Ethicalquiz

Reviewed by Editorial Team
The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.
Learn about Our Editorial Process
| By Terry519vx
T
Terry519vx
Community Contributor
Quizzes Created: 2 | Total Attempts: 1,884
| Attempts: 1,169
SettingsSettings
Please wait...
  • 1/147 Questions

    SSIDs serve many functions, but the primary goal is which of the following? 

    • Mask a network
    • Prioritize traffic
    • Identify clients to the network
    • Identify the network to clients or potential clients
Please wait...
About This Quiz

The 'Ethicalquiz' explores key aspects of IPv6, including its datagram header length, address types, and differences from IPv4. It also touches on general networking concepts like firewalls and private IP addresses, enhancing understanding of modern network security and architecture.

Ethicalquiz - Quiz

Quiz Preview

  • 2. 

    Which of the following techniques could be used to test the strength of firewall rules? 

    • Send specifically crafted packets by manipulating TCP headers and flags

    • Perform a brute force attack

    • Perform a SQL injection attack

    • None of the above

    Correct Answer
    A. Send specifically crafted packets by manipulating TCP headers and flags
    Explanation
    The technique of sending specifically crafted packets by manipulating TCP headers and flags can be used to test the strength of firewall rules. By manipulating these packets, it is possible to simulate different types of attacks and see how the firewall responds to them. This allows for the identification of any weaknesses or vulnerabilities in the firewall's rule set and helps in improving its overall security.

    Rate this question:

  • 3. 

    Which Linux folder holds the password and shadow files? 

    • /bin

    • /etc

    • /sbin

    • /sec

    Correct Answer
    A. /etc
    Explanation
    The correct answer is /etc. In Linux, the /etc folder is used for system configuration files. This folder holds important files such as passwd and shadow, which store user account information and password hashes respectively. These files are crucial for user authentication and security on the system.

    Rate this question:

  • 4. 

    Snort can be used in which of the following modes? 

    • IDS

    • Packet sniffer

    • Packet logger

    • All of the above

    Correct Answer
    A. All of the above
    Explanation
    Snort can be used in all of the mentioned modes: IDS, packet sniffer, and packet logger. As an Intrusion Detection System (IDS), Snort monitors network traffic for suspicious activities and alerts the administrator. It can also function as a packet sniffer, capturing and analyzing network packets in real-time. Additionally, Snort can serve as a packet logger, recording network traffic for later analysis and investigation. Therefore, all the given options are correct.

    Rate this question:

  • 5. 

    Which device is typically used with software such as Wireshark to aid in wireless network traffic analysis? 

    • AirPcap

    • Honeypot

    • Access point

    • Router

    Correct Answer
    A. AirPcap
    Explanation
    AirPcap is a device that is typically used with software like Wireshark to aid in wireless network traffic analysis. It allows users to capture and analyze wireless network packets, providing detailed information about the network traffic. This device is specifically designed for wireless network monitoring and analysis, making it an ideal tool for professionals who need to analyze and troubleshoot wireless networks.

    Rate this question:

  • 6. 

    In the context of the Microsoft Windows NT, which Security Identifier (SID) represents the administrator account?  

    • S-1-5- and end with -500

    • S-1-0-0

    • S-1-1-0

    • S-1-3-1

    Correct Answer
    A. S-1-5- and end with -500
    Explanation
    The correct answer is "S-1-5- and end with -500." In Microsoft Windows NT, the Security Identifier (SID) that represents the administrator account is a SID that starts with "S-1-5-" and ends with "-500." SIDs are unique identifiers assigned to user accounts and groups in Windows NT systems, and the SID ending with "-500" is specifically assigned to the built-in administrator account.

    Rate this question:

  • 7. 

    Bob has gone to an electronic retail store website to gather information of the top management especially their CEO and CFO names, email addresses and their phone numbers. Which of the following best describes this activity?  

