Keep Your Job Quiz
- 1.
Which command lists network connections and the Associated Process ID?
- A.
Netstat
- B.
Help
- C.
Pslist
- D.
Nslookup
Correct Answer
A. NetstatExplanation
In computing, netstat (network statistics) is a command-line network utility tool that displays network connections for the Transmission Control Protocol (both incoming and outgoing), routing tables, and a number of network interface (network interface controller or software-defined network interface) and network ...Rate this question:
-
- 2.
Which standard protocol and Associated well-known port number combination is incorrect?
- A.
SSH (TCP 80)
- B.
Telnet (TCP 23)
- C.
FTP (TCP 21)
- D.
DNS (TCP/UDP 53)
Correct Answer
A. SSH (TCP 80)Explanation
The correct answer is SSH (TCP 80). SSH (Secure Shell) is a standard protocol that operates on port number 22, not port number 80. Port number 80 is associated with the HTTP (Hypertext Transfer Protocol) protocol used for web browsing.Rate this question:
-
- 3.
A properly formatted Wireshark display filter that shows telnet traffic is______.
- A.
TCP. PORT==23
- B.
Port EQUALS 23
- C.
TCP PORT == 3389
- D.
UDP.DEST == 3389
Correct Answer
A. TCP. PORT==23Explanation
The correct answer is "TCP. PORT==23". This display filter specifies that we are looking for telnet traffic, which uses TCP as the transport protocol and typically operates on port 23. By using this filter, Wireshark will only display network packets that match these criteria, allowing us to specifically analyze telnet traffic.Rate this question:
-
- 4.
Which tool provide the following information?
- A.
Netstat
- B.
Pslist
- C.
Ifconfig
- D.
Nslookup
Correct Answer
A. NetstatExplanation
Netstat is a tool that provides information about network connections and network statistics on a computer. It displays active network connections, listening ports, and various network interface statistics. Netstat can be used to troubleshoot network issues, monitor network activity, and gather information about network services and processes running on a system. It is commonly used to identify open ports, view established connections, and check network utilization.Rate this question:
-
- 5.
Which statements describe transmission control protocol?
- A.
It is a connection oriented-protocol
- B.
It is used the "three-way handshake" to establish connection
- C.
IT sends packets without maintaining any sense of communication
- D.
It is used for delivery of time-sensitive content such as real time audio
Correct Answer(s)
A. It is a connection oriented-protocol
B. It is used the "three-way handshake" to establish connectionExplanation
Transmission Control Protocol (TCP) is a connection-oriented protocol, meaning that it establishes a reliable connection between two devices before data transmission. It uses the "three-way handshake" process to establish this connection, where the client sends a SYN packet, the server responds with a SYN-ACK packet, and finally, the client sends an ACK packet to complete the handshake. This ensures that both devices are ready to communicate and establishes a reliable channel for data transmission. Therefore, the given statements accurately describe TCP.Rate this question:
-
- 6.
Which IP address is private and cannot be routed over the internet?
- A.
10.10.5.5
- B.
218.5.78.15
- C.
174.123.26.5
- D.
23.15.8.209
Correct Answer
A. 10.10.5.5Explanation
The IP address 10.10.5.5 is a private IP address that cannot be routed over the internet. Private IP addresses are reserved for use within private networks and are not publicly accessible. They are commonly used for internal network communication within organizations or for home networks. In contrast, the other IP addresses listed (218.5.78.15, 174.123.26.5, and 23.15.8.209) are public IP addresses that can be routed over the internet.Rate this question:
-
- 7.
Given the classless inter-domain routing (CIDR) notation of 192.168.10.5/24 what would be the network ___ address?
- A.
192.168
- B.
192
- C.
192.168.10
- D.
192.168.10.5
Correct Answer
A. 192.168Explanation
The correct answer is 192.168. This is because the CIDR notation /24 indicates that the first 24 bits of the IP address are the network address. In this case, the IP address is 192.168.10.5, so the network address would be 192.168.Rate this question:
-
- 8.
What best describes an ephemeral port?
- A.
The client system's source port usually between 49152 to 65535
- B.
Any port between 0 and 65,535
- C.
A physical Port used to connect a network cable to computer
- D.
