CEH Practice Exam Questions
Which command puts Snort into packet logger mode?
./snort -dev -l ./log
Which folder in Linux holds administrative commands and daemons?
/sbin
You have gained access to a SAM file from an older Windows machine and are preparing to run a Syskey cracker against it. How many bits are used for Syskey encryption?
128
Which of the following ports are required for a null session connection? (Choose all that apply.)
135, 137, 139, 445
In a discussion on symmetric encryption, a friend mentions that one of the drawbacks with this system is scalability. He goes on to say that for every person you add to the mix, the number of keys goes up exponentially. If seven people are in a symmetric encryption pool, how many keys are necessary?
21
What is being attempted with the following command: nc -u -v -w2 192.168.1.100 1-1024
A HDP port scan of ports 1-1024 on a single address
You are examining traffic and notice an ICMP type 3, code 13 response. What does this normally indicate?
A firewall is prohibiting connection
Nmap is a powerful scanning and enumeration tool. What does this nmap command attempt to accomplish? nmap -sA -T4 192.168.15.0/24
A parallel, fast ACK scan of a Class C subnet
An ethical hacker is given no prior knowledge of the network and has a specific framework in which to work. The agreement specifies boundaries, nondisclosure agreements, and a completion date definition. Which of the following statements are true?
A white hat is attempting a black box test.
Which of the following encryption algorithms is your best choice if your primary need is bulk encryption, and you need fast, strong encryption?
AES
Your client's business is headquartered in Japan. Which regional registry would be the best place to look for footprinting information?
APNIC
You are gathering reconnaissance on your target organization whose website has a .com extension. With no other information to go on, which regional Internet registry would be the best place to begin your search?
ARIN
You have successfully tapped into a network subnet of your target organization. You begin an attack by learning all significant MAC addresses on the subnet. After some time, you decide to intercept messages between two hosts. You begin by sending broadcast messages to Host A showing your MAC address as belonging to Host B. Simultaneously, you send messages to Host B showing your MAC address as belonging to Host A. What is being accomplished here?
ARP poisoning to allow you to see messages from Host A to Host B, and vice versa
Which of the following best describes an ethical hacker?
An ethical hacker never proceeds with an audit or test without written permission.
A machine in your environment uses an open X-server to allow remote access. The X-server access control is disabled, allowing connections from almost anywhere and with little to no authentication measures. Which of the following are true statements regarding this situation? (Choose all that apply.) A. An external vulnerability can take advantage of the misconfigured X-server threat.
An external threat can take advantage of the misconfigured X-server vulnerability. ; An internal threat can take advantage of the misconfigured X-server vulnerability.
Which fire extinguisher type is the best choice for an electrical system fire?
An extinguisher marked "C"
Your IDS sits on the network perimeter and has been analyzing traffic for a couple of weeks. On arrival one morning, you find the IDS has alerted on a spike in network traffic late the previous evening. Which type of IDS are you using?
Anomaly based
The security, functionality, and ease of use (SFE) triangle states which of the following as true?
As security increases, ease of use decreases and functionality decreases.
In which phase of a penetration test would an ethical hacker perform footprinting?
Assessment
You're discussing cryptography and determine you need to ensure messages are safe from unauthorized observation. Also, you want to provide a way to ensure the identity of the sender and receiver during the communications process. Which of the following best suits your needs?
Asymmetric encryption
Which of the following correctly describes brute-force password attacks?
Attempt all possible combinations of letters, numbers, and special characters in succession.
A hacker is attempting to gain access to a target inside a business. After trying several methods, he gets frustrated and starts a denial of service attack against a server attached to the target. Which security control is the hacker affecting?
Availability
You are in training for your new pen test assignment. Your trainer enters the following command: telnet 192.168.12.5 80 After typing the command, he hits ENTER a few times. What is being attempted?
Banner grabbing
Within a PKI system, which of the following is an accurate statement?
Bill can be sure a message came from Sue by using her public key to decrypt the digital signature.
Which of the following attacks is considered an integrity attack, where the attacker is not concerned with deciphering the entirety of a plaintext message?
Bit flipping
A hacker is attempting to uncover the key used in a cryptographic encryption scheme. Which attack vector is the most resource intensive and usually takes the longest amount of time?
Brute force
How does traceroute map the routes traveled by a packet?
By manipulating the time to live (TTL) parameter
Which password would be considered the most secure?