    • Gaining access

    • Fingerprinting

    • Social engineering

    • Reconnaissance

    Correct Answer
    A. Reconnaissance
    Explanation
    Reconnaissance is the best description for Bob's activity of gathering information about the top management of the electronic retail store website. Reconnaissance refers to the process of collecting information about a target, usually for the purpose of planning an attack or gaining an advantage. In this case, Bob is gathering information about the CEO and CFO, including their names, email addresses, and phone numbers, which could potentially be used for malicious purposes.

    Rate this question:

  • 8. 

    In wireshark, the packet bytes pane shows the data of the current packet in which of the following format styles? 

    • Hex dump

    • Ascii dump

    • Octal dump

    • Dec dump

    Correct Answer
    A. Hex dump
    Explanation
    The packet bytes pane in Wireshark displays the data of the current packet in a hex dump format. This means that the data is shown as a series of hexadecimal values, allowing users to view the individual bytes of the packet. This format is commonly used in network analysis to examine the raw data being transmitted over a network.

    Rate this question:

  • 9. 

    A background program that resides on a computer and services requests is called a(n): 

    • Daemon

    • Database

    • Client

    • Agent

    Correct Answer
    A. Daemon
    Explanation
    A background program that resides on a computer and services requests is called a daemon. It operates independently of user interaction and performs various tasks such as managing system services or responding to network requests. Daemons typically run in the background, continuously monitoring and responding to events or requests, making them essential for the proper functioning of a computer system.

    Rate this question:

  • 10. 

    Entering Password: blah’ or 1=1- into a web form is an example of what type of attack? 

    • Heap-based overflow

    • Buffer overflow

    • Stack-based overflow

    • SQL injection

    Correct Answer
    A. SQL injection
    Explanation
    Entering the password "blah' or 1=1-" into a web form is an example of an SQL injection attack. In SQL injection, an attacker manipulates the input fields of a web form to inject malicious SQL code into the application's database query. In this case, by entering "blah' or 1=1-", the attacker is attempting to bypass the login authentication by making the query always evaluate to true, allowing them to gain unauthorized access to the system.

    Rate this question:

  • 11. 

    What capability does a backdoor provide to the adversary? 

    • They corrupt data

    • They destroy cryptographic keys in the TPM

    • They provide low-level formatting operations

    • They provide remote access to the client

    Correct Answer
    A. They provide remote access to the client
    Explanation
    A backdoor allows the adversary to gain unauthorized access to a client's system remotely. This means that the adversary can access and control the client's system from a remote location without the client's knowledge or permission. This can be extremely dangerous as it grants the adversary the ability to manipulate, steal, or destroy data, compromise the system's security, and potentially carry out malicious activities without being detected.

    Rate this question:

  • 12. 

    Mike is performing an activity of guessing every possible password combination of an account? What activity is he performing?

    • Brute force

    • Hashing

    • Dictionary attack

    • Social engineering

    Correct Answer
    A. Brute force
    Explanation
    Mike is performing the activity of guessing every possible password combination of an account. This method is known as brute force, where he systematically tries all possible combinations until he finds the correct password. This approach is time-consuming but can be effective if the password is weak or if there are a limited number of possible combinations.

    Rate this question:

  • 13. 

    Which of the following is a true statement regarding SSIDs? 

    • Configuring a strong SSID is a vital step in securing your network

    • An SSID should always be more than eight characters in length

    • An SSID should never be a dictionary word or anything easily guessed

    • SSIDs are important for identifying networks, but do little to nothing for security

    Correct Answer
    A. SSIDs are important for identifying networks, but do little to nothing for security
  • 14. 

    Which command-line tool displays a list of active connections a computer currently has? 

    • Netstat

    • Ps

    • Ls

    • Echo

    Correct Answer
    A. Netstat
    Explanation
    Netstat is a command-line tool that displays a list of active connections a computer currently has. It provides information about the network connections, such as the protocol being used, local and remote IP addresses, and the status of the connection. By using netstat, users can monitor network activity, troubleshoot network issues, and identify any unauthorized connections or suspicious activities on their computer.

    Rate this question:

  • 15. 

    Which statement is the MOST accurate regarding firewalls?

    • They route traffic based upon inspecting packets.

    • They filter traffic based upon inspecting packets.

