Ethicalquiz

Approved & Edited by ProProfs Editorial Team

The editorial team at ProProfs Quizzes consists of a select group of subject experts, trivia writers, and quiz masters who have authored over 10,000 quizzes taken by more than 100 million users. This team includes our in-house seasoned quiz moderators and subject matter experts. Our editorial experts, spread across the world, are rigorously trained using our comprehensive guidelines to ensure that you receive the highest quality quizzes.

Learn about Our Editorial Process

| By Terry519vx

Terry519vx

Community Contributor

Quizzes Created: 2 | Total Attempts: 1,864

Questions: 147 | Attempts: 1,164 | Updated: Mar 22, 2023

Questions

Settings

Feedback

During the Quiz End of Quiz

Play as

Quiz Flashcard

Create your own Quiz

Questions and Answers

1.

What is the length of the IPv6 datagram header?
- A.
  
  10 bytes
- B.
  
  25 bytes
- C.
  
  30 bytes
- D.
  
  40 bytes
Correct Answer
D. 40 bytes

Explanation
The length of the IPv6 datagram header is 40 bytes. The IPv6 header consists of several fields such as the source and destination addresses, traffic class, flow label, payload length, next header, hop limit, and others. These fields collectively occupy a total of 40 bytes in the header.

Rate this question:
2.

In the IPv6 header, the traffic class field is similar to which field in the IPv4 header?
- A.
  
  Fragmentation field
- B.
  
  Fast switching
- C.
  
  TOS field
- D.
  
  Option field
Correct Answer
C. TOS field

Explanation
In the IPv6 header, the traffic class field is similar to the TOS (Type of Service) field in the IPv4 header. Both fields are used to prioritize and classify different types of network traffic. They allow network administrators to define the quality of service and handling requirements for packets, such as prioritizing real-time traffic or giving higher priority to certain applications. The traffic class field in IPv6 serves a similar purpose as the TOS field in IPv4, providing a way to differentiate and prioritize traffic in the network.

Rate this question:
3.

Which of the following features are present in IPv4 header but not in IPv6 header? [Select the BEST answer]
- A.
  
  Fragmentation
- B.
  
  Header checksum
- C.
  
  Options
- D.
  
  All of the above
Correct Answer
D. All of the above

Explanation
The correct answer is "All of the above". In IPv4, fragmentation, header checksum, and options are all present in the header. However, in IPv6, these features are not included in the header. Fragmentation is not supported in IPv6, as it is the responsibility of the sending host to ensure that packets do not exceed the maximum transmission unit. The header checksum is also not necessary in IPv6 due to the use of a different error detection mechanism. Lastly, options are not included in the IPv6 header to simplify and streamline the protocol.

Rate this question:
4.

Which statement is the MOST accurate regarding firewalls?
- A.
  
  They route traffic based upon inspecting packets.
- B.
  
  They filter traffic based upon inspecting packets.
- C.
  
  They switch packets based upon inspecting packets.
- D.
  
  They forward packets to the Internet based upon inspecting packets.
Correct Answer
B. They filter traffic based upon inspecting packets.

Explanation
Firewalls are network security devices that monitor and control incoming and outgoing network traffic. They act as a barrier between a trusted internal network and an untrusted external network, such as the Internet. The most accurate statement regarding firewalls is that they filter traffic based upon inspecting packets. Firewalls examine the packets of data that are being transmitted and apply predefined rules to determine whether to allow or block the traffic. By filtering and inspecting packets, firewalls can enforce security policies and protect the network from unauthorized access or malicious activities.

Rate this question:
5.

Which of the following are private IP addresses that can be assigned to a host? [Select all that apply]
- A.
  
  12.17.1.45
- B.
  
  10.255.255.254
- C.
  
  172.15.255.248
- D.
  
  192.168.1.5
Correct Answer(s)
B. 10.255.255.254
D. 192.168.1.5

Explanation
Private IP addresses are used for internal networks and cannot be routed on the public internet. The addresses 10.255.255.254 and 192.168.1.5 are both within the ranges specified for private IP addresses. The address 12.17.1.45 is a public IP address and not a private one. The address 172.15.255.248 is also a public IP address and not a private one.

Rate this question:
6.

Which of the following are valid types of IPv6 address? [Select all that apply]
- A.
  
  Global unicast
- B.
  
  Unique local
- C.
  
  Multicast
- D.
  
  Broadcast
Correct Answer(s)
A. Global unicast
B. Unique local
C. Multicast

Explanation
Global unicast, unique local, and multicast are all valid types of IPv6 addresses. Global unicast addresses are used for communication over the internet and are globally unique. Unique local addresses are used for communication within a specific organization or network and are not globally routable. Multicast addresses are used for one-to-many communication, where a single packet is sent to multiple recipients. Broadcast addresses, on the other hand, are not valid in IPv6 as multicast addresses are used instead.

Rate this question:
7.