C3HisH@rd
You are setting up DNS for your enterprise. Server A is both a web server and an FTP server. You wish to advertise both services for this machine. Which DNS record type would you use to accomplish this?
CNAME
Which of the following activities is not considered passive footprinting?
Calling the company's help desk line
Which of the following should be in place to assist as a social engineering countermeasure? (Choose all that apply.)
Classification of information; Strong security policy; User Education; Strong change management process;
You receive a RST-ACK from a port during a SYN scan. What is the state of the port?
Closed
You are discussing hash values with a CEH instructor. Immediately after telling you the hash is a one-way algorithm and cannot be reversed, he explains that you can still discover the value entered into the hash, given enough time and resources. Which of the following hash anomalies might allow this?
Collision
Which type of social engineering attacks use phishing, pop-ups, and IRC?
Computer based
You are attempting to sniff traffic on a switch. Which of the following is a good method to ensure you are successful? (Choose all that apply.)
Configure a span port; Use MAC flooding
Which of the following is a true statement concerning cryptography?
Converts plaintext to ciphertext for protection during transit or in storage.
Joe accesses the company website, www.anybusi.com, from his home computer and is presented with a defaced site contained disturbing images. He calls the IT department to report the website hack and is told they do not see any problem with the site: No files have been changed, and when the site is accessed from their terminals (inside the company) it appears normally. Joe connects over VPN into the company website and notices the site appears normally. Which of the following might explain the issue?
DNS poisoning
What is the difference between a dictionary attack and a hybrid attack?
Dictionary attacks use predefined word lists, whereas hybrid attacks substitute numbers and symbols within those words.
You're describing a basic PKI system to a new member of the team. He asks how the public key can be distributed within the system in an orderly, controlled fashion so that the users can be sure of the sender's identity. Which of the following would be your answer?
Digital certificate
You are examining connection logs from a client machine and come across this entry: http://www.business123.com/../../../../../Windows/system.ini. Which attack does this most likely indicate?
Directory traversal
Which threat presents the highest risk to an organization's resources?
Disgruntled employees
Your client makes use of Sigverif on his servers. What functionality does this tool provide?
Displays a list of unsigned drivers.
After observing a target organization for several days, you discover that finance and HR records are bagged up and placed in an outside storage bin for later shredding/recycling. One day you simply walk to the bin and place one of the bags in your vehicle, with plans to rifle through it later. Which social engineering attack was used here?
Dumpster diving
Which of the following is a good footprinting tool for discovering information on a company's founding, history, and financial status?
EDGAR database
You are attempting to deliver a payload to a target inside the organization; however, it is behind an IDS. You are concerned about successfully accomplishing your task without alerting the IDS monitoring team. Which of the following methods are possible options? (Choose all that apply.)
Encrypt the traffic between you and the host; Session splicing
As part of a security monitoring team, Joe is reacting to an incursion into the network. The attacker successfully exploited a vulnerability on an internal machine, and Joe is examining how the attacker succeeded. He reviews the IDS logs but sees no alerts for the time period; however, there is definitive proof of the attack. Which IDS shortcoming does this refer to?
False negative
Which port-scanning method presents the most risk of discovery, but provides the most reliable results?
Full-connect
As part of the preparation phase for a pen test that you are participating in, the client relays their intent to discover security flaws and possible remediation. They seem particularly concerned about external threats and do not mention internal threats at all. When defining scope, the threat of internal users is not added as part of the test. Which test is this client ignoring?
Gray box
You've been hired as part of a pen test team. During the in brief, you learn the client wants the pen test attack to simulate a normal user who finds ways to elevate privileges and create attacks. Which test type does the client want?
Gray box
Joe has spent a large amount of time learning hacking tools and techniques, and has even passed certification exams to promote himself in the ethical hacking field. Joe uses his talents during the election season to deface websites and launch denial of service attacks against opponents of his candidate. Which answer most closely correlates with Joe's actions?
Hactivism
Which of the following should a security professional use as a possible means to verify the integrity of a data message from sender to receiver?
Hash algorithm
Which of the following would be the best choice to guarantee the integrity of messages in transit or storage?
Hash algorithm
Which type of social engineering makes use of impersonation, dumpster diving, shoulder surfing, and tailgating?
Human based
As a pen test on a major international business moves along, a colleague discovers an IIS server and a mail exchange server on a DMZ subnet. You review a ping sweep accomplished earlier in the day on that subnet and note neither machine responded to the ping. What is the most likely reason for the lack of response?