    • They switch packets based upon inspecting packets.

    • They forward packets to the Internet based upon inspecting packets.

    Correct Answer
    A. They filter traffic based upon inspecting packets.
    Explanation
    Firewalls are network security devices that monitor and control incoming and outgoing network traffic. They act as a barrier between a trusted internal network and an untrusted external network, such as the Internet. The most accurate statement regarding firewalls is that they filter traffic based upon inspecting packets. Firewalls examine the packets of data that are being transmitted and apply predefined rules to determine whether to allow or block the traffic. By filtering and inspecting packets, firewalls can enforce security policies and protect the network from unauthorized access or malicious activities.

    Rate this question:

  • 16. 

    What are the port states determined by Nmap?

    • Active, inactive, standby

    • Open, half-open, closed

    • Open, filtered, unfiltered

    • Active, closed, unused

    Correct Answer
    A. Open, filtered, unfiltered
    Explanation
    Nmap is a network scanning tool that determines the state of ports on a target system. The correct answer is "Open, filtered, unfiltered." "Open" refers to ports that are accepting connections, "filtered" indicates that a firewall or other filtering device is blocking access to the port, and "unfiltered" means that the port's state could not be determined. These port states are important for identifying potential vulnerabilities or security issues on a network.

    Rate this question:

  • 17. 

    Which of the following is an asymmetric encryption algorithm? 

    • AES

    • DES

    • RSA

    • MD-5

    Correct Answer
    A. RSA
    Explanation
    RSA is an asymmetric encryption algorithm because it uses two different keys, a public key for encryption and a private key for decryption. The public key is widely distributed and can be used by anyone to encrypt messages, but only the owner of the private key can decrypt the messages. This makes RSA suitable for secure communication between parties who have never met or exchanged keys beforehand. AES, DES, and MD-5, on the other hand, are symmetric encryption algorithms, where the same key is used for both encryption and decryption.

    Rate this question:

  • 18. 

    Which of the following are functions of Arpwatch?

    • Keeping track of Ethernet/IP addressing pairing

    • Packet filtering

    • Encryption

    • DNS security

    Correct Answer
    A. Keeping track of Ethernet/IP addressing pairing
    Explanation
    Arpwatch is a tool used for monitoring Address Resolution Protocol (ARP) activity on a network. It keeps track of Ethernet/IP addressing pairing by monitoring and logging ARP activity, which includes tracking MAC addresses and their corresponding IP addresses. Arpwatch helps to detect and prevent ARP spoofing attacks and provides information about changes in the network's IP and MAC address mappings. It does not perform packet filtering, encryption, or DNS security.

    Rate this question:

  • 19. 

    NSLookup is a good tool to use to gain additional information about a target network. What does the following command accomplish?  nslookup > server <ipaddress> > set type =any > ls -d <target.com>

    • Enables DNS spoofing

    • Verifies zone security

    • Performs a zone transfer

    • Resets the DNS cache

    Correct Answer
    A. Performs a zone transfer
    Explanation
    The given command sequence in nslookup performs a zone transfer. A zone transfer is a mechanism in DNS that allows a secondary DNS server to obtain a copy of DNS records from a primary DNS server. By executing the ls -d command with the target domain name, the command requests a zone transfer from the DNS server specified in the previous commands. This allows the user to retrieve a complete copy of the DNS records for the specified domain, providing additional information about the target network.

    Rate this question:

  • 20. 

    Which of the following ports is used by the Network Time Protocol (NTP)? 

    • 123

    • 423

    • 112

    • 808

    Correct Answer
    A. 123
    Explanation
    The correct answer is 123. The Network Time Protocol (NTP) uses port number 123 for communication. NTP is a protocol used to synchronize the clocks of computers on a network. It allows devices to maintain accurate time, which is crucial for various network operations and applications. By using port 123, NTP can transmit time information between servers and clients, ensuring that all devices on the network have synchronized time.

    Rate this question:

  • 21. 

    In this protection mechanism used by some operating systems, memory segments may be marked as non executable so that they cannot be misused by malicious software. What is the name of this security mechanism? 