MAC spoofing applies a legitimate MAC address to an unauthenticated host, which allows the attacker to pose as a valid user. Based on your understanding of ARP, what would indicate a bogus client?
- A.
  
  The MAC address doesn’t map to a manufacturer.
- B.
  
  The MAC address is two digits too long.
- C.
  
  A reverse ARP request maps to two hosts.
- D.
  
  The host is receiving its own traffic.
Correct Answer
C. A reverse ARP request maps to two hosts.

Explanation
A reverse ARP request maps to two hosts. Reverse ARP (RARP) is a protocol used to discover the IP address of a device based on its MAC address. In a normal scenario, a RARP request should map a single MAC address to a single IP address. If a RARP request maps to two hosts, it indicates a bogus client because it suggests that there are multiple devices claiming the same MAC address, which is not possible in a legitimate network. This could be a sign of MAC spoofing or other malicious activities.

Rate this question:
8.

ARP poisoning alters ARP table mappings to align all traffic to the attacker’s interface before traveling to the proper destination. What does this allow to an attacker? [Select two]
- A.
  
  Capture all traffic on the network
- B.
  
  Entice the victim to open or activate the payload
- C.
  
  Install software to perform any function
- D.
  
  Jumping-off point for future attacks
Correct Answer(s)
A. Capture all traffic on the network
D. Jumping-off point for future attacks

Explanation
ARP poisoning allows an attacker to capture all traffic on the network by redirecting it to their interface. This enables the attacker to intercept and analyze sensitive information such as passwords, usernames, and other data transmitted over the network. Additionally, ARP poisoning provides a jumping-off point for future attacks, as the attacker can use the compromised network position to launch further exploits or gain unauthorized access to other systems on the network.

Rate this question:
9.

There are some programs that can be used to provide unexpected or random inputs to computer programs. This is referred to as:
- A.
  
  Fuzzing
- B.
  
  Penetration test
- C.
  
  MAC Spoofing
- D.
  
  Port Mirroring
Correct Answer
A. Fuzzing

Explanation
Fuzzing refers to the practice of providing unexpected or random inputs to computer programs. It is a technique used to uncover vulnerabilities or bugs in software by bombarding it with invalid, unexpected, or random data. Fuzzing can help identify security flaws and improve the overall reliability and robustness of computer programs.

Rate this question:
10.

Host 1 is trying to communicate with Host 2. The e0 interface on Router C is down. Which of the following are true? [Select two]
- A.
  
  Router C will use ICMP to inform Host 1 that Host 2 cannot be reached.
- B.
  
  Router C will use ICMP to inform Host 1, Router A, and Router B that Host 2 cannot be reached
- C.
  
  Router C will use ICMP to inform Router B that Host 2 cannot be reached
- D.
  
  Router C will send a Destination Unreachable message type
Correct Answer(s)
A. Router C will use ICMP to inform Host 1 that Host 2 cannot be reached.
D. Router C will send a Destination Unreachable message type

Explanation
When the e0 interface on Router C is down, Router C will use ICMP (Internet Control Message Protocol) to inform Host 1 that Host 2 cannot be reached. This is because ICMP is a network protocol used to send error messages and operational information indicating the unavailability of a destination host. Additionally, Router C will send a Destination Unreachable message type to indicate that the desired destination cannot be reached. However, it will not inform Router A or Router B about this unreachability.

Rate this question:
11.

Which statement describes how public/private key pair is used to protect confidentiality when using asymmetric encryption?
- A.
  
  The sender encrypts the data using the sender's private key, and the receiver decrypts the data using the sender's public key.
- B.
  
  The sender encrypts the data using the sender's public key, and the receiver decrypts the data using the sender's private key.
- C.
  
  The sender encrypts the data using the receiver's public key, and the receiver decrypts the data using the receiver's private key.
- D.
  
  The sender encrypts the data using the receiver's private key, and the receiver decrypts the data using the sender's public key.
Correct Answer
C. The sender encrypts the data using the receiver's public key, and the receiver decrypts the data using the receiver's private key.

Explanation
The correct answer is the sender encrypts the data using the receiver's public key, and the receiver decrypts the data using the receiver's private key. In asymmetric encryption, the public key is used for encryption and the private key is used for decryption. The receiver's public key is used to encrypt the data, ensuring that only the receiver with the corresponding private key can decrypt it. This provides confidentiality as only the intended receiver can access the decrypted data.

Rate this question:
12.

SSIDs serve many functions, but the primary goal is which of the following?
- A.
  
  Mask a network
- B.
  
  Prioritize traffic
- C.
  
  Identify clients to the network
- D.
  
  Identify the network to clients or potential clients
Correct Answer
D. Identify the network to clients or potential clients

Explanation
SSIDs, or Service Set Identifiers, are used to identify and differentiate wireless networks. They are broadcasted by access points to allow clients to connect to the correct network. Therefore, the primary goal of SSIDs is to identify the network to clients or potential clients. This helps users in locating and connecting to the desired network among several available options.