ICMP is being filtered.
Two bit strings are run through an XOR operation. Which of the following is a true statement for each bit pair regarding this function?
If the first value is 1 and the second value is 1, then the output is 0.
You've just kicked off a penetration test against a target organization and have decided to perform a little passive footprinting. One of the first sites you visit are job boards, where the company has listed various openings. What is the primary useful footprinting information to be gained through this particular search?
Insight into the operating systems, hardware, and applications in use
Which password theft method is almost always successful, requires little technical knowledge, and is nearly impossible to detect?
Install a hardware keylogger.
You wish to begin sniffing, and you have a Windows 7 laptop. You download and install Wireshark, but quickly discover your NIC needs to be in "promiscuous mode." What allows you to put your NIC into promiscuous mode?
Installing winPcap
You send a message across a network and are primarily concerned that it is not altered during transit. Which security element ensures a message arrives at its destination with no alteration?
Integrity
What does this line from the Snort configuration file indicate? var RULE_PATH c:\etc\snort\rules
It defines the location of the Snort rules.
Which of the following are indicators of a phishing e-mail? (Choose all that apply.)
It does not reference you by name; It contains misspelled words or grammatical errors; It contains spoofed links; It comes from an unverified source;
Jack and Jill work in an organization that has a PKI system in place for securing messaging. Jack encrypts a message for Jill and sends it on. Jill receives the message and decrypts it. Within a PKI system, which of the following statements is true?
Jack encrypts with Jill's public key. Jill decrypts with her private key.
Joe uses a user ID and password to log into the system every day. Jill uses a PIV card and a pin number. Which of the following are true?
Jill is using two-factor authentication.
Which of the following statements are true concerning Kerberos? (Choose all that apply.)
Kerberos uses symmetric encryption; Kerberos uses asymmetric encryption; Clients ask for authentication tickets from the KDC in clear text; KDC responses to clients never include a password; Clients decrypt a TGT from the server;
A hacker has gained access to several files. Many are encrypted, but one is not. Which of the following is the best choice for possibly providing a successful break into the encrypted files?
Known plaintext
Which of the following tools can assist in discovering the use of NTFS file streams? (Choose all that apply.)
LADS, ADS Spy, and Sfind
Which authentication method uses DES for encryption and forces 14-character passwords for hash storage?
LAN Manager
Which rootkit type makes use of system-level calls to hide their existence?
Library level
In which phase of the attack would a hacker set up and configure "zombie" machines?
Maintaining access
You are testing physical security measures as part of a pen test team. Upon entering the lobby of the building, you see the entrance has a guard posted at the lone entrance. A door leads into a smaller room with a second door heading into the interior of the building. Which physical security measure is in place?
Man trap
In order, what are the three steps in a reverse social engineering attack?
Marketing, sabotage, technical support
Sniffing network traffic can sometimes be a function of an investigation run by a law enforcement agency (LEA). Within the confines of the lawful intercept, what provides most of the processing of the information and is usually provided by a third party?
Mediation device
Which of the following tools are useful in identifying potential honeypots on a subnet? (Choose all that apply.)
Nessus and Send-Safe HH
Which of the following resources can assist in combating phishing in your organization? (Choose all that apply.)
Netcraft and Phishtank
Which of the following tools is not a good choice for determining possible vulnerabilities on live targets you have identified?
Nmap
Which of the following tools can be used for operating system prediction? (Choose all that apply.)
Nmap and Queso
While performing a pen test, you find success in exploiting a machine. Your attack vector took advantage of a common mistake—the Windows 7 installer script used to load the machine left the administrative account with a default password. Which attack did you successfully execute?
Operating system
You are discussing physical security measures and are covering background checks on employees and policies regarding key management and storage. Which type of physical security measure is being discussed?
Operational
You are examining security logs snapshotted during a prior attack against the target. The target's IP address is 135.17.22.15, and the attack originated from 216.88.76.5. Which of the following correctly characterizes this attack?
Outside attack
Which TCP flag instructs the recipient to ignore buffering constraints and immediately send all data?
PSH
A zone file consists of which types of records? (Choose all that apply.)
PTR, MX, SOA, A
You begin your first pen-test assignment by checking out IP address ranges owned by the target as well as details of their domain name registration. Additionally, you visit job boards and financial websites to gather any technical information online. What activity are you performing?