    • DEP

    • ASLR

    • Virtual memory

    • Memory protection mechanism

    Correct Answer
    A. DEP
    Explanation
    DEP stands for Data Execution Prevention, which is a security mechanism used by some operating systems. It works by marking memory segments as non-executable, preventing malicious software from running code in those areas. This helps to protect against buffer overflow attacks and other types of exploits that rely on executing code from memory.

    Rate this question:

  • 22. 

    There are some programs that can be used to provide unexpected or random inputs to computer programs. This is referred to as:

    • Fuzzing

    • Penetration test

    • MAC Spoofing

    • Port Mirroring

    Correct Answer
    A. Fuzzing
    Explanation
    Fuzzing refers to the practice of providing unexpected or random inputs to computer programs. It is a technique used to uncover vulnerabilities or bugs in software by bombarding it with invalid, unexpected, or random data. Fuzzing can help identify security flaws and improve the overall reliability and robustness of computer programs.

    Rate this question:

  • 23. 

    Which of the following types of penetration testing requires partial knowledge of the target system or network? 

    • White box

    • Grey box

    • Black box

    • Glass box

    Correct Answer
    A. Grey box
    Explanation
    Grey box penetration testing requires partial knowledge of the target system or network. In this type of testing, the tester has limited information about the target, such as system architecture or internal details. This simulates an attacker who has some level of insider knowledge or access to the target. It allows the tester to focus on specific areas of vulnerability while still providing a level of realism. Grey box testing strikes a balance between the comprehensive knowledge of white box testing and the complete lack of knowledge in black box testing.

    Rate this question:

  • 24. 

    What command is used to launch the computer management console in Windows 7? 

    • Compmgmt.msc

    • Compmgmt.mc

    • Pcmgmt.mc

    • Pcmgmt.msc

    Correct Answer
    A. Compmgmt.msc
    Explanation
    The correct answer is compmgmt.msc. This command is used to launch the computer management console in Windows 7. The ".msc" extension indicates that it is a Microsoft Management Console file. This console allows users to manage various aspects of their computer, such as device manager, disk management, event viewer, and more.

    Rate this question:

  • 25. 

    A big concern in distributed environments is the _____________, in which an attacker captures some type of data and resubmits it with the hopes of fooling the receiving device into thinking it is legitimate information. 

    • Replay Attacks

    • DDoS

    • DoS

    • Virus attack

    Correct Answer
    A. Replay Attacks
    Explanation
    In distributed environments, a big concern is the possibility of replay attacks. In a replay attack, an attacker captures data and then resubmits it in an attempt to deceive the receiving device into believing that it is genuine information. This can lead to unauthorized access, data breaches, and other security issues. It is important to implement measures such as encryption, authentication, and timestamping to prevent replay attacks and ensure the integrity and security of the system.

    Rate this question:

  • 26. 

    What does this command do in nmap -T4 -A -p 1-1000 -oX - scanme.nmap.org? 

    • Nmap XML output

    • Performs a script scan using the default set of scripts

    • A script scan without host discover or a port scan

    • Requests that normal output be directed to the given filename

    Correct Answer
    A. Nmap XML output
    Explanation
    This command in nmap performs a scan on the target scanme.nmap.org using aggressive timing and options (-T4 -A), scans ports 1 to 1000 (-p 1-1000), and outputs the results in XML format (-oX -). The correct answer states that the command produces Nmap XML output, which accurately describes the result of the command.

    Rate this question:

  • 27. 

    Which of the following is a utility that allows you to query the DNS database from any computer on the network and find the hostname of a device by specifying its IP address, or vice versa? 

    • Ipconfig

    • Tracert

    • Nslookup

    • Wireshark

    Correct Answer
    A. Nslookup
    Explanation
    Nslookup is a utility that allows you to query the DNS database from any computer on the network and find the hostname of a device by specifying its IP address, or vice versa. It is commonly used to troubleshoot DNS-related issues, verify DNS configurations, and gather information about DNS records.

    Rate this question:

  • 28. 