Any port between 0 and 1024 used to designate for core Network Services
Correct Answer
A. The client system's source port usually between 49152 to 65535Explanation
An ephemeral port refers to the client system's source port, which is typically assigned a value between 49152 and 65535. These ports are used for temporary connections and are dynamically allocated by the operating system for outgoing network connections. They allow multiple client applications to establish simultaneous connections to a server without conflicts.Rate this question:
-
- 9.
Choose the best definition of a DHCP server
- A.
It assigned and manages leases of IP address within a network
- B.
It provides public-facing web pages
- C.
It resolve IP addresses to Fully Qualified Domain Names (FDON)
- D.
It collects and stores logs from Network infrastructure devices
Correct Answer
A. It assigned and manages leases of IP address within a networkExplanation
A DHCP server is responsible for assigning and managing leases of IP addresses within a network. This means that it automatically assigns IP addresses to devices connected to the network and keeps track of the duration of these leases. It ensures that each device has a unique IP address and manages the allocation of addresses efficiently.Rate this question:
-
- 10.
Which are uses of Wireshark
- A.
Sniffer
- B.
Protocol analyzer
- C.
Network infrastructure device log collector
- D.
Intrusion Detection System (IDS)
Correct Answer(s)
A. Sniffer
B. Protocol analyzerExplanation
Also Wireshark can:
Open a variety of binary log formats
Act as a sniffer
Translate, or decode, known protocols within a binary log to human readable format
Display highly detailed information frame by frame
Search through a capture log for frames that match specific criteria
Reconstruct TCP sessions automatically
Export HTTP objectsRate this question:
-
- 11.
During which phase of an intrusion will threat agent use a variety of tools and resources to collect as much information and Target organization as it's needed to gain unauthorized access to an information system?
- A.
Reconnaissance
- B.
Initial access
- C.
Entrenchment
- D.
Abuse
Correct Answer
A. ReconnaissanceExplanation
During the reconnaissance phase of an intrusion, threat agents will gather as much information as possible about the target organization and its information system. This includes using a variety of tools and resources to collect data such as IP addresses, domain names, employee information, network topology, and vulnerabilities. The purpose of reconnaissance is to identify potential entry points and weaknesses that can be exploited to gain unauthorized access to the system.Rate this question:
-
- 12.
During which phase of an intrusion might a threat agent change the approved configuration of an information system configuration of an information systems enable long-term access to the system?
- A.
Entrenchment
- B.
Initial access
- C.
Reconnaissance
- D.
Abuse
Correct Answer
A. EntrenchmentExplanation
During the entrenchment phase of an intrusion, a threat agent may change the approved configuration of an information system to enable long-term access to the system. This phase involves establishing a persistent presence within the system, making it more difficult to detect and remove. By altering the configuration, the threat agent can ensure their continued access and control over the compromised system, potentially allowing them to carry out further malicious activities without being detected.Rate this question:
-
- 13.
IP addresses an organization owns, IP addresses assignments of externally addressable domain names and organization capabilities are examples of information that may be available through the application of_______.
- A.
DNS queries
- B.
Entrenchment
- C.
Active reconnaissance
- D.
Passive reconnaissance
Correct Answer
A. DNS queriesExplanation
https://www.youtube.com/watch?v=eSrC-7yeF7Rate this question:
-
- 14.
Port address translation (PAT) is used to __________
- A.
Translate the protocol being used based on the work number
- B.
Allow for 1 to 1 private to Public Library address replacement
- C.
Explain the functionality of a specific protocol and Port combination
- D.
Allow for many private IP addresses to be replaced with a single public one
- E.
Hide a system's Network address from the outside world (internet)
Correct Answer(s)
A. Translate the protocol being used based on the work number
C. Explain the functionality of a specific protocol and Port combination
D. Allow for many private IP addresses to be replaced with a single public oneExplanation
Port address translation (PAT) is used to translate the protocol being used based on the work number, allowing for many private IP addresses to be replaced with a single public one. It also explains the functionality of a specific protocol and port combination. This allows multiple devices with private IP addresses to share a single public IP address, effectively hiding the system's network address from the outside world (internet).Rate this question:
-
- 15.
Which can be classified as a cyber threat?
- A.
Hacktivism
- B.
