information gathering

    • C.

      Analysis of host scanning

    • D.

      Network level discovery

    Correct Answer
    C. Analysis of host scanning
    Explanation
    Vulnerability mapping occurs after the analysis of host scanning phase in a penetration test. Host scanning is the process of actively scanning the target network to identify live hosts and open ports. Once the host scanning is completed, the next step is to analyze the results of the scanning and identify any vulnerabilities present on the target hosts. This analysis helps in mapping out the vulnerabilities and weaknesses that can be exploited during the penetration test.

    Rate this question:

  • 20. 

    Bob is having no luck performing a penetration test on Retail Store's network. He is running the test from home and has downloaded every security scanner that he could lay his hands on. Despite knowing the IP range of all the systems, and the exact network configuration, Bob is unable to get any useful results. Why is Bob having these problems? 

    • A.

      Security scanners are not designed to scan through a firewall.

    • B.

      Security scanners cannot perform vulnerability mapping.

    • C.

      Security scanners are only as smart as their database and cannot find unpublished vulnerabilities.

    • D.

      All of the above.

    Correct Answer
    D. All of the above.
    Explanation
    Bob is having these problems because all of the given statements are true. Security scanners are not designed to scan through a firewall, so Bob's test from home is being blocked. Additionally, security scanners cannot perform vulnerability mapping, so even if Bob could get through the firewall, he would not be able to identify any vulnerabilities. Lastly, security scanners are limited by their database and cannot find unpublished vulnerabilities, so even if Bob could get through the firewall and perform vulnerability mapping, he would still not be able to identify all potential vulnerabilities. Therefore, all of these factors contribute to Bob's lack of useful results.

    Rate this question:

  • 21. 

    How would you describe an attacker’s attempts to deliver the payload over multiple packets for an extended period of time? [Select the best answer] 

    • A.

      Evasion

    • B.

      IP fragmentation

    • C.

      Session splicing

    • D.

      Session hijacking

    Correct Answer
    C. Session splicing
    Explanation
    Session splicing refers to an attacker's technique of delivering the payload over multiple packets for an extended period of time. In this method, the attacker splits the payload into smaller parts and sends them separately, making it difficult for security systems to detect and block the malicious activity. By using session splicing, the attacker can evade detection and deliver the payload without raising suspicion.

    Rate this question:

  • 22. 

    When discussing password attacks, what is considered a rubber hose attack?

    • A.

      You load a dictionary of words into your cracking program.

    • B.

      You create a rainbow table from a dictionary and compare it with hashed passwords

    • C.

      You attempt every single possibility until you exhaust all possible combinations or discover the password

    • D.

      You threaten someone with physical harm unless they reveal their password

    Correct Answer
    D. You threaten someone with pHysical harm unless they reveal their password
    Explanation
    A rubber hose attack refers to the act of physically threatening someone in order to obtain their password. This method involves using intimidation or violence to force the person to disclose their password, rather than relying on technical means such as cracking programs or rainbow tables.

    Rate this question:

  • 23. 

    Which of the following tactics is used in social engineering attacks? [Select all that apply]

    • A.

      Reciprocity

    • B.

      Social Validation

    • C.

      Accountability

    • D.

      Authority

    Correct Answer(s)
    A. Reciprocity
    B. Social Validation
    D. Authority
    Explanation
    Reciprocity, social validation, and authority are all tactics used in social engineering attacks. Reciprocity involves the attacker offering something to the target in order to gain their trust and compliance. Social validation manipulates the target by making them feel that their actions are approved or endorsed by others. Authority is used to exploit the target's tendency to comply with figures of authority. These tactics are commonly employed by social engineers to manipulate individuals into revealing sensitive information or performing actions that benefit the attacker.

    Rate this question:

  • 24. 

    Which of the following are functions of Arpwatch?

    • A.

      Keeping track of Ethernet/IP addressing pairing

    • B.

      Packet filtering

    • C.

      Encryption

    • D.

      DNS security

    Correct Answer
    A. Keeping track of Ethernet/IP addressing pairing
    Explanation
    Arpwatch is a tool used for monitoring Address Resolution Protocol (ARP) activity on a network. It keeps track of Ethernet/IP addressing pairing by monitoring and logging ARP activity, which includes tracking MAC addresses and their corresponding IP addresses. Arpwatch helps to detect and prevent ARP spoofing attacks and provides information about changes in the network's IP and MAC address mappings. It does not perform packet filtering, encryption, or DNS security.

