Hands-on Ethical Hacking And Network Defense
A(n) _______ scan sends a packet with all flags set to NULL.
NULL
What is the most widely used port-scanning tool? a. netcat b. netstat c. Nmap d. Nslookup
Nmap
To verify if all the IP addresses of a network are being used by computers that are up and running, you can use a port scanner to perform what procedure on a range of IP addresses?
Ping
Security testers and hackers use which of the following to determine the services running on a host and the vulnerabilities associated with these services? a. Zone transfers b. Zone scanning c. Encryption algorithms d. Port scanning
Port Scanning
A FIN packet sent to a closed port responds with which of the following packets?
RST
When a TCP three-way handshake ends, both parties send what type of packet to end the connection?
FIN
Which flags are set on a packet sent with the nmap -sX 193.145.85.202 command? (Choose all that apply.) a. FIN b. PSH c. SYN d. URG
FIN PSH URG
A NULL scan requires setting the FIN, ACK, and URG flags. (True/False)
False
An open port allows access to specific applications and cannot be vulnerable to attack. (T/F)
False
Fping doesn't allow pinging multiple IP addresses simultaneously. True or False?
False
In a NULL scan, all packet flags are turned on. (T/F)
False
Security testers can use Hping to bypass filtering devices. True or False?
True
To bypass some ICMP-filtering devices on a network, an attacker might send which type of packets to scan the network for vulnerable services? (Choose all that apply.) a. PING packets b. SYN packets c. ACK packets d. Echo Request packets
b. SYN packets c. ACK packets
Which of the following describes a flexible program that automates a task that takes too much time to perform manually?
customized script
A closed port responds to a SYN packet with which of the following packets? a. FIN b. SYN-ACK c. SYN d. RST
d. RST
What is a potential mistake when performing a ping sweep on a network?
including a broadcast address in the ping sweep range
Hping
it is used to bypass filtering devices by injecting crafted or other wise modified IP-packets An enhanced Ping utility for crafting TCP and UDP packets to be used in port-scanning activities
You can search for vulnerabilities in a host computer by using a port-scanning tool. (T/F)
True
To see a brief summary of Nmap commands in a Linux shell, which of the following should you do? a. Type nmap -h. b. Type nmap -summary. c. Type help nmap. d. Press the F1 key.
Type nmap -h
Closed ports respond to a NULL scan with what type of packet?
RST
If an attacker decides to implement a less obvious port-scan, or stealth attack, which of the following techniques would be appropriate to make their activities more difficult to detect?
limit their scan speeds
Fping
you can ping multiple IP addresses simultaneously an enhanced PING utility for pinging multiple targets simultaneously
What type of port scan is similar to a SYN scan and is risky to use because it relies on the attacked computer's OS?
Connect
Which vi command deletes the current line?
Dd
What network security tool, usually included with Kali Linux, allows a user to ping multiple IP addresses?
Fping
Nessus
Previously an open-source scanning tool; now licensed by Tenable Network Security. See OpenVAS.
In a normal TCP session, the sender sends a packet to another computer with which of the following flags set?
SYN Flag
What type of port scan has the FIN, PSH, and URG flags set?
X Mas Scan
Nmap has a GUI front end that makes it easier to work with some of the complex options by providing a GUI. Which of the following is the NMap GUI fron end?
Zen map
port scanning
a method of finding out which services a host computer offers.
Which parameter can be added to nmap to run a script scan with the default scripts? a. -sC b. -oA c. -p d. -rT
a. -sC
Which of the following Nmap commands sends a SYN packet to a computer with the IP address 193.145.85.210? (choose all that apply) a. nmap -sS 193.145.85.210 b. nmap -v 193.145.85.210 c. nmap -sA 193.145.85.210 d. nmap -sF 193.145.85.210
nmap -sS 193.145.85.210 nmap -v 193.145.85.210
One of the limitations when using "ping sweeps" is that many network administrators configure nodes not to respond to ICMP Echo Requests. What type of ICMP Echo message is being disabled by these administrators?