Rate this question:
13.

Which device is typically used with software such as Wireshark to aid in wireless network traffic analysis?
- A.
  
  AirPcap
- B.
  
  Honeypot
- C.
  
  Access point
- D.
  
  Router
Correct Answer
A. AirPcap

Explanation
AirPcap is a device that is typically used with software like Wireshark to aid in wireless network traffic analysis. It allows users to capture and analyze wireless network packets, providing detailed information about the network traffic. This device is specifically designed for wireless network monitoring and analysis, making it an ideal tool for professionals who need to analyze and troubleshoot wireless networks.

Rate this question:
14.

Because of its obvious rule-breaking nature, what scan method flagged by almost all intrusion prevention or intrusion detection systems?
- A.
  
  SYN scan
- B.
  
  FIN scan
- C.
  
  Stealth scan
- D.
  
  Christmas tree scan
Correct Answer
D. Christmas tree scan

Explanation
The Christmas tree scan is flagged by almost all intrusion prevention or intrusion detection systems because it involves setting multiple TCP flags in a packet, which goes against the normal behavior of TCP communication. This scan method is considered suspicious and potentially malicious because it attempts to exploit vulnerabilities in the target system by sending a packet with all possible TCP flags set to "on", resembling a lit-up Christmas tree.

Rate this question:
15.

The port numbers range from 0 to 65,535 and are split into three different groups. Registered ports are:
- A.
  
  0-1023
- B.
  
  1024-49151
- C.
  
  49152-65535
- D.
  
  1024-2024
Correct Answer
B. 1024-49151

Explanation
The given answer, 1024-49151, correctly identifies the range of registered ports. In the TCP/IP protocol, port numbers are used to identify specific processes or services running on a device. The range 1024-49151 is reserved for registered ports, which are assigned by the Internet Assigned Numbers Authority (IANA) to specific services or applications. These ports are commonly used by various applications such as web browsing, email, file transfer, and more.

Rate this question:
16.

Which of the following is a denial-of-service attack against a Bluetooth device?
- A.
  
  Bluesmacking
- B.
  
  Bluejacking
- C.
  
  Bluesniffing
- D.
  
  Bluescarfing
Correct Answer
A. Bluesmacking

Explanation
Bluesmacking is a denial-of-service attack against a Bluetooth device. This attack involves sending an excessive amount of Bluetooth ping packets to the target device, overwhelming its resources and causing it to crash or become unresponsive. This type of attack can disrupt the normal functioning of the Bluetooth device and prevent legitimate users from accessing it.

Rate this question:
17.

(Inherent risk) - (impact of risk controls) = ?
- A.
  
  Residual risk
- B.
  
  Accepted risk
- C.
  
  Return On Investment (ROI)
- D.
  
  Vulnerability
Correct Answer
A. Residual risk

Explanation
The equation (Inherent risk) - (impact of risk controls) = Residual risk suggests that the residual risk is the remaining level of risk after the impact of risk controls has been taken into account. In other words, it represents the risk that still exists despite the implementation of risk controls. Therefore, the correct answer is Residual risk.

Rate this question:
18.

In the context of the Microsoft Windows NT, which Security Identifier (SID) represents the administrator account?
- A.
  
  S-1-5- and end with -500
- B.
  
  S-1-0-0
- C.
  
  S-1-1-0
- D.
  
  S-1-3-1
Correct Answer
A. S-1-5- and end with -500

Explanation
The correct answer is "S-1-5- and end with -500." In Microsoft Windows NT, the Security Identifier (SID) that represents the administrator account is a SID that starts with "S-1-5-" and ends with "-500." SIDs are unique identifiers assigned to user accounts and groups in Windows NT systems, and the SID ending with "-500" is specifically assigned to the built-in administrator account.

Rate this question:
19.

Vulnerability mapping occurs after which phase of a penetration test?
- A.
  
  Host scanning
- B.
  
  Passive information gathering
- C.
  
  Analysis of host scanning
- D.
  
  Network level discovery
Correct Answer
C. Analysis of host scanning

Explanation
Vulnerability mapping occurs after the analysis of host scanning phase in a penetration test. Host scanning is the process of actively scanning the target network to identify live hosts and open ports. Once the host scanning is completed, the next step is to analyze the results of the scanning and identify any vulnerabilities present on the target hosts. This analysis helps in mapping out the vulnerabilities and weaknesses that can be exploited during the penetration test.

Rate this question:
20.

Bob is having no luck performing a penetration test on Retail Store's network. He is running the test from home and has downloaded every security scanner that he could lay his hands on. Despite knowing the IP range of all the systems, and the exact network configuration, Bob is unable to get any useful results. Why is Bob having these problems?
- A.
  
  Security scanners are not designed to scan through a firewall.
- B.
  
  Security scanners cannot perform vulnerability mapping.
- C.
  
  Security scanners are only as smart as their database and cannot find unpublished vulnerabilities.
- D.
  