    An employee receives an email with the following body. Is this a likely phishing attempt?  “Dear Matt, we suspect a security breach happened earlier this week. In order to prevent further damage, we need to verify everyone's VPN passwords. Please reply to this email with your VPN login information. Please do this right away, otherwise, you may lose access. Thanks! Sincerely, IT Department” 

    • No, because it does not contain any links or attachments

    • No, because it addresses the user by his actual name

    • No, because it comes from the IT department and contains information

    • Yes, because it contains an urgent request for sensitive information

    Correct Answer
    A. Yes, because it contains an urgent request for sensitive information
    Explanation
    The email is likely a phishing attempt because it contains an urgent request for sensitive information, specifically the VPN login information. Phishing attempts often use urgency and the threat of losing access to trick individuals into providing their personal or sensitive information. The fact that the email does not contain any links or attachments does not necessarily make it safe, as phishing attempts can also be conducted through simple text-based emails. Additionally, the fact that it addresses the user by their actual name and comes from the IT department does not guarantee its authenticity, as phishing attempts can be personalized and impersonate legitimate sources.

    Rate this question:

  • 29. 

    In the IPv6 header, the traffic class field is similar to which field in the IPv4 header? 

    • Fragmentation field

    • Fast switching

    • TOS field

    • Option field

    Correct Answer
    A. TOS field
    Explanation
    In the IPv6 header, the traffic class field is similar to the TOS (Type of Service) field in the IPv4 header. Both fields are used to prioritize and classify different types of network traffic. They allow network administrators to define the quality of service and handling requirements for packets, such as prioritizing real-time traffic or giving higher priority to certain applications. The traffic class field in IPv6 serves a similar purpose as the TOS field in IPv4, providing a way to differentiate and prioritize traffic in the network.

    Rate this question:

  • 30. 

    (Inherent risk) - (impact of risk controls) = ?

    • Residual risk

    • Accepted risk

    • Return On Investment (ROI)

    • Vulnerability

    Correct Answer
    A. Residual risk
    Explanation
    The equation (Inherent risk) - (impact of risk controls) = Residual risk suggests that the residual risk is the remaining level of risk after the impact of risk controls has been taken into account. In other words, it represents the risk that still exists despite the implementation of risk controls. Therefore, the correct answer is Residual risk.

    Rate this question:

  • 31. 

    Sending a probe to the target system using a ping scan is a form of which type of reconnaissance? 

    • Active reconnaissance

    • Passive reconnaissance

    • Vulnerability scanning

    • OS fingerprinting

    Correct Answer
    A. Active reconnaissance
    Explanation
    Sending a probe to the target system using a ping scan is considered active reconnaissance because it involves actively probing and interacting with the target system to gather information. In this case, a ping scan is used to determine if the target system is online by sending ICMP echo requests and analyzing the responses. This type of reconnaissance is more aggressive and can potentially be detected by the target system's security measures.

    Rate this question:

  • 32. 

    An application that is designed to look like a known legitimate application or a benign file, but is actuality malicious in nature is considered what type of malware? 

    • Spyware

    • Rootkit

    • Adware

    • Trojan

    Correct Answer
    A. Trojan
    Explanation
    A Trojan is a type of malware that disguises itself as a legitimate application or file, tricking users into downloading and installing it. Once installed, it can perform various malicious activities such as stealing sensitive information, damaging files, or providing unauthorized access to the attacker. Unlike spyware, adware, or rootkits, which may have different purposes, a Trojan specifically focuses on deception and pretending to be something it is not in order to gain access to a user's system.

    Rate this question:

  • 33. 

    Alyssa is performing a penetration test on an enterprise network. Upon gaining access to an administrator’s workstation, she discovers a document containing plaintext passwords to the administrator’s personal bank accounts. What should Alyssa do?

    • Immediately report this finding to the administrator

    • Ignore this finding as irrelevant and continue testing

    • Attempt to access the accounts

    • Include this finding in the final report

    Correct Answer
    A. Immediately report this finding to the administrator
    Explanation
    Alyssa should immediately report this finding to the administrator because discovering plaintext passwords to personal bank accounts is a serious security concern. It is important to prioritize the protection of sensitive information and take appropriate actions to mitigate any potential risks. By reporting this finding, Alyssa ensures that the administrator is aware of the vulnerability and can take necessary steps to address the issue and protect their personal accounts.

