Module 03 Quiz
A security engineer is attempting to perform scanning on a company's internal network to verify security policies of their networks. The engineer uses the following NMAP command: nmap -n -sS -P0 -p 80 ***.***.**.** What type of scan is this? A)Quick scan B)Comprehensive scan C)Stealth scan D)Intense scan
Stealth scan
A technician is resolving an issue where a computer is unable to connect to the Internet using a wireless access point. The computer can transfer files locally to other machines, but cannot successfully reach the Internet. When the technician examines the IP address and default gateway, they are both on the 192.168.1.0/24. Which of the following has occurred? A) The computer is using an invalid IP address B) The computer is not using a private IP address C) The gateway is not routing to a public IP address D) The gateway and the computer are not on the same network
The gateway is not routing to a public IP address.
A penetration tester is conducting a port scan on a specific host. The tester found several open ports that were confusing in concluding the operating system (OS) version installed. Considering the NMAP result below, which of the following is likely to be installed on the target machine by the OS? Starting NMAP 7.70 at 2018-03-15 11:06 NMAP scan report for 172.16.40.65 Host is up (1.00s latency). Not shown: 993 closed ports PORT STATE SERVICE 21/tcp open ftp 23/tcp open telnet 80/tcp open http 139/tcp open netbios-ssn 515/tcp open 631/tcp open ipp 9100/tcp open MAC Address: 00:00:48:0D:EE:89 A)The host is likely a router. B)The host is likely a Windows machine. C)The host is likely a printer. D)The host is likely a Linux machine.
The host is likely a printer.
Which NMAP feature can a tester implement or adjust while scanning for open ports to avoid detection by the network's IDS? A)Traceroute to control the path of the packets sent during the scan. B)Timing options to slow the speed that the port scan is conducted. C)Fingerprinting to identify which operating systems are running on the network. D)ICMP ping sweep to determine which hosts on the network are not available .
Timing options to slow the speed that the port scan is conducted.
A penetration tester is attempting to scan an internal corporate network from the Internet without alerting the border sensor. Which of the following techniques should the tester consider using? A)Spoofing an IP address B)Tunneling scan over SSH C)Tunneling over high port numbers D)Scanning using fragmented IP packets
Tunneling scan over SSH
While performing a UDP scan of a subnet, you receive an ICMP reply of Code 3/Type 3 for all the pings you have sent out. What is the most likely cause of this? A)UDP port is closed. B)The host does not respond to ICMP packets. C)UDP port is open D)The firewall is dropping the packets.
UDP port is closed
Which of the following is NOT an objectives of network scanning? A)Discover the services running B)Discover usernames and passwords C0Discover the network's live hosts D)Discover the services running
discover usernames and passwords
Which of the following hping command performs UDP scan on port 80? A)hping3 -1 <IP Address> -p 80 B)hping3 -A <IP Address> -p 80 C)hping3 -2 <IP Address> -p 80 D)hping3 -F -P -U <IP Address> -p 80
hping3 -2 <IP Address> -p 80
A hacker is attempting to see which ports have been left open on a network. Which NMAP switch would the hacker use? A) -sS B)-sU C)-sO D)-sP
-sO
A hacker is attempting to see which IP addresses are currently active on a network. Which NMAP switch would the hacker use? A)-sS B)-sT C)-sU D)-sn
-sn -sn (No port scan): This option tells Nmap not to do a port scan after host discovery and only print out the available hosts that responded to the host discovery probes. This is often called a ping sweep. Here, the hacker is attempting ping sweep to check live systems. So he needs to use the -sP option.
What results will the following command yield? nmap -sS -O -p 123-153 192.168.100.3 A)A stealth scan, determine operating system, and scanning ports 123 to 153. B)A stealth scan, opening port 123 and 153. C)A stealth scan, checking open ports 123 to 153. D)A stealth scan, checking all open ports excluding ports 123 to 153.
A stealth scan, determine operating system, and scanning ports 123 to 153.