reply
Which of the following describes a text file containing multiple commands that would usually be entered manually at the command prompt?
script
When writing a script which statement allows you to avoid creating an endless loop in your script?
while
Which statement is where the script performs its main task?
do
closed port
doesn't allow entry or access to a service ports that aren't listening or responding to a packet
ping sweep
identify which IP addresses belong to active hosts, in other words to find out which hosts are "live" ping sweeps simply ping a range of IP addresses and see what type of response is returned. pinging a range of IP addresses to identify live systems on a network
To find extensive Nmap information and examples of the correct syntax to use in Linux, which of the following commands should you type? a. nmap -h b. nmap -help c. nmap ? d. man nmap
man nmap
filtered port
might indicate that a firewall is being used to allow specific traffic into or out of the network ports protected with a network-filtering device, such as a firewall
Nmap
most popular port scanners and adds new features constantly, such as OS detection and fast multiple-probe ping scanning a security tool used to identify open ports and detect services and OSs running on network systems
When using a port-scanner, what procedure can be conducted to identify which IP addresses belong to active hosts?
ping sweep
Port scanning is a method of finding out which services a host computer offers. (T/F)
True
When security professionals create a packet, they may choose to specifically set which of the following fields to help initiate a response from a target computer?
flag
In a Linux script, which of the lines is important because it identifies the files as a script?
#!/bin/sh
When using the text editor vim what command appends text after the insertion point?
A
What advanced port-scanning tool can allow a security tester to bypass filtering devices by injecting crafted or otherwise modified IP-packets into a network?
Hping
Which of the following is a tool for creating a custom TCP/IP packet and sending it to a host computer?
Hping
What open source port-scanning tool is considered to be the standard port-scanning tool for security professionals?
Nmap
What open-source network utility allows you to use plug-ins to run test programs (scripts) that can be selected from the client interface?
OpenVas
Some attackers want to be hidden from network devices or IDSs that recognize an inordinate amount of pings or packets being sent to their networks. Which of the following attacks are more difficult to detect?
Stealth Attacks
Attackers typically use ACK scans to get past a firewall or other filtering devices. (T/F)
True
In an ACK scan, if the attacked port returns an RST packet the attacked port is considered to be operating in what state?
Unfiltered
Why does the fping -f 193.145.85.201 193.145.85.220 command cause an error? a. An incorrect parameter is used. b. The IP range should be indicated as 193.145.85.201-220. c. There's no such command. d. IP ranges aren't allowed with this command.
a. an incorrect parameter is used
Which Nmap command verifies whether the SSH port is open on any computers in the 192.168.1.0 network? (Choose all that apply.) a. nmap -v 192.168.1.0-254 -p 22 b. nmap -v 192.168.1.0-254 -p 23 c. nmap -v 192.168.1.0-254 -s 22 d. nmap -v 192.168.1.0/24 -p 22
a. nmap -v 192.168.1.0-254 -p 22 d. nmap -v 192.168.1.0/24 -p 22
open port
allows access to applications and can be vulnerable to an attack ports that respond to ping sweeps and other packets
OpenVas
allows for updating of security check plug-ins when they become available, it is a security test program (script) that can be selected from the client interface a security tool for conducting port scanning, OS identification, and network vulnerability assessments. A client computer (*nix or Windows) must connect to the server to perform these tests
In any *NIX system, after saving a script named "script_name," you need to make it executable so that you can run it. Which command will accomplish this task from the command line?
chmod +x script_name
Port scanning provides the state for all but which of the following ports? a. Closed b. Open c. Filtered d. Buffered
d. Buffered
In basic network scanning, ICMP Echo Requests (type 8) are sent to host computers from the attacker, who waits for which type of packet to confirm that the host computer is live? a. ICMP SYN-ACK packet b. ICMP SYN packet c. ICMP Echo Reply (type 8) d. ICMP Echo Reply (type 0)
d. ICMP Echo Reply (type 0)