    Rate this question:

  • 25. 

    Which type of attack is used to redirect users to an incorrect DNS server? [Select two] 

    • A.

      DNS DoS

    • B.

      DNS cache poisoning

    • C.

      DNS zone transfer

    • D.

      Pharming

    Correct Answer(s)
    B. DNS cache poisoning
    D. pHarming
    Explanation
    DNS cache poisoning and Pharming are both types of attacks that can redirect users to an incorrect DNS server. DNS cache poisoning involves corrupting the DNS cache of a server or network device, causing it to store incorrect information. When a user tries to access a website, they are redirected to a malicious website instead. Pharming, on the other hand, involves compromising the user's computer or network to modify their DNS settings, redirecting them to a fake website. Both attacks aim to deceive users and redirect them to incorrect DNS servers, leading to potential security risks and unauthorized access to sensitive information.

    Rate this question:

  • 26. 

    Sending a probe to the target system using a ping scan is a form of which type of reconnaissance? 

    • A.

      Active reconnaissance

    • B.

      Passive reconnaissance

    • C.

      Vulnerability scanning

    • D.

      OS fingerprinting

    Correct Answer
    A. Active reconnaissance
    Explanation
    Sending a probe to the target system using a ping scan is considered active reconnaissance because it involves actively probing and interacting with the target system to gather information. In this case, a ping scan is used to determine if the target system is online by sending ICMP echo requests and analyzing the responses. This type of reconnaissance is more aggressive and can potentially be detected by the target system's security measures.

    Rate this question:

  • 27. 

    Which of the following techniques could be used to test the strength of firewall rules? 

    • A.

      Send specifically crafted packets by manipulating TCP headers and flags

    • B.

      Perform a brute force attack

    • C.

      Perform a SQL injection attack

    • D.

      None of the above

    Correct Answer
    A. Send specifically crafted packets by manipulating TCP headers and flags
    Explanation
    The technique of sending specifically crafted packets by manipulating TCP headers and flags can be used to test the strength of firewall rules. By manipulating these packets, it is possible to simulate different types of attacks and see how the firewall responds to them. This allows for the identification of any weaknesses or vulnerabilities in the firewall's rule set and helps in improving its overall security.

    Rate this question:

  • 28. 

    Which of the following is an extended version of Nikto designed for Windows and is a tool that can examine web servers and probe for vulnerabilities? 

    • A.

      Wikto

    • B.

      N-stealth

    • C.

      WinPcap

    • D.

      Ncat

    Correct Answer
    A. Wikto
    Explanation
    Wikto is an extended version of Nikto that is specifically designed for Windows. It is a tool used for examining web servers and probing for vulnerabilities. It is an essential tool for security professionals and system administrators to identify and address potential weaknesses in web servers.

    Rate this question:

  • 29. 

    You’re using nmap to run port scans. Which of the following commands will attempt a half-open scan stealthily as possible? 

    • A.

      Nmap -sT 192.168.1.0/24 -T0

    • B.

      Nmap -sX 192.168.1.0/24 -T0

    • C.

      Nmap -sO 192.168.1.0/24 -T0

    • D.

      Nmap -sS 192.168.1.0/24 -T0

    Correct Answer
    D. Nmap -sS 192.168.1.0/24 -T0
    Explanation
    The correct answer is "nmap -sS 192.168.1.0/24 -T0". This command will use the -sS option to perform a SYN scan, which is a type of stealthy half-open scan. The -T0 option sets the timing template to the slowest possible, making the scan as stealthy as possible.

    Rate this question:

  • 30. 

    If you wanted an aggressive XMAS scan, perhaps the following might be to your liking:

    • A.

      Nmap 192.168.1.0/24 -sX T4

    • B.

      Nmap 192.168.1.0/24 -sX T3

    • C.

      Nmap 192.168.1.0/24 -X -T3

    • D.

      Nmap 192.168.1.0/24 -sX -A

    Correct Answer
    A. Nmap 192.168.1.0/24 -sX T4
    Explanation
    The given command "nmap 192.168.1.0/24 -sX T4" is the correct answer because it includes the "-sX" option, which specifies an XMAS scan. This type of scan is used to send specific TCP packets to a target host in order to determine the open ports. The "-T4" option sets the timing template to aggressive, which means the scan will be faster but may also be more likely to be detected. Therefore, this command performs an aggressive XMAS scan on the IP range 192.168.1.0/24.