  All of the above.
Correct Answer
D. All of the above.

Explanation
Bob is having these problems because all of the given statements are true. Security scanners are not designed to scan through a firewall, so Bob's test from home is being blocked. Additionally, security scanners cannot perform vulnerability mapping, so even if Bob could get through the firewall, he would not be able to identify any vulnerabilities. Lastly, security scanners are limited by their database and cannot find unpublished vulnerabilities, so even if Bob could get through the firewall and perform vulnerability mapping, he would still not be able to identify all potential vulnerabilities. Therefore, all of these factors contribute to Bob's lack of useful results.

Rate this question:
21.

How would you describe an attacker’s attempts to deliver the payload over multiple packets for an extended period of time? [Select the best answer]
- A.
  
  Evasion
- B.
  
  IP fragmentation
- C.
  
  Session splicing
- D.
  
  Session hijacking
Correct Answer
C. Session splicing

Explanation
Session splicing refers to an attacker's technique of delivering the payload over multiple packets for an extended period of time. In this method, the attacker splits the payload into smaller parts and sends them separately, making it difficult for security systems to detect and block the malicious activity. By using session splicing, the attacker can evade detection and deliver the payload without raising suspicion.

Rate this question:
22.

When discussing password attacks, what is considered a rubber hose attack?
- A.
  
  You load a dictionary of words into your cracking program.
- B.
  
  You create a rainbow table from a dictionary and compare it with hashed passwords
- C.
  
  You attempt every single possibility until you exhaust all possible combinations or discover the password
- D.
  
  You threaten someone with physical harm unless they reveal their password
Correct Answer
D. You threaten someone with pHysical harm unless they reveal their password

Explanation
A rubber hose attack refers to the act of physically threatening someone in order to obtain their password. This method involves using intimidation or violence to force the person to disclose their password, rather than relying on technical means such as cracking programs or rainbow tables.

Rate this question:
23.

Which of the following tactics is used in social engineering attacks? [Select all that apply]
- A.
  
  Reciprocity
- B.
  
  Social Validation
- C.
  
  Accountability
- D.
  
  Authority
Correct Answer(s)
A. Reciprocity
B. Social Validation
D. Authority

Explanation
Reciprocity, social validation, and authority are all tactics used in social engineering attacks. Reciprocity involves the attacker offering something to the target in order to gain their trust and compliance. Social validation manipulates the target by making them feel that their actions are approved or endorsed by others. Authority is used to exploit the target's tendency to comply with figures of authority. These tactics are commonly employed by social engineers to manipulate individuals into revealing sensitive information or performing actions that benefit the attacker.

Rate this question:
24.

Which of the following are functions of Arpwatch?
- A.
  
  Keeping track of Ethernet/IP addressing pairing
- B.
  
  Packet filtering
- C.
  
  Encryption
- D.
  
  DNS security
Correct Answer
A. Keeping track of Ethernet/IP addressing pairing

Explanation
Arpwatch is a tool used for monitoring Address Resolution Protocol (ARP) activity on a network. It keeps track of Ethernet/IP addressing pairing by monitoring and logging ARP activity, which includes tracking MAC addresses and their corresponding IP addresses. Arpwatch helps to detect and prevent ARP spoofing attacks and provides information about changes in the network's IP and MAC address mappings. It does not perform packet filtering, encryption, or DNS security.

Rate this question:
25.

Which type of attack is used to redirect users to an incorrect DNS server? [Select two]
- A.
  
  DNS DoS
- B.
  
  DNS cache poisoning
- C.
  
  DNS zone transfer
- D.
  
  Pharming
Correct Answer(s)
B. DNS cache poisoning
D. pHarming

Explanation
DNS cache poisoning and Pharming are both types of attacks that can redirect users to an incorrect DNS server. DNS cache poisoning involves corrupting the DNS cache of a server or network device, causing it to store incorrect information. When a user tries to access a website, they are redirected to a malicious website instead. Pharming, on the other hand, involves compromising the user's computer or network to modify their DNS settings, redirecting them to a fake website. Both attacks aim to deceive users and redirect them to incorrect DNS servers, leading to potential security risks and unauthorized access to sensitive information.

Rate this question:
26.

Sending a probe to the target system using a ping scan is a form of which type of reconnaissance?
- A.
  
  Active reconnaissance
- B.
  
  Passive reconnaissance
- C.
  
  Vulnerability scanning
- D.
  
  OS fingerprinting
Correct Answer
A. Active reconnaissance

Explanation
Sending a probe to the target system using a ping scan is considered active reconnaissance because it involves actively probing and interacting with the target system to gather information. In this case, a ping scan is used to determine if the target system is online by sending ICMP echo requests and analyzing the responses. This type of reconnaissance is more aggressive and can potentially be detected by the target system's security measures.

Rate this question:
27.

Which of the following techniques could be used to test the strength of firewall rules?
- A.
  