    Rate this question:

  • 34. 

    What is the length of the IPv6 datagram header? 

    • 10 bytes

    • 25 bytes

    • 30 bytes

    • 40 bytes

    Correct Answer
    A. 40 bytes
    Explanation
    The length of the IPv6 datagram header is 40 bytes. The IPv6 header consists of several fields such as the source and destination addresses, traffic class, flow label, payload length, next header, hop limit, and others. These fields collectively occupy a total of 40 bytes in the header.

    Rate this question:

  • 35. 

    Which footprinting tool or technique can be used to find information about the domain registration, which may include names and addresses of technical points of contact? 

    • Whois

    • Nslookup

    • Dig

    • Traceroute

    Correct Answer
    A. Whois
    Explanation
    The correct answer is "whois". The whois tool or technique can be used to find information about the domain registration, including names and addresses of technical points of contact. This tool allows users to query a database of registered domain names and retrieve information about the owner, registrar, and other details related to the domain. It is commonly used by cybersecurity professionals and investigators to gather information during the footprinting phase of an attack or investigation.

    Rate this question:

  • 36. 

    You have selected the option in your IDS to notify you via email if it discovers any network irregularities. Checking the logs, you notice a few incidents, but you didn’t receive any alerts. What protocol needs to be configured on the IDS?

    • NTP

    • SNMP

    • POP3

    • SMTP

    Correct Answer
    A. SMTP
    Explanation
    The correct answer is SMTP. SMTP (Simple Mail Transfer Protocol) is a protocol used for sending and receiving email. In this scenario, the IDS (Intrusion Detection System) is configured to notify the user via email if it detects any network irregularities. Since the user did not receive any alerts despite noticing incidents in the logs, it suggests that the SMTP protocol needs to be configured on the IDS so that it can send email notifications properly.

    Rate this question:

  • 37. 

    An attacker runs netcat tool to transfer a secret file between two hosts.   Machine A: netcat -l -p 1234 < secretfile Machine B: netcat 192.168.3.4 > 1234. He is worried about information being sniffed on the network. How would the attacker encrypt information before transmitting it on the wire? 

    • Machine A: netcat -l -p -s password 1234 < secretfile Machine B: netcat 1234

    • Machine A: netcat -l -e magickey -p 1234 < secretfile Machine B: netcat 1234

    • Machine A: netcat -l -p 1234 < secretfile -pw password. Machine B: netcat 1234 -pw password

    • Use cryptcat instead of netcat

    Correct Answer
    A. Use cryptcat instead of netcat
  • 38. 

    You  identify  a  WAP  network  that  you  are  going  to  attack. You  discover that  the WAP  is  using  WEP. Which method  will  you  utiliz order to  exploit  the WAP?

    • The encryption algorithm, which is RC4

    • The initalization vector (IV)

    • The password

    • The username and password

    Correct Answer
    A. The initalization vector (IV)
    Explanation
    The initialization vector (IV) is used in WEP (Wired Equivalent Privacy) to encrypt data packets in a wireless network. It is a random value that is combined with the encryption key to create a unique encryption for each packet. However, WEP has significant security vulnerabilities, and the IV is one of the weak points. By analyzing a sufficient number of packets encrypted with the same IV, an attacker can discover the encryption key and exploit the WAP network. Therefore, the IV is the method that the attacker will utilize in order to exploit the WAP.

    Rate this question:

  • 39. 

    Which of the following switches enables an idle scan within the Nmap tool? 

    • -sl

    • -ls

    • -Si

    • None, because Nmap does not support idle scans

    Correct Answer
    A. -sl
    Explanation
    The correct answer is -sl. The -sl switch enables an idle scan within the Nmap tool. This switch allows Nmap to use a zombie host to perform the scan, making it harder to detect and trace back to the original source.

    Rate this question:

  • 40. 