    Rate this question:

  • 31. 

    A user wants to surf a web page on a server. The first segment leaving his machine has the SYN flag set, in order to set up a TCP communications channel over which he will receive the web page (HTML). When that segment leaves his machine, which of the following would be found in the port number in the Source Port field? 

    • A.

      25

    • B.

      80

    • C.

      1022

    • D.

      49153

    Correct Answer
    D. 49153
    Explanation
    The source port number in the TCP segment leaving the user's machine would be 49153. The source port number is a 16-bit field that identifies the port on the sending device from which the segment is being sent. In this case, the user's machine is initiating the communication by sending the SYN flag set segment, so the source port number will be randomly chosen from the range of available port numbers, which is typically from 49152 to 65535. Therefore, the correct answer is 49153.

    Rate this question:

  • 32. 

    You are attempting to identify active machines on a subnet. What is the process of sending ICMP Echo requests to all IP addresses in the range known as? 

    • A.

      Ping sweep

    • B.

      Ping crawl

    • C.

      Port scan

    • D.

      Enumeration

    Correct Answer
    A. Ping sweep
    Explanation
    The process of sending ICMP Echo requests to all IP addresses in a range is known as a ping sweep. This technique is commonly used to identify active machines on a subnet by sending a series of ping requests to each IP address in the range and analyzing the responses received. By conducting a ping sweep, network administrators can quickly determine which IP addresses are in use and which machines are active on the network.

    Rate this question:

  • 33. 

    You are reviewing a packet capture in Wireshark but only need to see packets from IP address 128.156.44.33. Which of the following filters will provide the output you wish to see? 

    • A.

      Ip = = 128.156.44.33

    • B.

      Ip.address = = 128.156.44.33

    • C.

      Ip.src = = 128.156.44.33

    • D.

      Ip.source.address = = 128.156.44.33

    Correct Answer
    C. Ip.src = = 128.156.44.33
    Explanation
    The correct answer is "ip.src == 128.156.44.33". This filter will display only the packets where the source IP address is 128.156.44.33. The other filters are incorrect because they either use the wrong syntax or refer to the destination IP address instead of the source IP address.

    Rate this question:

  • 34. 

    Which footprinting tool or technique can be used to find information about the domain registration, which may include names and addresses of technical points of contact? 

    • A.

      Whois

    • B.

      Nslookup

    • C.

      Dig

    • D.

      Traceroute

    Correct Answer
    A. Whois
    Explanation
    The correct answer is "whois". The whois tool or technique can be used to find information about the domain registration, including names and addresses of technical points of contact. This tool allows users to query a database of registered domain names and retrieve information about the owner, registrar, and other details related to the domain. It is commonly used by cybersecurity professionals and investigators to gather information during the footprinting phase of an attack or investigation.

    Rate this question:

  • 35. 

    Which of the following is a utility that allows you to query the DNS database from any computer on the network and find the hostname of a device by specifying its IP address, or vice versa? 

    • A.

      Ipconfig

    • B.

      Tracert

    • C.

      Nslookup

    • D.

      Wireshark

    Correct Answer
    C. Nslookup
    Explanation
    Nslookup is a utility that allows you to query the DNS database from any computer on the network and find the hostname of a device by specifying its IP address, or vice versa. It is commonly used to troubleshoot DNS-related issues, verify DNS configurations, and gather information about DNS records.

    Rate this question:

  • 36. 

    Which of the following scans allows for “blind scanning” by using a “zombie host” and a spoofed packet to generate port responses from a target host? 

    • A.

      Idle scan

    • B.

      Botnet

    • C.

      NULL scan

    • D.

      FIN scan

    Correct Answer
    A. Idle scan
    Explanation
    The correct answer is Idle scan. An Idle scan, also known as a zombie scan, involves using a "zombie host" or an intermediary computer to send spoofed packets to the target host. The spoofed packets have the IP address of the zombie host, making it appear as if the packets are coming from the zombie host. The target host then responds to the zombie host, allowing the attacker to gather information about open ports on the target host without directly scanning it. This technique is commonly used for stealthy reconnaissance in network scanning.

    Rate this question:

  • 37. 

    A new member of the pen test team has discovered a WAP that is using WEP for encryption. He wants a fast tool that can crack the encryption. Which of the following is his best choice? 

    • A.

      AirSnort

    • B.

      Aircrack-NG

    • C.

      NetStumbler

    • D.