  Send specifically crafted packets by manipulating TCP headers and flags
- B.
  
  Perform a brute force attack
- C.
  
  Perform a SQL injection attack
- D.
  
  None of the above
Correct Answer
A. Send specifically crafted packets by manipulating TCP headers and flags

Explanation
The technique of sending specifically crafted packets by manipulating TCP headers and flags can be used to test the strength of firewall rules. By manipulating these packets, it is possible to simulate different types of attacks and see how the firewall responds to them. This allows for the identification of any weaknesses or vulnerabilities in the firewall's rule set and helps in improving its overall security.

Rate this question:
28.

Which of the following is an extended version of Nikto designed for Windows and is a tool that can examine web servers and probe for vulnerabilities?
- A.
  
  Wikto
- B.
  
  N-stealth
- C.
  
  WinPcap
- D.
  
  Ncat
Correct Answer
A. Wikto

Explanation
Wikto is an extended version of Nikto that is specifically designed for Windows. It is a tool used for examining web servers and probing for vulnerabilities. It is an essential tool for security professionals and system administrators to identify and address potential weaknesses in web servers.

Rate this question:
29.

You’re using nmap to run port scans. Which of the following commands will attempt a half-open scan stealthily as possible?
- A.
  
  Nmap -sT 192.168.1.0/24 -T0
- B.
  
  Nmap -sX 192.168.1.0/24 -T0
- C.
  
  Nmap -sO 192.168.1.0/24 -T0
- D.
  
  Nmap -sS 192.168.1.0/24 -T0
Correct Answer
D. Nmap -sS 192.168.1.0/24 -T0

Explanation
The correct answer is "nmap -sS 192.168.1.0/24 -T0". This command will use the -sS option to perform a SYN scan, which is a type of stealthy half-open scan. The -T0 option sets the timing template to the slowest possible, making the scan as stealthy as possible.

Rate this question:
30.

If you wanted an aggressive XMAS scan, perhaps the following might be to your liking:
- A.
  
  Nmap 192.168.1.0/24 -sX T4
- B.
  
  Nmap 192.168.1.0/24 -sX T3
- C.
  
  Nmap 192.168.1.0/24 -X -T3
- D.
  
  Nmap 192.168.1.0/24 -sX -A
Correct Answer
A. Nmap 192.168.1.0/24 -sX T4

Explanation
The given command "nmap 192.168.1.0/24 -sX T4" is the correct answer because it includes the "-sX" option, which specifies an XMAS scan. This type of scan is used to send specific TCP packets to a target host in order to determine the open ports. The "-T4" option sets the timing template to aggressive, which means the scan will be faster but may also be more likely to be detected. Therefore, this command performs an aggressive XMAS scan on the IP range 192.168.1.0/24.

Rate this question:

0
1
31.

A user wants to surf a web page on a server. The first segment leaving his machine has the SYN flag set, in order to set up a TCP communications channel over which he will receive the web page (HTML). When that segment leaves his machine, which of the following would be found in the port number in the Source Port field?
- A.
  
  25
- B.
  
  80
- C.
  
  1022
- D.
  
  49153
Correct Answer
D. 49153

Explanation
The source port number in the TCP segment leaving the user's machine would be 49153. The source port number is a 16-bit field that identifies the port on the sending device from which the segment is being sent. In this case, the user's machine is initiating the communication by sending the SYN flag set segment, so the source port number will be randomly chosen from the range of available port numbers, which is typically from 49152 to 65535. Therefore, the correct answer is 49153.

Rate this question:
32.

You are attempting to identify active machines on a subnet. What is the process of sending ICMP Echo requests to all IP addresses in the range known as?
- A.
  
  Ping sweep
- B.
  
  Ping crawl
- C.
  
  Port scan
- D.
  
  Enumeration
Correct Answer
A. Ping sweep

Explanation
The process of sending ICMP Echo requests to all IP addresses in a range is known as a ping sweep. This technique is commonly used to identify active machines on a subnet by sending a series of ping requests to each IP address in the range and analyzing the responses received. By conducting a ping sweep, network administrators can quickly determine which IP addresses are in use and which machines are active on the network.

Rate this question:
33.

You are reviewing a packet capture in Wireshark but only need to see packets from IP address 128.156.44.33. Which of the following filters will provide the output you wish to see?
- A.
  
  Ip = = 128.156.44.33
- B.
  
  Ip.address = = 128.156.44.33
- C.
  
  Ip.src = = 128.156.44.33
- D.
  
  Ip.source.address = = 128.156.44.33
Correct Answer
C. Ip.src = = 128.156.44.33

Explanation
The correct answer is "ip.src == 128.156.44.33". This filter will display only the packets where the source IP address is 128.156.44.33. The other filters are incorrect because they either use the wrong syntax or refer to the destination IP address instead of the source IP address.

Rate this question:
34.

Which footprinting tool or technique can be used to find information about the domain registration, which may include names and addresses of technical points of contact?
- A.
  
