CH5

Why would an attacker conduct an open TCP connection scan using Ncat? A. The attacker does not want to attack the system. B. The attacker made a mistake using the nmap function. C. The attacker is trying to connect to network services. D. The attacker is trying to see what ports are open for connection.

D. The attacker is trying to see what ports are open for connection.

Which Nmap switch utilizes the slowest scan? A. -T B. -sT C. -s0 D. -sX

A. -T

What is an ICMP echo scan? A. A ping sweep B. A SYN scan C. A Xmas tree scan D. Part of a UDP scan

A. A ping sweep

nmap is required to perform what type of scan? A. Port scan B. Vulnerability scan C. Service scan D. Threat scan

A. Port scan

Which of following actions is the last step in scanning a target? A. Scan for vulnerabilities. B. Identify live systems. C. Discover open ports. D. Identify the OS and servers

A. Scan for vulnerabilities.

An SYN attack uses which protocol? A. TCP B. UDP C. HTTP D. Telnet

A. TCP

Which of the following is used for banner grabbing? A. Telnet B. FTP C. SSH D. Wireshark

A. Telnet

What is the three-way handshake? A. The opening sequence of a TCP connection B. A type of half-open scan C. A Xmas tree scan D. Part of a UDP scan

A. The opening sequence of a TCP connection

Why is it important to scan your target network slowly? A. To avoid alerting the IDS B. It is not necessary to scan the network slowly. C. To evade the firewall D. Services may not have started, so starting slowly ensures that you capture services that started late.

A. To avoid alerting the IDS

Why would you need to use a proxy to perform scanning? A. To enhance anonymity B. To fool firewalls C. Perform half-open scans D. To perform full-open scans

A. To enhance anonymity

Using Nmap, what is the correct command to scan a target subnet of 192.168.0.0/24 using a ping sweep and identifying the operating system? A. nmap -sP -O 192.168.0.0/24 B. nmap -sP -V 192.168.0.0/24 C. nmap -sT -P 192.168.0.0/24 D. nmap -Ps -O 192.168.0.0/24

A. nmap -sP -O 192.168.0.0/24

What is missing from a half-open scan? A. SYN B. ACK C. SYN-ACK D. FIN

B. ACK

What is war dialing? A. An adversary conducting a DoS on a modem B. An adversary dialing to see what modems are open C. An adversary using a modem as an evil twin D. An adversary verifying closed modems

B. An adversary dialing to see what modems are open

A vulnerability scan is a good way to do what? A. Find open ports B. Find weaknesses C. Find operating systems D. Identify hardware

B. Find weaknesses

Which of the following types of attack has no flags set? A. SYN B. NULL C. Xmas tree D. FIN

B. NULL

During a Xmas tree scan what indicates a port is closed? A. No return response B. RST C. ACK D. SYN

B. RST

During an FIN scan, what indicates that a port is closed? A. No return response B. RST C. ACK D. SYN

B. RST

What is Tor used for? A. To hide web browsing B. To hide the process of scanning C. To automate scanning D. To hide the banner on a system

B. To hide the process of scanning

Which switch in Nmap allows the user to perform a fast scan? A. -oX B. -PT C. -T4 D. -sS

C. -T4

What is the maximum byte size for a TCP packet? (i.e. MTU- Maximum transmission unit) A. 65,535 B. 65,507 C. 1,500 D. 65,527

C. 1,500

A full-open scan means that the three-way handshake has been completed. What is the difference between this and a half-open scan? A. A half-open uses TCP. B. A half-open uses UDP. C. A half-open does not include the final ACK. D. A half-open includes the final ACK.

C. A half-open does not include the final ACK.

When trying to identify all the workstations on a subnet, what method might you choose? A. Port scan B. Anonymizer C. Ping sweep D. Web crawler

C. Ping sweep

A hacker is conducting the following on the target workstation: nmap -sT 192.33.10.5. The attacker is in which phase? A. Covering tracks B. Enumeration C. Scanning and enumeration D. Gaining access

C. Scanning and enumeration

Using Nmap, which switch command enables a UDP connections scan of a host? A. -sS B. -sX C. -PT D. -sU

D. -sU

Which best describes a vulnerability scan? A. A way to find open ports B. A way to diagram a network C. A proxy attack D. A way to automate the discovery of weaknesses.

D. A way to automate the discovery of weaknesses.

What would be the purpose of running a ping sweep? A. You want to identify responsive hosts without a port scan. B. You want to use something that is light on network traffic. C. You want to use a protocol that may be allowed through the firewall. D. All of the above.

D. All of the above.

Which of the following is not a flag on a packet? A. URG B. PSH C. RST D. END

D. END

A banner can do what? A. Identify an OS B. Help during scanning C. Identify weaknesses D. Identify a service

D. Identify a service

What protocol would you use to conduct banner grabbing? A. FTP B. IRC C. DNS D. Telnet

D. Telnet

Which of the following is used to perform customized network scans? A. Nessus B. Wireshark C. AirPcap D. nmap

D. nmap