Passive footprinting
You are interviewing an incident response team member of an organization you're working with. He relates an incident where a user received an e-mail that appeared to be from the U.S. Postal Service, notifying her of a package headed her way and providing a link for tracking the package. The link provided took the user to what appeared to be the USPS site, where she input her user information to learn about the latest shipment headed her way. Which attack did the user fall victim to?
Phishing
An attacker waits outside the entry to a secured facility. After a few minutes an authorized user appears with an entry badge displayed. He swipes a key card and unlocks the door. The attacker, with no display badge, follows him inside. Which social engineering attack just occurred?
Piggybacking
Which of the following would not be considered passive reconnaissance?
Ping sweeping a range of IP addresses found through a DNS lookup
As part of a pen test on a U.S. Government system, you discover files containing social security numbers and other PII (Personally Identifiable Information) sensitive information. You are asked about controls placed on dissemination of this information. Which of the following acts should you check?
Privacy Act
You are footprinting information for a pen test. Social engineering is part of your reconnaissance efforts, and some of it will be active in nature. You take steps to ensure that if the social engineering efforts are discovered at this early stage, any trace efforts point to another organization. Which of the following terms best describes what you are participating in?
Pseudonymous footprinting
You are enumerating a subnet. Examining message traffic you discover SNMP is enabled on multiple targets. If you assume default settings in setting up enumeration tools to use SNMP, which community strings should you use?
Public (read-only) and Private (read/write)
Which encryption algorithm uses variable block sizes (from 32 to 128 bits)?
RC5
Which of the following TCP flags is used to reset a connection?
RST
One use of hash algorithms is for the secure storage of passwords: The password is run through a one-way hash, and the value is stored instead of the plaintext version. If a hacker gains access to these hash values, and knows the hash algorithm used to create them, which of the following could be used to speed up his effort in cracking them?
Rainbow tables
Which of the following attacks attempts to re-send a portion of a cryptographic exchange in hopes of setting up a communications channel?
Replay
Which of the following describes activities taken in the conclusion phase of a penetration test?
Reports are prepared detailing security deficiencies.
A pen tester sends an unsolicited e-mail to several users on the target organization. The e-mail is well crafted and appears to be from the company's help desk, advising users of potential network problems. The e-mail provides a contact number to call in the event they are adversely affected. The pen tester then performs a denial of service on several systems and receives phone calls from users asking for assistance. Which social engineering practice is in play here?
Reverse social engineering
Which of the following SIDs indicates the true administrator account?
S-1-5-21-1388762127-2960977290-773940301-500
Which hash algorithm was developed by the NSA and produces output values up to 512 bits?
SHA-2
Which of the following is a tool used for MAC spoofing?
SMAC
Which of the following are SNMP enumeration tools? (Choose all that apply.)
SNMPUtil, OptUtils, Solar Winds, and NSAuditor
One way to mitigate against DNS poisoning is to restrict or limit the amount of time records can stay in cache before they're updated. Which DNS record type allows you to set this restriction?
SOA
An attacker has successfully tapped into a network segment and has configured port spanning for his connection, which allows him to see all traffic passing through the switch. Which of the following protocols protects any sensitive data from being seen by this attacker?
SSH
Which of the following is a secure substitute for telnet?
SSH
What is the second step in the TCP three-way handshake?
SYN/ACK
Which of the following are footprinting tools? (Choose all that apply.)
Sam Spade, Nslookup, Traceroute, and NetCraft
A Certified Ethical Hacker follows a specific methodology for testing a system. Which step comes after footprinting in the CEH methodology?
Scanning
In which phase of an attack would vulnerability mapping occur?
Scanning and enumeration
In which phase of the ethical hacking methodology would a hacker discover available targets on a network?
Scanning and enumeration
Which of the following may be effective countermeasures against social engineering? (Choose all that apply.)
Security policies, Operational guidelines, Strong firewall configuration
A pen test member has gained access to an open switch port. He configures his NIC for promiscuous mode and sets up a sniffer, plugging his laptop directly into the switch port. He watches traffic as it arrives at the system, looking for specific information to possibly use later. What type of sniffing is being practiced?
Session
A pen test member has gained access to a building and is observing activity as he wanders around. In one room of the building, he stands just outside a cubicle wall opening and watches the onscreen activity of a user. Which social engineering attack is in use here?
Shoulder surfing
You are monitoring traffic between two systems communicating over SSL. Which of the following techniques is your best bet in gaining access?