  Whois
- B.
  
  Nslookup
- C.
  
  Dig
- D.
  
  Traceroute
Correct Answer
A. Whois

Explanation
The correct answer is "whois". The whois tool or technique can be used to find information about the domain registration, including names and addresses of technical points of contact. This tool allows users to query a database of registered domain names and retrieve information about the owner, registrar, and other details related to the domain. It is commonly used by cybersecurity professionals and investigators to gather information during the footprinting phase of an attack or investigation.

Rate this question:
35.

Which of the following is a utility that allows you to query the DNS database from any computer on the network and find the hostname of a device by specifying its IP address, or vice versa?
- A.
  
  Ipconfig
- B.
  
  Tracert
- C.
  
  Nslookup
- D.
  
  Wireshark
Correct Answer
C. Nslookup

Explanation
Nslookup is a utility that allows you to query the DNS database from any computer on the network and find the hostname of a device by specifying its IP address, or vice versa. It is commonly used to troubleshoot DNS-related issues, verify DNS configurations, and gather information about DNS records.

Rate this question:
36.

Which of the following scans allows for “blind scanning” by using a “zombie host” and a spoofed packet to generate port responses from a target host?
- A.
  
  Idle scan
- B.
  
  Botnet
- C.
  
  NULL scan
- D.
  
  FIN scan
Correct Answer
A. Idle scan

Explanation
The correct answer is Idle scan. An Idle scan, also known as a zombie scan, involves using a "zombie host" or an intermediary computer to send spoofed packets to the target host. The spoofed packets have the IP address of the zombie host, making it appear as if the packets are coming from the zombie host. The target host then responds to the zombie host, allowing the attacker to gather information about open ports on the target host without directly scanning it. This technique is commonly used for stealthy reconnaissance in network scanning.

Rate this question:
37.

A new member of the pen test team has discovered a WAP that is using WEP for encryption. He wants a fast tool that can crack the encryption. Which of the following is his best choice?
- A.
  
  AirSnort
- B.
  
  Aircrack-NG
- C.
  
  NetStumbler
- D.
  
  Kismet
Correct Answer
B. Aircrack-NG

Explanation
Aircrack-NG is the best choice for the new member of the pen test team because it is a fast tool specifically designed for cracking WEP encryption. It is widely used by security professionals for testing the security of wireless networks. AirSnort, NetStumbler, and Kismet are not specifically designed for cracking encryption and may not be as effective or efficient in this task.

Rate this question:
38.

Which of the following is a true statement regarding SSIDs?
- A.
  
  Configuring a strong SSID is a vital step in securing your network
- B.
  
  An SSID should always be more than eight characters in length
- C.
  
  An SSID should never be a dictionary word or anything easily guessed
- D.
  
  SSIDs are important for identifying networks, but do little to nothing for security
Correct Answer
D. SSIDs are important for identifying networks, but do little to nothing for security
39.

The nmap TCP Window scan is performed by which of the following commands?
- A.
  
  Nmap -sW
- B.
  
  Nmap -W
- C.
  
  Nmap -w
- D.
  
  Nmap -T window
Correct Answer
A. Nmap -sW

Explanation
The correct command to perform an nmap TCP Window scan is "nmap -sW". This command initiates a scan that determines the size of the TCP window for each open port on a target system. By analyzing the TCP window size, an attacker can gain insight into the target's network behavior and potential vulnerabilities.

Rate this question:
40.

What is the proper command to perform an Nmap XMAS scan every 15 seconds?
- A.
  
  Nmap -sX -sneaky
- B.
  
  Nmap -sX -paranoid
- C.
  
  Nmap -sX -aggressive
- D.
  
  Nmap -sX -polite
Correct Answer
A. Nmap -sX -sneaky

Explanation
The correct answer is "nmap -sX -sneaky" because the "-sX" flag specifies the type of scan to be performed, which in this case is an XMAS scan. The "-sneaky" flag sets the timing options for the scan to be performed every 15 seconds.

Rate this question:
41.

What type of rootkits will patch, hook, or replace the version of system call in order to hide information?
- A.
  
  Library level rootkits
- B.
  
  Kernel level rootkits
- C.
  
  System level rootkits
- D.
  
  Application level rootkits
Correct Answer
A. Library level rootkits

Explanation
Library level rootkits are a type of rootkit that patch, hook, or replace the version of system calls in order to hide information. These rootkits operate at the library level, which means they target the libraries and dynamic linkers in the operating system. By modifying the behavior of system calls, library level rootkits can intercept and manipulate the data being passed between applications and the operating system, allowing them to hide their presence and activities.

Rate this question:
42.

How can IP address spoofing be detected?
- A.
  
  Installing and configuring an IDS that can read the IP header
- B.
  
  Comparing the TTL values of the actual and spoofed addresses
- C.
  
  Implementing a firewall on the network
- D.
  
