Home > Articles

This chapter is from the book

Review Questions

  1. Your client has asked you to run an Nmap scan against the servers it has located in its DMZ. The client would like you to identify the OS. Which of the following switches would be your best option?

    1. nmap -P0

    2. nmap -sO

    3. nmap -sS

    4. nmap -O

  2. During an internal pen test, you have gained access to an internal switch. You have been able to SPAN a port and are now monitoring all traffic with Wireshark. While reviewing this traffic, you are able to identify the OS of the devices that are communicating. What best describes this activity?

    1. Vulnerability scanning

    2. Nmap port scanning

    3. Active OS fingerprinting

    4. Passive OS fingerprinting

  3. ICMP is a valuable tool for troubleshooting and reconnaissance. What is the correct type for a ping request and a ping response?

    1. Ping request type 5, ping reply type 3

    2. Ping request type 8, ping reply type 0

    3. Ping request type 3, ping reply type 5

    4. Ping request type 0, ping reply type 8

  4. Which of the following is a vulnerability in the Bash shell that was discovered in 2014 and thereafter exploited to launch a range of attacks against Linux and UNIX systems?

    1. Shellshock

    2. Heartbleed

    3. Bashshell

    4. Poodle

  5. As part of a pen test, you have port scanned a Linux system. Listed here is the scan you performed: nmap -sX -vv -P0 192.168.1.123 -p 80. If the system had the specific listening port open, what would be returned?

    1. RST

    2. No response

    3. SYN ACK

    4. ACK

  6. Which of the following Netcat commands could be used to perform a UDP scan of the lower 1024 ports?

    1. Nc -sS -O target 1-1024

    2. Nc -hU <host(s)>

    3. Nc -sU -p 1-1024 <host(s)>

    4. Nc -u -v -w2 <host> 1-1024

  7. You have been assigned a junior pen tester during a pen test. You performed the following scan:

    nmap -sL www.example.com
    Starting Nmap 6.25 ( http://nmap.org ) at 2016-10-12 18:46
     Central Daylight Time
    Host 93.184.216.34 not scanned

    Your partner asks you to explain the results. Which of the following best describes the correct answer?

    1. The system was offline.

    2. The technique only checks DNS and does not scan.

    3. The syntax is incorrect.

    4. ICMP is blocked, so no scan is performed.

  8. Which of the following sets all TCP flags to zeros?

    1. nmap -sn 192.168.1.1/24

    2. nmap -null 192.168.1.1/24

    3. nmap -sX 192.168.1.1/24

    4. nmap -sI 192.168.1.1/24

  9. You have captured some packets from a system you would like to passively fingerprint. You noticed that the IP header length is 20 bytes and there is a datagram length of 84 bytes. What do you believe the system to be?

    1. Windows XP

    2. Linux

    3. Windows 7

    4. Windows 8

  10. During the network mapping phase of a pen test, you have discovered the following two IP addresses: 192.168.1.24 and 192.168.1.35. They both have a mask of 255.255.255.224. Which of the following is true?

    1. They are on the same network.

    2. They both have a default gateway of 192.168.1.63.

    3. They both have a default gateway of 192.168.1.254.

    4. They are on separate subnets.

  11. What type of scan is harder to perform because of the lack of response from open services and because packets could be lost due to congestion or from firewall blocked ports?

    1. Stealth scanning

    2. ACK scanning

    3. UDP scanning

    4. FIN scan

  12. You would like to perform a scan that runs a script against SSH and attempts to extract the SSH host key. Which of the following is the correct syntax?

    1. nmap -sC -p21, 111, 139 -T3 www.knowthetrade.com

    2. nmap -sC -p22, 111, 139 -T4 www.knowthetrade.com

    3. nmap -sL -p21, 111, 139 -T3 www.knowthetrade.com

    4. nmap -sI -p22, 111, 139 -T4 www.knowthetrade.com

  13. You have just performed an ACK scan and have been monitoring a sniffer while the scan was performed. The sniffer captured the result of the scan as an ICMP type 3 code 13. What does this result mean?

    1. The firewall is only a router with an ACL.

    2. The port is open.

    3. Port knocking is used.

    4. The port is closed.

  14. One of the members of your security assessment team is trying to find out more information about a client’s website. The Brazilian-based site has a .com extension. She has decided to use some online Whois tools and look in one of the Regional Internet Registries. Which of the following represents the logical starting point?

    1. AfriNIC

    2. ARIN

    3. APNIC

    4. RIPE

  15. You have captured the Wireshark scan results shown in Figure 3-13 and are attempting to determine what type of scan was performed against the targeted system. What is your answer?

    1. SYN

    2. IPID

    3. NULL

    4. XMAS

      03fig13_alt.jpg

      Figure 3-13 Wireshark Scan Capture

  16. What is the purpose of the following Nmap scan?

    Nmap -sn 192.168.123.1-254
    1. Ping only on the targets, no port scan

    2. A NULL TCP scan

    3. A TCP port scan

    4. Port scan all targets

  17. You’re starting a port scan of a new network. Which of the following can be used to scan all ports on the 192.168.123.1 network?

    1. nmap -p 1,65536 192.168.123.1

    2. nmap -p- 192.168.123.1

    3. nmap 192.168.123.1 -ports "all"

    4. nmap -p 0-65536 192.168.123.1

  18. Which of following port-scanning techniques can be used to map out the firewall rules on a router?

    1. NULL scan

    2. ACK scan

    3. Inverse flag scan

    4. Firewalk

  19. What are the two ICMP codes used when performing a ping?

    1. Type 0 and 8

    2. Type 0 and 3

    3. Type 3 and 5

    4. Type 5 and 11

  20. You have successfully scanned a system and identified the following port 80 open. What is the next step you should perform?

    1. Attempt to go to the web page and examine the source code.

    2. Use FTP to connect to port 80.

    3. Telnet to the open port and grab the banner.

    4. Attempt to connect to port 443.

Pearson IT Certification Promotional Mailings & Special Offers

I would like to receive exclusive offers and hear about products from Pearson IT Certification and its family of brands. I can unsubscribe at any time.