TestOut CyberDefense Pro 5.3.13
A hacker wants to check if a port is open using TCP Protocol. The hacker wants to be stealthy and not generate any security logs. Which type of port scan is BEST suited for this endeavor?
A half-open scan, also known as a stealth scan, sends an SYN packet to a port. The three-way handshake does not occur because the originating system does not reply with the final ACK. Because an ACK packet was not sent, a connection was not made, and there is no security log.
When a host initiates a connection to a server via the TCP Protocol, a three-way handshake is used. What is the host's final reply?
ACK is the host's final response to the server to establish a connection. SYN is the first response sent to a server to initiate the connection. FIN is used in the termination of the connection. SYN/ACK is the only response sent by the server to the host. It is the second overall response exchanged.
A hacker doesn't want to use a computer that can be tracked back to them. They decide to use a zombie computer. Which type of scan BEST describes what the hacker is doing?
Idle scans use a zombie computer, which cannot be traced back. A NULL scan does not set any flags in the packet. A covert scan does not exist. Xmas tree scans set all flags in a packet.
Alex, a security specialist, is using an Xmas tree scan. Which of the following TCP flags will be sent back if the port is closed?
If you get an RST flag, you know the port is closed. If you don't get a response, the port may be open.
Troy, a security analyst, is looking for a vulnerability scanning tool for internal use. His boss has told him to find the industry standard tool. Which tool BEST fits his mandate?
Nessus is often considered the industry standard for vulnerability scanning.
John, a security analyst, needs a network mapping tool that will diagram network configurations. Which of the following BEST fits this category?
NetAuditor NetAuditor reports, manages, and diagrams network configurations.
A recently patched Windows machine on your network no longer responds to ping, but you have confirmed it is otherwise functioning normally and servicing incoming connections to other machines on the network. No other changes were made to the machine or its connection to the network. When you use hping3, you get the following output. Which of the following BEST explains that behavior?
The machine's firewall is blocking ICMP.
You are auditing your network for online hosts and open ports. You are using nmap to perform this task. There are notes left from a previous administrator listing the command that they used to perform a previous audit, but there is no explanation as to what it does. You try the command and get the following output. What did the nmap -O 192.168.122.84 command do?
The nmap -O command tries to determine which operating system is running on a host or hosts.
Which type of scan turns on an abundance of flags, causing the packet to be lit up?
Xmas tree scan
When scanning a Linux machine for running applications, you see the following output. Which kill signal should you use to clean up the offending process?
kill -9 The SIGKILL signal is what you would want to use, which is -9 for the kill command. -15 is SIGTERM and -1 is SIGHUP, neither of which is correct.
Which scanning tool uses ICMP protocol?
ping