Natural/environmental disaster
- C.
Script kiddie Noob
- D.
Inequity spanning multiple buildings
Correct Answer(s)
A. Hacktivism
B. Natural/environmental disasterExplanation
Hacktivism and natural/environmental disasters can both be classified as cyber threats. Hacktivism refers to the use of hacking techniques for political or social activism purposes, often targeting government or corporate systems. This can involve activities such as website defacement, data breaches, or distributed denial-of-service (DDoS) attacks. On the other hand, natural/environmental disasters can pose cyber threats by disrupting critical infrastructure or causing power outages, which can lead to vulnerabilities in computer systems and networks. These disruptions can be exploited by malicious actors to gain unauthorized access or cause further damage.Rate this question:
-
- 16.
Which statement describes advanced persistent threats?
- A.
They are typically after intellectual properties and/or sensitive information
- B.
They can be a military unit or a Nations supported group
- C.
They are not organized and have no real agenda
- D.
Their goal is to publicly Deface government web site
Correct Answer(s)
A. They are typically after intellectual properties and/or sensitive information
B. They can be a military unit or a Nations supported groupExplanation
Advanced persistent threats (APTs) are typically after intellectual properties and/or sensitive information. This means that their main objective is to gain unauthorized access to valuable data, such as trade secrets, research findings, or personal information. APTs can also be a military unit or a nation-supported group, indicating that they are often well-funded and have significant resources at their disposal. This suggests that APTs are highly organized and have a clear agenda, contradicting the statement that they are not organized and have no real agenda.Rate this question:
-
- 17.
What statements best describes a threat?
- A.
A weakness or flaw in software hardware or process allows unanticipated
- B.
A possible source of danger for an information system
- C.
A tool an attacker use to gain access to an information system
- D.
The act of executing unauthorized actions against an information system
Correct Answer
A. A weakness or flaw in software hardware or process allows unanticipatedExplanation
A threat is best described as a weakness or flaw in software, hardware, or a process that allows unanticipated access or harm to an information system. It refers to a possible source of danger for the system, which can be exploited by attackers as a tool to gain unauthorized access and execute malicious actions.Rate this question:
-
- 18.
Which statement describes Telnet?
- A.
Send all traffic in clear text
- B.
Provides a command line remote Administration in Shell
- C.
Assigns and manages IP addresses within a network
- D.
Allows for requests and responses between browsers and web servers
Correct Answer(s)
A. Send all traffic in clear text
B. Provides a command line remote Administration in ShellExplanation
https://www.youtube.com/watch?v=QYe8ln4L0Rc
https://www.youtube.com/watch?v=mvzItm0KGXsRate this question:
-
- 19.
What can a threat hope to gain from comprising an active directory (AD) servers list of logon credentials
- A.
Logon credentials for domain users
- B.
Ability to create new domain accounts
- C.
Logon credentials for local machine accounts
- D.
Elevate Domain privileges of existing domain account
- E.
Entry keypad codes for building access
Correct Answer(s)
A. Logon credentials for domain users
B. Ability to create new domain accounts
C. Logon credentials for local machine accounts
D. Elevate Domain privileges of existing domain accountExplanation
list of other logon credentials
logon credentials for Windows domain
create, modify or steal user credentials on an Active Directory.
maintain or regain access to compromised machines
logon credentials for local machine accounts
create an account on the Active Directory for themselves.
elevate Domain privileges of existing domain account
elevate the permissions of existing accounts.Rate this question:
-
- 20.
What is a wget?
- A.
A lightweight command line utility for downloading files via http
- B.
And Export delivery and management tool within the met Metasploit framework
- C.
My wheels are systematically calls out to a specific IP address or URL
- D.
A command line tool for a password cracking
Correct Answer
A. A lightweight command line utility for downloading files via httpExplanation
it can be used from the command line to download files and HTML pagesRate this question:
-
- 21.
What is the best definition of a dictionary attack
- A.
Authentication attack that will try every word from a compiled list against the password Quarry
- B.
Unexpected input designed to trick a database server into yielding information
- C.
Purposeful overflow of data that are injected into a memory space to trick a CPU into executor malicious commands
- D.