    An example of a tshark command using fetch filtering to capture traffic on a given network is: [Select multiple answers]

    • Sudo tshark -f "net 192.168.8.0/24"

    • Sudo tshark -Y "ip.addr == 192.168.8.244"

    • Sudo tshark -f "net 192.168.8.0 mask 255.255.255.0"

    • None, because tshark does not support traffic capturing

    Correct Answer(s)
    A. Sudo tshark -f "net 192.168.8.0/24"
    A. Sudo tshark -f "net 192.168.8.0 mask 255.255.255.0"
    Explanation
    The correct answers for this question are "sudo tshark -f "net 192.168.8.0/24"" and "sudo tshark -f "net 192.168.8.0 mask 255.255.255.0"". These commands use fetch filtering to capture traffic on a given network. The first command captures traffic on the network with the IP range 192.168.8.0/24, while the second command captures traffic on the network with the IP range 192.168.8.0 and subnet mask 255.255.255.0.

    Rate this question:

  • 41. 

    Bob is an IT auditor of a bank. He finds a new rule has been implemented on a firewall without any written approval or documentation. What specific area of security policy was violated and what action would you recommend to Bob? 

    • Secure configuration management and Bob should document why the change was made without proper change control

    • Logical access control and Bob should document why the change was made without proper change control

    • Physical security and Bob should document the change in change control document

    • SDLC and Bob should document the change in change control document

    Correct Answer
    A. Secure configuration management and Bob should document why the change was made without proper change control
    Explanation
    The specific area of security policy that was violated is secure configuration management. The new rule implemented on the firewall without any written approval or documentation goes against the proper change control procedures. To rectify the situation, Bob should document why the change was made without proper change control. This documentation will help ensure transparency and accountability in the future and maintain a secure configuration management process.

    Rate this question:

  • 42. 

    Vulnerability mapping occurs after which phase of a penetration test? 

    • Host scanning

    • Passive information gathering

    • Analysis of host scanning

    • Network level discovery

    Correct Answer
    A. Analysis of host scanning
    Explanation
    Vulnerability mapping occurs after the analysis of host scanning phase in a penetration test. Host scanning is the process of actively scanning the target network to identify live hosts and open ports. Once the host scanning is completed, the next step is to analyze the results of the scanning and identify any vulnerabilities present on the target hosts. This analysis helps in mapping out the vulnerabilities and weaknesses that can be exploited during the penetration test.

    Rate this question:

  • 43. 

    MAC spoofing applies a legitimate MAC address to an unauthenticated host, which allows the attacker to pose as a valid user. Based on your understanding of ARP, what would indicate a bogus client? 

    • The MAC address doesn’t map to a manufacturer.

    • The MAC address is two digits too long.

    • A reverse ARP request maps to two hosts.

    • The host is receiving its own traffic.

    Correct Answer
    A. A reverse ARP request maps to two hosts.
    Explanation
    A reverse ARP request maps to two hosts. Reverse ARP (RARP) is a protocol used to discover the IP address of a device based on its MAC address. In a normal scenario, a RARP request should map a single MAC address to a single IP address. If a RARP request maps to two hosts, it indicates a bogus client because it suggests that there are multiple devices claiming the same MAC address, which is not possible in a legitimate network. This could be a sign of MAC spoofing or other malicious activities.

    Rate this question:

  • 44. 

    Which of the following is an extended version of Nikto designed for Windows and is a tool that can examine web servers and probe for vulnerabilities? 

    • Wikto

    • N-stealth

    • WinPcap

    • Ncat

    Correct Answer
    A. Wikto
    Explanation
    Wikto is an extended version of Nikto that is specifically designed for Windows. It is a tool used for examining web servers and probing for vulnerabilities. It is an essential tool for security professionals and system administrators to identify and address potential weaknesses in web servers.

    Rate this question:

  • 45. 

    You’re using nmap to run port scans. Which of the following commands will attempt a half-open scan stealthily as possible? 