  Identifying all TCP sessions that are initiated but does not complete successfully
Correct Answer
B. Comparing the TTL values of the actual and spoofed addresses

Explanation
Comparing the TTL values of the actual and spoofed addresses can help detect IP address spoofing. TTL (Time to Live) is a field in the IP header that determines the maximum number of hops or routers that a packet can pass through before being discarded. When a packet is spoofed, the TTL value may not match the expected value for the actual source IP address. By comparing the TTL values, any inconsistencies can be identified, indicating the presence of IP address spoofing.

Rate this question:
43.

What are the port states determined by Nmap?
- A.
  
  Active, inactive, standby
- B.
  
  Open, half-open, closed
- C.
  
  Open, filtered, unfiltered
- D.
  
  Active, closed, unused
Correct Answer
C. Open, filtered, unfiltered

Explanation
Nmap is a network scanning tool that determines the state of ports on a target system. The correct answer is "Open, filtered, unfiltered." "Open" refers to ports that are accepting connections, "filtered" indicates that a firewall or other filtering device is blocking access to the port, and "unfiltered" means that the port's state could not be determined. These port states are important for identifying potential vulnerabilities or security issues on a network.

Rate this question:
44.

Which of the following will allow footprinting to be conducted without detection?
- A.
  
  Ping sweep
- B.
  
  Traceroute
- C.
  
  War Dialers
- D.
  
  ARIN
Correct Answer
D. ARIN

Explanation
ARIN stands for the American Registry for Internet Numbers. It is an organization responsible for allocating and managing IP addresses and other internet number resources in North America. Unlike the other options listed, ARIN does not directly involve any network scanning or probing techniques that could potentially be detected. Instead, it is an administrative entity that handles the registration and distribution of IP addresses. Therefore, using ARIN does not involve any active footprinting activities and is less likely to be detected.

Rate this question:
45.

Which Nmap scan initiates but does not complete a TCP connection?
- A.
  
  SYN stealth scan
- B.
  
  TCP connect scan
- C.
  
  XMAS tree scan
- D.
  
  ACK scan
Correct Answer
A. SYN stealth scan

Explanation
The SYN stealth scan initiates a TCP connection but does not complete it. It sends a SYN packet to the target host and waits for a response. If the port is open, the target will respond with a SYN/ACK packet, but the scanner does not send the final ACK packet to complete the connection. This allows the scanner to determine open ports without fully establishing a connection, making it more stealthy and harder to detect.

Rate this question:
46.

You have selected the option in your IDS to notify you via email if it discovers any network irregularities. Checking the logs, you notice a few incidents, but you didn’t receive any alerts. What protocol needs to be configured on the IDS?
- A.
  
  NTP
- B.
  
  SNMP
- C.
  
  POP3
- D.
  
  SMTP
Correct Answer
D. SMTP

Explanation
The correct answer is SMTP. SMTP (Simple Mail Transfer Protocol) is a protocol used for sending and receiving email. In this scenario, the IDS (Intrusion Detection System) is configured to notify the user via email if it detects any network irregularities. Since the user did not receive any alerts despite noticing incidents in the logs, it suggests that the SMTP protocol needs to be configured on the IDS so that it can send email notifications properly.

Rate this question:
47.

IPSec uses which two modes?
- A.
  
  AH/ESP
- B.
  
  AES/DES
- C.
  
  EH/ASP
- D.
  
  AES/ESP
Correct Answer
A. AH/ESP

Explanation
IPSec (Internet Protocol Security) is a protocol suite used to secure IP communications. It can operate in two modes: Authentication Header (AH) and Encapsulating Security Payload (ESP). AH provides data integrity and authentication, ensuring that the data has not been tampered with during transmission. ESP, on the other hand, provides confidentiality, encrypting the data to prevent unauthorized access. Therefore, the correct answer is AH/ESP, as these two modes are used in IPSec for different security purposes.

Rate this question:
48.

Which of the following terms describes a firewall with multiple network interfaces?
- A.
  
  A next-generation firewall
- B.
  
  A multihomed firewall
- C.
  
  Web gateway
- D.
  
  Application-level firewall
Correct Answer
B. A multihomed firewall

Explanation
A multihomed firewall is a term that describes a firewall with multiple network interfaces. This means that the firewall is connected to multiple networks, allowing it to filter and control traffic between these networks. By having multiple network interfaces, the firewall can provide enhanced security and flexibility by segregating different network segments and controlling the flow of data between them. This term is commonly used in networking and cybersecurity to refer to firewalls that have multiple network connections.

Rate this question:
49.

Bluejacking is an attack that does which of the following to a compromised Bluetooth device?
- A.
  
  Tracking
- B.
  
  Breaking into a device
- C.
  
  Sending unsolicited messages
- D.
  
  Crashing
Correct Answer
C. Sending unsolicited messages

Explanation
Bluejacking is an attack where the attacker sends unsolicited messages to a compromised Bluetooth device. This means that the attacker can send unwanted messages to the victim's device without their consent or knowledge. It is a form of Bluetooth spamming, where the intention is to annoy or disrupt the user rather than gain unauthorized access or control over the device.