Sidejacking
Which anti-phishing method makes use of a secret message or image referenced on the communication?
Sign-in seal
The PKI system you are auditing has a Certificate Authority (CA) at the top that creates and issues certificates. Users trust each other based on the CA itself. Which trust model is in use here?
Single Authority
Which of the following are modes Snort can operate in? (Choose all that apply.)
Sniffer, Packet Logger, and Network IDS
You are discussing a steganography tool that takes advantage of the nature of "white space" to conceal information. Which tool are you discussing?
Snow
You are performing an ACK scan against a target subnet. You previously verified connectivity to several hosts within the subnet, but want to verify all live hosts on the subnet. Your scan, however, is not receiving any replies. Which type of firewall is most likely in use at your location?
Stateful
Which of the following is a true statement?
Symmetric encryption does not scale easily and does not provide for nonrepudiation.
You are told to monitor a packet capture for any attempted DNS zone transfer. Which port should you key your search on?
TCP 53
A system owner has implemented a retinal scanner at the entryway to the data floor. Which type of physical security measure is this?
Technical
What are the three categories of measures taken to ensure physical security?
Technical , Physical, and Operational
In your social engineering efforts you call the company help desk and pose as a user who has forgotten a password. You ask the technician to help you reset your password, which they happily comply with. Which social engineering attack is in use here?
Technical support
A hacker is looking at a publicly facing web front end. One of the pages provides an entry box with the heading "Forgot password? Enter your email address." In the entry, he types anything' OR '1'='1. A message appears stating, "Your login information has been sent to [email protected]." Which of the following is true?
The SQL injection attempt has succeeded.
An e-mail sent from an attacker to a known hacking group contains a reference stating, "Rebecca works for the finance department at _business-name_ and is the administrative assistant to the chief. She can be reached at _phone-number_." What is most likely being communicated here?
The administrative assistant for the chief of the finance department at this business is easily swayed by social engineering efforts.
A target machine (with a MAC of 12:34:56:AB:CD:EF) is connected to a switch port. An attacker (with a MAC of 78:91:00:ED:BC:A1) is attached to a separate port on the same switch with a packet capture running. There is no spanning of ports or port security in place. Two packets leave the target machine. Message 1 has a destination MAC of E1:22:BA:87:AC:12. Message 2 has a destination MAC of FF: FF: FF: FF: FF: FF. Which of the following statements is true regarding the messages being sent?
The attacker will see message 2.
An SSL session requires a client and a server to handshake information between each other and agree on a secured channel. Which of the following best describes the session key creation during the setup of an SSL session?
The client creates the key after verifying the server's identity.
Which of the following are potential drawbacks to a black box test? (Choose all that apply.)
The client does not get a full picture of an internal attacker focused on their systems. ; This test takes the longest amount of time to complete.
Which of the following is true regarding an ethical hacker?
The ethical hacker has authorization to proceed from the target owner.
You are examining files on a Windows machine and note one file's attributes include "h." What does this indicate?
The file is hidden.
Examine the following password hashes obtained from a Windows XP machine using LM hashing: B757BF5C0D87772FAAD3B435B51404EE BA810DBA98995F1817306D272A9441BB E52CAC67419A9A224A3B108F3FA6CB6D 0182BD0BD4444BF836077A718CCDF409 CEC52EB9C8E3455DC2265B23734E0DAC Which of the following is true regarding the hashes listed?
The first hash listed is from a password of seven characters or less.
Physical security also includes the maintenance of the environment and equipment for your data floor. Which of the following are true statements regarding this equipment? (Choose all that apply.)
The higher the MTBF, the better; The lower the MTTR, the better;
You are examining a packet capture of all traffic from a host on the subnet. The host sends a segment with the SYN flag set, in order to set up a TCP communications channel. The destination port is 80, and the sequence number is set to 10. Which of the following statements are not true regarding this communications channel? (Choose all that apply.)
The host will be attempting to retrieve an HTML file; The packet returned in answer to this SYN request will acknowledge the sequence number by returning "10."
Your client is considering a biometric system for access to a controlled location. Which of the following is a true statement regarding his decision?
The lower the CER, the better the biometric system.
At the basic core of encryption approaches, two main methods are in play: substitution and transposition. Which of the following best describes transposition?
The order of bits is changed.
Examine the Wireshark filter shown here: ip.src == 192.168.1.1 &&tcp.srcport == 80 Which of the following correctly describes the capture filter?