      Kismet

    Correct Answer
    B. Aircrack-NG
    Explanation
    Aircrack-NG is the best choice for the new member of the pen test team because it is a fast tool specifically designed for cracking WEP encryption. It is widely used by security professionals for testing the security of wireless networks. AirSnort, NetStumbler, and Kismet are not specifically designed for cracking encryption and may not be as effective or efficient in this task.

    Rate this question:

  • 38. 

    Which of the following is a true statement regarding SSIDs? 

    • A.

      Configuring a strong SSID is a vital step in securing your network

    • B.

      An SSID should always be more than eight characters in length

    • C.

      An SSID should never be a dictionary word or anything easily guessed

    • D.

      SSIDs are important for identifying networks, but do little to nothing for security

    Correct Answer
    D. SSIDs are important for identifying networks, but do little to nothing for security
  • 39. 

    The nmap TCP Window scan is performed by which of the following commands? 

    • A.

      Nmap -sW

    • B.

      Nmap -W

    • C.

      Nmap -w

    • D.

      Nmap -T window

    Correct Answer
    A. Nmap -sW
    Explanation
    The correct command to perform an nmap TCP Window scan is "nmap -sW". This command initiates a scan that determines the size of the TCP window for each open port on a target system. By analyzing the TCP window size, an attacker can gain insight into the target's network behavior and potential vulnerabilities.

    Rate this question:

  • 40. 

    What is the proper command to perform an Nmap XMAS scan every 15 seconds? 

    • A.

      Nmap -sX -sneaky

    • B.

      Nmap -sX -paranoid

    • C.

      Nmap -sX -aggressive

    • D.

      Nmap -sX -polite

    Correct Answer
    A. Nmap -sX -sneaky
    Explanation
    The correct answer is "nmap -sX -sneaky" because the "-sX" flag specifies the type of scan to be performed, which in this case is an XMAS scan. The "-sneaky" flag sets the timing options for the scan to be performed every 15 seconds.

    Rate this question:

  • 41. 

    What type of rootkits will patch, hook, or replace the version of system call in order to hide information? 

    • A.

      Library level rootkits

    • B.

      Kernel level rootkits

    • C.

      System level rootkits

    • D.

      Application level rootkits

    Correct Answer
    A. Library level rootkits
    Explanation
    Library level rootkits are a type of rootkit that patch, hook, or replace the version of system calls in order to hide information. These rootkits operate at the library level, which means they target the libraries and dynamic linkers in the operating system. By modifying the behavior of system calls, library level rootkits can intercept and manipulate the data being passed between applications and the operating system, allowing them to hide their presence and activities.

    Rate this question:

  • 42. 

    How can IP address spoofing be detected?

    • A.

      Installing and configuring an IDS that can read the IP header

    • B.

      Comparing the TTL values of the actual and spoofed addresses

    • C.

      Implementing a firewall on the network

    • D.

      Identifying all TCP sessions that are initiated but does not complete successfully

    Correct Answer
    B. Comparing the TTL values of the actual and spoofed addresses
    Explanation
    Comparing the TTL values of the actual and spoofed addresses can help detect IP address spoofing. TTL (Time to Live) is a field in the IP header that determines the maximum number of hops or routers that a packet can pass through before being discarded. When a packet is spoofed, the TTL value may not match the expected value for the actual source IP address. By comparing the TTL values, any inconsistencies can be identified, indicating the presence of IP address spoofing.

    Rate this question:

  • 43. 

    What are the port states determined by Nmap?

    • A.

      Active, inactive, standby

    • B.

      Open, half-open, closed

    • C.

      Open, filtered, unfiltered

    • D.

      Active, closed, unused

    Correct Answer
    C. Open, filtered, unfiltered
    Explanation
    Nmap is a network scanning tool that determines the state of ports on a target system. The correct answer is "Open, filtered, unfiltered." "Open" refers to ports that are accepting connections, "filtered" indicates that a firewall or other filtering device is blocking access to the port, and "unfiltered" means that the port's state could not be determined. These port states are important for identifying potential vulnerabilities or security issues on a network.

    Rate this question:

  • 44. 

    Which of the following will allow footprinting to be conducted without detection? 

    • A.

      Ping sweep

    • B.

      Traceroute

    • C.

      War Dialers

    • D.