Strategically worded e-mail designed to trick a recipient into opening an attachment or following a link
Correct Answer
A. Authentication attack that will try every word from a compiled list against the password QuarryExplanation
will try every word from a dictionary file to attempt to identify a valid credentialRate this question:
-
- 22.
Modifying the Windows registry, creating AT jobs and putting malware into a windows_______.
- A.
Entrenchment
- B.
Passive reconnaissance
- C.
Active reconnaissance
- D.
Initial access
Correct Answer
A. EntrenchmentExplanation
Entrenchment refers to the process of establishing a persistent presence within a compromised system or network. In this context, the given activities of modifying the Windows registry, creating AT jobs, and putting malware into a Windows system all contribute to achieving entrenchment. By modifying the registry, the attacker can make changes that allow the malware to run automatically, while creating AT jobs allows the malware to execute at specific times. Putting malware into the Windows system ensures that the attacker maintains control and can continue to exploit the compromised system for their malicious purposes.Rate this question:
-
- 23.
ICMP is used with several common network utilities, including:
- A.
Ping
- B.
Tracert (Windows)
- C.
Traceroute (Linux)
- D.
Pingpath (Windows)
- E.
ARP TCP/IP
Correct Answer(s)
A. Ping
B. Tracert (Windows)
C. Traceroute (Linux)
D. Pingpath (Windows)Explanation
ICMP (Internet Control Message Protocol) is a network protocol that is used for diagnostic and error reporting purposes in IP networks. It is commonly used with various network utilities such as Ping, Tracert (Windows), Traceroute (Linux), and Pingpath (Windows). Ping is used to test the reachability of a host on an IP network and measure the round-trip time for packets to travel from the source to the destination. Tracert and Traceroute are used to trace the route that packets take from the source to the destination, helping to identify network issues. Pingpath is a Windows-specific utility that combines the functionalities of Ping and Tracert.Rate this question:
-
- 24.
The three-way handshake process is as follows:
- A.
The computer seeking the service assumes the role of the client.
- B.
The computer receiving the request assumes the role of the server.
- C.
The client sends a connection request for a particular service (or port) to the server.
- D.
Applications use communication protocols to talk to other relevant applications in a client/server model.
Correct Answer(s)
A. The computer seeking the service assumes the role of the client.
B. The computer receiving the request assumes the role of the server.
C. The client sends a connection request for a particular service (or port) to the server.Explanation
The three-way handshake process is a method used in computer networking to establish a connection between a client and a server. In this process, the computer seeking the service acts as the client and sends a connection request to the server. The computer receiving the request assumes the role of the server and responds to the client's request. This establishes a connection between the client and the server, allowing them to communicate and exchange data.Rate this question:
-
- 25.
What is a Second-level Domains
- A.
In the Domain Name System (DNS) hierarchy, a second-level domain (SLD) is a domain that is directly below a top-level domain (TLD)
- B.
A country code top-level domain = ccTLD
- C.
A program that uses existing computer scripts or code to hack into computers
- D.
It is a elevated Domain privileges of existing domain account
Correct Answer
A. In the Domain Name System (DNS) hierarchy, a second-level domain (SLD) is a domain that is directly below a top-level domain (TLD)Explanation
For example, in example.com, example is the second-level domain of the .com TLD.Rate this question:
-
- 26.
What is telnet?
- A.
Allows you to connect to remote computers (called hosts) over a TCP/IP network you can make a connection to a telnet server
- B.
A telnet client establishes a connection to the remote host, so that your client becomes a virtual terminal
- C.
It is a Telnet clients that are available for all major operating systems
- D.
A multiple protocols that cover the end-to-end connectivity of systems on the Internet and similar networks.
Correct Answer(s)
A. Allows you to connect to remote computers (called hosts) over a TCP/IP network you can make a connection to a telnet server
B. A telnet client establishes a connection to the remote host, so that your client becomes a virtual terminal
C. It is a Telnet clients that are available for all major operating systemsExplanation
Telnet is a network protocol that allows users to connect to remote computers, also known as hosts, over a TCP/IP network. It enables users to establish a connection to a telnet server, which then turns their client device into a virtual terminal. Telnet clients are available for all major operating systems, providing a means to remotely access and control a host computer. This protocol is part of the multiple protocols used for end-to-end connectivity of systems on the Internet and similar networks.Rate this question:
-
- 27.