    • Nmap -sT 192.168.1.0/24 -T0

    • Nmap -sX 192.168.1.0/24 -T0

    • Nmap -sO 192.168.1.0/24 -T0

    • Nmap -sS 192.168.1.0/24 -T0

    Correct Answer
    A. Nmap -sS 192.168.1.0/24 -T0
    Explanation
    The correct answer is "nmap -sS 192.168.1.0/24 -T0". This command will use the -sS option to perform a SYN scan, which is a type of stealthy half-open scan. The -T0 option sets the timing template to the slowest possible, making the scan as stealthy as possible.

    Rate this question:

  • 46. 

    Bluejacking is an attack that does which of the following to a compromised Bluetooth device? 

    • Tracking

    • Breaking into a device

    • Sending unsolicited messages

    • Crashing

    Correct Answer
    A. Sending unsolicited messages
    Explanation
    Bluejacking is an attack where the attacker sends unsolicited messages to a compromised Bluetooth device. This means that the attacker can send unwanted messages to the victim's device without their consent or knowledge. It is a form of Bluetooth spamming, where the intention is to annoy or disrupt the user rather than gain unauthorized access or control over the device.

    Rate this question:

  • 47. 

    How many keys are used in symmetric key encryption? 

    • 1

    • 2

    • 3

    • 4

    Correct Answer
    A. 1
    Explanation
    Symmetric key encryption uses only one key. This key is used both for the encryption of the data and the decryption of the data. It is a shared secret key that is known by both the sender and the receiver. This key is used to scramble the plaintext into ciphertext during encryption and then unscramble the ciphertext back into plaintext during decryption. The use of a single key simplifies the encryption process, but it also means that the key must be securely shared between the communicating parties to maintain the confidentiality of the data.

    Rate this question:

  • 48. 

    Windows machines use __________ for bridged networking for hardware virtualization. It is also used for packet sniffing. 

    • WinPcap

    • Libcap

    • Promiscuous mode

    • Msfenocde

    Correct Answer
    A. WinPcap
    Explanation
    WinPcap is a popular library that is used in Windows machines for bridged networking in hardware virtualization. It allows virtual machines to communicate with the host machine and other devices on the network. Additionally, WinPcap is also used for packet sniffing, which involves capturing and analyzing network traffic. This allows for monitoring and troubleshooting network issues. Libcap is a similar library used in Unix-like operating systems, but WinPcap is specifically designed for Windows machines. Promiscuous mode is a feature that can be enabled in network interfaces to capture all network traffic, but it is not a library like WinPcap. Msfenocde is not a valid option and can be disregarded.

    Rate this question:

  • 49. 

    Your lab partner is trying to find out more information about a competitor’s website. The site has a .com extension. She has decided to use some online whois tools and look in one of the regional Internet registries. Which one would you suggest she looks in first? 

    • LACNIC

    • ARIN

    • APNIC

    • AfriNIC

    Correct Answer
    A. ARIN
    Explanation
    ARIN, which stands for American Registry for Internet Numbers, would be the first regional Internet registry to suggest looking into. Since the lab partner is trying to gather information about a competitor's website with a .com extension, it is likely that the competitor is based in North America. ARIN is responsible for allocating and managing IP addresses and other Internet number resources in North America, which makes it the most relevant regional Internet registry to begin the search.

    Rate this question:

Quiz Review Timeline (Updated): Jan 8, 2025 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

  • Current Version
  • Jan 08, 2025
    Quiz Edited by
    ProProfs Editorial Team
  • Sep 19, 2018
    Quiz Created by
    Terry519vx

Recent Quizzes

IPV6 : What do you know about Internet Protocol version 6? Trivia Quiz IPV6 : What do you know about Internet Protocol version 6? Trivia Quiz
ITN 208 Chapter 11 Review questions ITN 208 Chapter 11 Review questions
ITN 208 Chapter 7 Review Questions ITN 208 Chapter 7 Review Questions
A Unique quiz on CCNA – IPv6 A Unique quiz on CCNA – IPv6
IPv6 Addressing and ND IPv6 Addressing and ND
IPv4 vs. IPv6 Terms and Definitions Assessment IPv4 vs. IPv6 Terms and Definitions Assessment
Back to Top Back to top
Advertisement
×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.