The results will display all HTTP traffic from 192.168.1.1.
An ethical hacker needs to be aware of a variety of laws. What do Sections 1029 and 1030 of United States Code Title 18 specify?
They define most of the U.S. laws concerning hacking and computer crime.
Which of the following footprinting tools uses ICMP to provide information on network pathways?
Traceroute
You are separated from your target subnet by a firewall. The firewall is correctly configured and only allows requests through to ports opened by the administrator. In firewalking the device, you find that port 80 is open. Which technique could you employ to send data and commands to or from the target system?
Use HTTP tunneling.
You are footprinting a target headquartered in the Dominican Republic. You have gathered some competitive intelligence and have engaged in both passive and active reconnaissance. Your next step is to define the network range this organization uses. What is the best way to accomplish this?
Use LACNIC to look up the company range
You have obtained a password hash and wish to quickly determine the associated plaintext password. Which of the following is the best choice?
Use a rainbow table.
As fate would have it, you are contracted to pen test an organization you are already familiar with. You start your passive reconnaissance by perusing the company website. Several months ago, the public-facing website had a listing of all staff members, including phone numbers, e-mail addresses, and other useful information. Since that time, the listing has been removed from the website. Which of the following is the best option to provide access to the listing?
Use www.archive.org.
What is considered the best defense against social engineering?
User education and training
Which of the following are considered offline password attacks? (Choose all that apply.)
Using a hardware keylogger, Brute-force cracking with Cain and Abel on a stolen SAM file, and Using John the Ripper on a stolen passwd file
Which of the following would you find in an X.509 digital certificate? (Choose all that apply.)
Version, Algorithm ID, Public Key, and Key Usage
In the scanning and enumeration phase of your attack, you put tools such as ToneLoc, THC-Scan, and WarVox to use. What are you attempting to accomplish?
War dialing
Within the DNS system, a primary server (SOA) holds and maintains all records for the zone. Secondary servers will periodically ask the primary whether there have been any updates. If updates have occurred, they will ask for a zone transfer to update their own copies. Under what conditions will a secondary name server request a zone transfer from a primary?
When the primary SOA record serial number is higher that the secondary's
Which of the following tools can assist with IDS evasion? (Choose all that apply.)
Whisker, Fragroute, ADMmutate, and Inundator
What is the standard format for digital certificates?
X.509
You have a zombie system ready and begin an IDLE scan. As the scan moves along, you notice that fragment identification numbers gleaned from the zombie machine are incrementing randomly. What does this mean?
Your IDLE scan results will not be useful to you.
You are looking for files with the terms "Apache" and "Version" in their titles. Which Google hack is the appropriate one?
allintitle:apache version
Which of the following will extract an executable file from NTFS streaming?
c:\> cat file1.txt:hidden.exe > visible.exe
You are attempting to hack a Windows machine and wish to gain a copy of the SAM file. Where can you find it? (Choose all that apply.)
c:\windows\system32\config, or c:\windows\repair
Which command is used to allow all privileges to the user, read-only to the group and read-only for all others to a particular file, on a Linux machine?
chmod 711 file1
You are footprinting DNS information using dig. What command syntax should be used to discover all name servers listed by DNS server 202.55.77.12 in the anybiz.com namespace?
dig @202.55.77.12 www.anybiz.com NS
A good footprinting method is to track e-mail messages and see what kind of information you can pull back. Which tool is useful in this scenario?
eMailTrackerPro
You have a large packet capture file in Wireshark to review. You wish to filter traffic to show all packets with an IP address of 192.168.22.5 that contain the string HR_admin. Which of the following filters would accomplish this task?
ip.addr==192.168.22.5 &&tcp contains HR_admin
What are the three commands necessary to install an application in Linux?
make, make install, ./configure
You wish to perform a ping sweep of a subnet within your target organization. Which of the following nmap command lines is your best option?
nmap -sP 192.168.1.0/24
You wish to run a scan against a target network. You're concerned about it being a reliable scan, with legitimate results, but want to take steps to ensure it is as stealthy as possible. Which scan type is best in this situation?
nmap -sS targetIPaddress
You suspect a hack has occurred against your Linux machine. Which command will display all running processes for you to review?
ps -ef
You need to put the NIC into listening mode on your Linux box, capture packets, and write the results to a log file named my.log. How do you accomplish this with tcpdump?
tcpdump -i eth0 -w my.log