What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes the received response? A)Reflective B)Distributive C)Passive D)Active
Active
An NMAP scan of a server shows port 25 is open. What risk could this pose? A) Web portal data leak B)Open printer sharing C)Clear text authentication D)Active mail relay
Active mail relay
You are performing a port scan with Nmap. You are in hurry and conducting the scans at the fastest possible speed. However, you don't want to sacrifice reliability for speed. If stealth is not an issue, what type of scan should you run to get very reliable results? A)XMAS scan B)Connect scan C)Stealth scan D)Fragmented packet scan
Connect scan
If a tester is attempting to ping a target that exists but receives no response or a response that states the destination is unreachable, ICMP may be disabled and the network may be using TCP. Which other option could the tester use to get a response from a host using TCP? A)Traceroute B)TCP ping C)Broadcast D)Hping
Hping
Which of the following is a routing protocol that allows the host to discover the IP addresses of active routers on their subnet by listening to router advertisement and soliciting messages on their network? A) DNS B)IRDP C)ARP D)DHCP
IRDP Internet Router Discover Protocol
Which of the following scanning tools is specifically designed to find potential exploits in Microsoft Windows products? A)Core Impact B)Microsoft Baseline Security Analyzer C)Microsoft Security Baseline Analyzer D)Retina
Microsoft Baseline Security Analyzer
Which of the following open source tools would be the best choice to scan a network for potential targets? A)hashcat B)Cain & Abel C)NMAP D)John the Ripper
NMAP
Which of the following parameters enables NMAP's operating system detection feature? A)NMAP -sC B)NMAP -O C)NMAP -sV D)NMAP -oS
NMAP -O
Which NMAP command combination would let a tester scan every TCP port from a class C network that is blocking ICMP with fingerprinting and service detection? A)NMAP -P0 -A -sT -p0-65535 192.168.0/16 B)NMAP -PN -O -sS -p 1-1024 192.168.0/8 C)NMAP -PN -A -O -sS 192.168.2.0/24 D)NMAP -P0 -A -O -p1-65535 192.168.0/24
NMAP -PN -A -O -sS 192.168.2.0/24
Which of the following resources does NMAP need to be used as a basic vulnerability scanner covering several vectors like SMB, HTTP and FTP? A) NMAP scripting engine B)Metasploit scripting engine C)Nessus scripting engine D)SAINT scripting engine
NMAP scripting engine
Which of the following Hping3 command is used to perform ACK scan? A)hping3 -A <IP Address> -p 80 B)hping3 -2 <IP Address> -p 80 C)hping3 -8 50-60 -S <IP Address> -V D)hping3 -1 <IP Address> -p 80
hping3 -A <IP Address> -p 80 (This command sends ACK packets to port 80 of the specified IP address. ACK scans are used to determine if ports are open or filtered based on the responses received. ) hping3 = command-line tool used for sending custom network packets -A = tells hping3 to send ACK(Acknowledgment) packets. ACK packets are part of the TCP communication process, used to acknowledge received data. <IP ADDRESS> = replace this with actual IP address of the target computer or server you want to scan -p 80 = specifies the port number 80. Port 80 is commonly used for HTTP (web traffic). ------------------------------------- 2. hping3 -2 <IP Address> -p 80 : UDP scan on port 80 (This command sends UDP packets to port 80. It's used for UDP scanning, not ACK scanning). -2 tells hping3 to use UDP (User Datagram Protocol) instead of TCP. UDP is a different way of sending data over the network.) 2. hping3 -8 50-60 -S <IP Address> -V : SYN scan on port 50-60 (This command sends SYN packets with a sequence of ports from 50 to 60. It's used for TCP SYN scanning, not ACK scanning. Used to see if these ports are open by initiating a connection) -8 50-60 = tells hping3 to send packets to a range of ports from 50 to 60. Useful for scanning multiple ports at once.) -S = sends SYN (synchronize) packets. SYN packets re used to start a TCP connection. This is part of the process used in TCP scans to check if ports are open. -V = makes hping3 provide more detailed output (verbose mode) 4. hping3 -1 <IP Address> -p 80 : ICMP ping (This command sends ICMP Echo Request packets, (like ping), to port 80. It's used for ICMP scanning, not ACK scanning.) Used to check if the target is reachable, but the port number is not actually used in ICMP requests. -1 = tells hping3 to use ICMP (Internet Control Message Protocol). IC
An attacker is using the scanning tool Hping to scan and identify live hosts, open ports, and services running on a target network. He/she wants to collect all the TCP sequence numbers generated by the target host.Which of the following Hping commands he/she needs to use to gather the required information? A)hping3 -A <Target IP> -p 80 B)hping3 -S <Target IP> -p 80 --tcp-timestamp C)hping3 <Target IP> -Q -p 139 -s D)hping3 -F -P -U 10.0.0.25 -p 80
hping3 <Target IP> -Q -p 139 -s
An attacker is using the scanning tool Hping to scan and identify live hosts, open ports, and services running on a target network. He/she wants to collect all the TCP sequence numbers generated by the target host.Which of the following Hping commands he/she needs to use to gather the required information? A)hping3 -F -P -U 10.0.0.25 -p 80 B)hping3 <Target IP> -Q -p 139 -s C)hping3 -A <Target IP> -p 80 D)hping3 -S <Target IP> -p 80 --tcp-timestamp
hping3 <Target IP> -Q -p 139 -s
Which of the following network attacks relies on sending an abnormally large packet size that exceeds TCP/IP specifications? A)TCP hijacking B)Smurf attack C)SYN flooding D)Ping of death
ping of death