      ARIN

    Correct Answer
    D. ARIN
    Explanation
    ARIN stands for the American Registry for Internet Numbers. It is an organization responsible for allocating and managing IP addresses and other internet number resources in North America. Unlike the other options listed, ARIN does not directly involve any network scanning or probing techniques that could potentially be detected. Instead, it is an administrative entity that handles the registration and distribution of IP addresses. Therefore, using ARIN does not involve any active footprinting activities and is less likely to be detected.

    Rate this question:

  • 45. 

    Which Nmap scan initiates but does not complete a TCP connection? 

    • A.

      SYN stealth scan

    • B.

      TCP connect scan

    • C.

      XMAS tree scan

    • D.

      ACK scan

    Correct Answer
    A. SYN stealth scan
    Explanation
    The SYN stealth scan initiates a TCP connection but does not complete it. It sends a SYN packet to the target host and waits for a response. If the port is open, the target will respond with a SYN/ACK packet, but the scanner does not send the final ACK packet to complete the connection. This allows the scanner to determine open ports without fully establishing a connection, making it more stealthy and harder to detect.

    Rate this question:

  • 46. 

    You have selected the option in your IDS to notify you via email if it discovers any network irregularities. Checking the logs, you notice a few incidents, but you didn’t receive any alerts. What protocol needs to be configured on the IDS?

    • A.

      NTP

    • B.

      SNMP

    • C.

      POP3

    • D.

      SMTP

    Correct Answer
    D. SMTP
    Explanation
    The correct answer is SMTP. SMTP (Simple Mail Transfer Protocol) is a protocol used for sending and receiving email. In this scenario, the IDS (Intrusion Detection System) is configured to notify the user via email if it detects any network irregularities. Since the user did not receive any alerts despite noticing incidents in the logs, it suggests that the SMTP protocol needs to be configured on the IDS so that it can send email notifications properly.

    Rate this question:

  • 47. 

    IPSec uses which two modes?

    • A.

      AH/ESP

    • B.

      AES/DES

    • C.

      EH/ASP

    • D.

      AES/ESP

    Correct Answer
    A. AH/ESP
    Explanation
    IPSec (Internet Protocol Security) is a protocol suite used to secure IP communications. It can operate in two modes: Authentication Header (AH) and Encapsulating Security Payload (ESP). AH provides data integrity and authentication, ensuring that the data has not been tampered with during transmission. ESP, on the other hand, provides confidentiality, encrypting the data to prevent unauthorized access. Therefore, the correct answer is AH/ESP, as these two modes are used in IPSec for different security purposes.

    Rate this question:

  • 48. 

    Which of the following terms describes a firewall with multiple network interfaces? 

    • A.

      A next-generation firewall

    • B.

      A multihomed firewall

    • C.

      Web gateway

    • D.

      Application-level firewall

    Correct Answer
    B. A multihomed firewall
    Explanation
    A multihomed firewall is a term that describes a firewall with multiple network interfaces. This means that the firewall is connected to multiple networks, allowing it to filter and control traffic between these networks. By having multiple network interfaces, the firewall can provide enhanced security and flexibility by segregating different network segments and controlling the flow of data between them. This term is commonly used in networking and cybersecurity to refer to firewalls that have multiple network connections.

    Rate this question:

  • 49. 

    Bluejacking is an attack that does which of the following to a compromised Bluetooth device? 

    • A.

      Tracking

    • B.

      Breaking into a device

    • C.

      Sending unsolicited messages

    • D.

      Crashing

    Correct Answer
    C. Sending unsolicited messages
    Explanation
    Bluejacking is an attack where the attacker sends unsolicited messages to a compromised Bluetooth device. This means that the attacker can send unwanted messages to the victim's device without their consent or knowledge. It is a form of Bluetooth spamming, where the intention is to annoy or disrupt the user rather than gain unauthorized access or control over the device.

    Rate this question:

  • 50. 

    Which of the following is a honeypot detection tool? 

    • A.

      Honeyd

    • B.

      Specter

    • C.

      KFSensor

    • D.

      Sobek

    Correct Answer
    D. Sobek
    Explanation
    Sobek is a honeypot detection tool. Honeypots are decoy systems designed to attract and monitor unauthorized access attempts. Sobek is specifically designed to detect and analyze attacks on honeypots. It provides features such as log analysis, attack signature matching, and real-time alerting to help administrators identify and respond to potential threats.

    Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Mar 22, 2023
    Quiz Edited by
    ProProfs Editorial Team
  • Sep 19, 2018
    Quiz Created by
    Terry519vx
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.