Rate this question:
50.

Which of the following is a honeypot detection tool?
- A.
  
  Honeyd
- B.
  
  Specter
- C.
  
  KFSensor
- D.
  
  Sobek
Correct Answer
D. Sobek

Explanation
Sobek is a honeypot detection tool. Honeypots are decoy systems designed to attract and monitor unauthorized access attempts. Sobek is specifically designed to detect and analyze attacks on honeypots. It provides features such as log analysis, attack signature matching, and real-time alerting to help administrators identify and respond to potential threats.

Rate this question:

Quiz Review Timeline +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

Current Version
Mar 22, 2023

Quiz Edited by
ProProfs Editorial Team
Sep 19, 2018

Quiz Created by
Terry519vx

Ethicalquiz

What is the length of the IPv6 datagram header?

In the IPv6 header, the traffic class field is similar to which field in the IPv4 header?

Which of the following features are present in IPv4 header but not in IPv6 header? [Select the BEST answer]

Which statement is the MOST accurate regarding firewalls?

Which of the following are private IP addresses that can be assigned to a host? [Select all that apply]

Which of the following are valid types of IPv6 address? [Select all that apply]

MAC spoofing applies a legitimate MAC address to an unauthenticated host, which allows the attacker to pose as a valid user. Based on your understanding of ARP, what would indicate a bogus client?

ARP poisoning alters ARP table mappings to align all traffic to the attacker’s interface before traveling to the proper destination. What does this allow to an attacker? [Select two]

There are some programs that can be used to provide unexpected or random inputs to computer programs. This is referred to as:

Host 1 is trying to communicate with Host 2. The e0 interface on Router C is down. Which of the following are true? [Select two]

Which statement describes how public/private key pair is used to protect confidentiality when using asymmetric encryption?

SSIDs serve many functions, but the primary goal is which of the following?

Which device is typically used with software such as Wireshark to aid in wireless network traffic analysis?

Because of its obvious rule-breaking nature, what scan method flagged by almost all intrusion prevention or intrusion detection systems?

The port numbers range from 0 to 65,535 and are split into three different groups. Registered ports are:

Which of the following is a denial-of-service attack against a Bluetooth device?

(Inherent risk) - (impact of risk controls) = ?

In the context of the Microsoft Windows NT, which Security Identifier (SID) represents the administrator account?

Vulnerability mapping occurs after which phase of a penetration test?

How would you describe an attacker’s attempts to deliver the payload over multiple packets for an extended period of time? [Select the best answer]

When discussing password attacks, what is considered a rubber hose attack?

Which of the following tactics is used in social engineering attacks? [Select all that apply]

Which of the following are functions of Arpwatch?

Which type of attack is used to redirect users to an incorrect DNS server? [Select two]

Sending a probe to the target system using a ping scan is a form of which type of reconnaissance?

Which of the following techniques could be used to test the strength of firewall rules?

Which of the following is an extended version of Nikto designed for Windows and is a tool that can examine web servers and probe for vulnerabilities?

You’re using nmap to run port scans. Which of the following commands will attempt a half-open scan stealthily as possible?

If you wanted an aggressive XMAS scan, perhaps the following might be to your liking:

You are attempting to identify active machines on a subnet. What is the process of sending ICMP Echo requests to all IP addresses in the range known as?

You are reviewing a packet capture in Wireshark but only need to see packets from IP address 128.156.44.33. Which of the following filters will provide the output you wish to see?

Which footprinting tool or technique can be used to find information about the domain registration, which may include names and addresses of technical points of contact?

Which of the following is a utility that allows you to query the DNS database from any computer on the network and find the hostname of a device by specifying its IP address, or vice versa?

Which of the following scans allows for “blind scanning” by using a “zombie host” and a spoofed packet to generate port responses from a target host?

A new member of the pen test team has discovered a WAP that is using WEP for encryption. He wants a fast tool that can crack the encryption. Which of the following is his best choice?

Which of the following is a true statement regarding SSIDs?

The nmap TCP Window scan is performed by which of the following commands?

What is the proper command to perform an Nmap XMAS scan every 15 seconds?

What type of rootkits will patch, hook, or replace the version of system call in order to hide information?

How can IP address spoofing be detected?

What are the port states determined by Nmap?

Which of the following will allow footprinting to be conducted without detection?

Which Nmap scan initiates but does not complete a TCP connection?

You have selected the option in your IDS to notify you via email if it discovers any network irregularities. Checking the logs, you notice a few incidents, but you didn’t receive any alerts. What protocol needs to be configured on the IDS?

IPSec uses which two modes?

Which of the following terms describes a firewall with multiple network interfaces?

Bluejacking is an attack that does which of the following to a compromised Bluetooth device?

Which of the following is a honeypot detection tool?