Port address translation (PAT) is used to __________
- A.
Like NAT, PAT replaces outgoing private IP addresses with a unique publicly routable address at the gateway firewall.
- B.
While NAT does a one-to-one IP address replacement, PAT does a one-to-many replacement.
- C.
Many networks may have only one publicly routable IP address at their disposal and must use it for all network-to-Internet traffic.
- D.
PAT ensure interoperability between different OSs and computing platforms, network communication is highly structured.
Correct Answer(s)
A. Like NAT, PAT replaces outgoing private IP addresses with a unique publicly routable address at the gateway firewall.
B. While NAT does a one-to-one IP address replacement, PAT does a one-to-many replacement.
C. Many networks may have only one publicly routable IP address at their disposal and must use it for all network-to-Internet traffic.
D. PAT ensure interoperability between different OSs and computing platforms, network communication is highly structured.Explanation
Port Address Translation (PAT) is a technique used in networking to allow multiple devices with private IP addresses to share a single public IP address. Similar to Network Address Translation (NAT), PAT replaces the private IP addresses of outgoing traffic with a unique publicly routable address at the gateway firewall. However, unlike NAT which does a one-to-one IP address replacement, PAT performs a one-to-many replacement, allowing multiple devices to use the same public IP address. This is particularly useful when a network has only one publicly routable IP address available. PAT ensures interoperability between different operating systems and computing platforms, as network communication is highly structured.Rate this question:
-
- 28.
It is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device.
- A.
Network address translation (NAT)
- B.
Port address translation (PAT)
- C.
Subdomains
- D.
IP addresses assignments
Correct Answer
A. Network address translation (NAT)Explanation
Network address translation (NAT) is a method used to remap one IP address space into another by modifying network address information in IP datagram packet headers while they are in transit across a traffic routing device. This allows multiple devices on a local network to share a single public IP address, conserving the limited supply of IPv4 addresses. NAT works by translating the private IP addresses of devices on the local network into a single public IP address when communicating with devices on the internet, and vice versa. This helps to improve network security and manage IP address allocation efficiently.Rate this question:
-
- 29.
It is a server that can collect a standardized log format from any network device enabled to keep such logs.
- A.
SYSlog
- B.
Subdomains
- C.
Sniffer
- D.
Network infrastructure
Correct Answer
A. SYSlogExplanation
SYSlog is a protocol used for collecting and sending log messages in a standardized format. It allows network devices to send log information to a central server for storage and analysis. This helps in monitoring and troubleshooting network issues. Therefore, a server that can collect a standardized log format from any network device enabled to keep such logs is referred to as SYSlog server.Rate this question:
-
- 30.
A standard protocol Cisco Systems developed, collects data about network communications as those communications pass through networked routers. Unlike a sniffer, it records vital statistics about the flow of data, not the content of the data packets themselves.
- A.
NetFlow
- B.
SYSlog
- C.
Telnet
- D.
Wireshark
Correct Answer
A. NetFlowExplanation
NetFlow is a standard protocol developed by Cisco Systems that collects data about network communications as they pass through networked routers. It is different from a sniffer because it records vital statistics about the flow of data, such as source and destination IP addresses, ports, and amount of data transferred, rather than capturing the content of the data packets themselves. NetFlow provides valuable information for network monitoring, troubleshooting, and security analysis.Rate this question:
-
- 31.
A __________ can be loosely defined as the entire breadth of potential threats. Understanding the full spectrum of possible threats can better prepare investigators for what they could expect to find.
- A.
Threatscape
- B.
Threat
- C.
Entrenchment
- D.
Phases of an Intrusion
Correct Answer
A. ThreatscapeExplanation
A "threatscape" refers to the complete range of potential threats that an investigator may encounter. It encompasses all possible threats that could pose a risk or harm to a system or organization. By understanding the threatscape, investigators can gain a comprehensive understanding of the various types of threats they may face and can better prepare themselves to identify and respond to these threats effectively.Rate this question:
-
Quiz Review Timeline +
Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.
-
Current Version
-
Mar 21, 2023Quiz Edited by
ProProfs Editorial Team -
May 22, 2017Quiz Created by
Garciahe
Back to top