CEH 5 - Scanning
a. telent is used to perform banner grabs against a system. however, other tools are available to do this as well.
1. Which of the following is used for banner grabbing? a. telnet b. ftp c. ssh d. wireshark
a. the three-way handshake happens at the beginning of every TCP connection.
10. What is the three-way handshake? a. the opening sequence of a TCP connection b. a type of half-open scan c. a Xmas tree scan d. part of a UDP scan
c. a threeway handshake is part of every TCP connection and happens at the beginning of every connection. In the case of a half-open scan, however, a final ACK is not sent, therefore leaving the connection halfway complete.
11. A full-open scan means that the three-way handshake has been completed. What is the difference between this and a half-open scan? a. a half open scan used TCP b. a half open scan uses UDP c. a half open does not include the final ACK d. a half open includes the final ACK
a. a three way handshake is part of every TCP connection and happens at the beginning of every connection. It includes SYN SYN-ACK ACK to be fully completed
12. What is the sequence of the three-way handshake? a. syn, syn-ack, ack b. syn, syn-ack c. syn, ack, syn-ack d. syn, ack, ack
a. an ICMP echo scan is a ping sweep-type scan
13. What is an ICMP echo scan? a. a ping sweep b. a SYN scan c. a Xmas tree scan d. part of a UDP scan
d. vulnerabiklty scans are designed to pick up weaknesses in a system. They are typically automated.
14. Which best describes a vulnerability scan? a. a way to find open ports b. a way to diagram a network c. a proxy attack d. a way to automate the discovery of vulnerabilities
c. a proxy is used to hide the party launching a scan
15. What is the purpose of a proxy? a. to assist in scanning b. to perform a scan c. to keep a scan hidden d. to automate the discovery of vulnerabilities
b. Tor is designed to hide the process of scanning as well as the origin of a scan. In addition, it can provide encryption services to hide the traffic iteself.
16. What is Tor used for? a. to hide web browsing b. to hide the process of scanning c. to automate scanning d. to hide the banner on a system
a. you do not need to use a proxy to perform scanning, but using one will hide the process of scanning and make it more difficult to monitor by the victim or other parties.
17. Why would you need to use a proxy to perform scanning? a. to enhance anonymity b. to fool firewalls c. perform half-open scans d. to perform full-open scans
a, b - vulnerability scanners are necessary for a security person to use to strengthen their systems by finding weaknesses before an attacker does.
18. A vulnerability scan is a good way to do what? a. find open ports b. find weaknesses c. find operations systems d. identify hardware
d. a banner can be changed on many services, keeping them from being easily identified. If this is not done, it is possible to use tools such as telnet to gain information about a service and use that information to fine-tune an attack.
19. A banner can do what? a. identify an OS b. help during scanning c. identify weaknesses d. identify a service
b. netcraft is used to gather information about many aspects fo a system, including operating system, ip address, and even country of origin.
2. Which of the following is used for identifying a web server OS? a. telent b. netcraft c. fragroute d. wireshark
a. nmap is designed to perform scans against ports on a system or group of systems, but it is by far the most popular tool in many categories.
20. nmap is required to perform what type of scan? a. port scan b. vulnerability scan c. service scan d. threat scan
d. nmap is a utility used to scan networks and systems and for other types of custom scans.
3. Which of the following is used to perform customized network scans? a. nessus b. wireshark c. AirPcap d. nmap
d. END is not a type of flag. Valid flags are ACK, FIN, SYN, URG, RST, and PSH.
4. Which of the following is not a flag on a packet? a. URG b. PSH c. RST d. END
a. syn flags are seen only on TCP-based transmissions and not in UDP transmissions of any kind .
5. An SYN attack used which protocol? a. TCP b. UDP c. HTTP d. Telnet
b. a NULL scan has no flags configured on its packets.
6. Which of the following types of attack has no flags set? a. SYN b. NULL c. Xmas tree d. FIN
b. an ACK flag belongs to the last part of the three-way handshake, and this part never happens in a half-open scan.
7. What is missing from a half-open scan? a. SYN b. ACK c. SYN-ACK d. FIN
b. an RST indicates that the port is closed
8. During an FIN scan, what indicates that a port is closed? a. No return response b. RST c. ACK d. SYN
b. an RST indicates the port is closed in many of the TCP scan types. The RST is sent in response to a connection request and the RST indicates that the port is not available.
9. During a Xmas tree scan what indicates a port is closed? a. no return response b. RST c. ACK d. SYN