Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

TestOut Ethical Hacker Pro > 10.1.17 Practice Questions > Flashcards

10.1.17 Practice Questions Flashcards

1
Q

Which of the following are network sniffing tools?

answer

Cain and Abel, Ettercap, and TCPDump

Ufasoft snif, TCPDump, and Shark

Ettercap, Ufasoft snif, and Shark

WinDump, KFSensor, and Wireshark

A

Cain and Abel, Ettercap, and TCPDump

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which of the following actions was performed using the WinDump command line sniffer?

An illustration of the WinDump utility output screen showing, C:\windump -I 1 -w C:\test\mycap.pcap, windump: listening on \Device\NPF_(C12EA6C6-5E4B-4F82-0A61-25, 6014 packets captured, 6015 packets received by filter, 0 packets dropped by kernel.

answer

Requested that hexadecimal strings be included from interface 1 to mycap.pcap.

Requested that asci strings are included from interface 1 to mycap.pcap.

Wrote packet capture files from interface 1 into mycap.pcap.

Read packet capture files from interface 1 in mycap.pcap file.

A

Wrote packet capture files from interface 1 into mycap.pcap.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

An illustration of the Ettercap utility showing the drop-down list for the Mitm option, ARP poisoning…, ICMP redirect…, Port stealing…, DHCP spoofing…, NDP poisoning…, and Stop mitm attack(s).

As part of your penetration test, you are using Ettercap in an attempt to spoof DNS. You have configured the target and have selected the dns_spoof option (see image).

To complete the configuration of this test, which of the following MITM options should you select?

answer

ARP poisoning

Port stealing

DHCP spoofing

NDP poisoning

A

ARP poisoning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following is the term used to describe what happens when an attacker sends falsified messages to link their MAC address with the IP address of a legitimate computer or server on the network?

answer

MAC flooding

MAC spoofing

Port mirroring

ARP poisoning

A

ARP poisoning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Listen to exam instructions
A security analyst is using tcpdump to capture suspicious traffic detected on port 443 of a server. The analyst wants to capture the entire packet with hexadecimal and ascii output only. Which of the following tcpdump options will achieve this output?

answer

-SX port 443

src port 443

-SA port 443

-SXX port 443

A

-SX port 443

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Using Wireshark filtering, you want to see all traffic except IP address 192.168.142.3. Which of the following is the best command to filter a specific source IP address?

answer

ip.src && 192.168.142.3

ip.src eq 192.168.142.3

ip.src == 192.168.142.3

ip.src ne 192.168.142.3

A

ip.src ne 192.168.142.3

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

An illustration of a series of packets captured with Wireshark, using a filter.

As the cybersecurity specialist for your company, you believe a hacker is using ARP poisoning to infiltrate your network. To test your hypothesis, you have used Wireshark to capture packets and then filtered the results. After examining the results, which of the following is your best assessment regarding ARP poisoning?

answer

No ARP poisoning is occurring.

ARP poisoning is occurring, as indicated by the multiple Who Has packets being sent.

ARP poisoning is occurring, as indicated by the duplicate response IP address.

ARP poisoning is occurring, as indicated by the short time interval between ARP packets.

A

ARP poisoning is occurring, as indicated by the duplicate response IP address.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

An illustration of a series of packets captured with Wireshark, using a filter.

Using Wireshark, you have used a filter to help capture only the desired types of packets. Using the information shown in the image, which of the following best describes the effects of using the net 192.168.0.0 filter?

answer

Only packets with a source address on the 192.168.0.0 network are captured.

Only packets with a destination address on the 192.168.0.0 network are captured.

Only packets with a source address of 192.168.0.0 are captured.

Only packets with either a source or destination address on the 192.168.0.0 network are captured.

A

Only packets with either a source or destination address on the 192.168.0.0 network are captured.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

An illustration of a series of packets captured with Wireshark, using a filter.

Using Wireshark, you have used a filter to help capture only the desired types of packets. Using the information shown in the image, which of the following best describes the effects of using the host 192.168.0.34 filter?

answer

Only packets with 192.168.0.34 in either the source or destination address are captured.

Only packets with 192.168.0.34 in the destination address are captured.

Only packets on the 192.168.0.34 network are captured.

Only packets with 192.168.0.34 in the source address are captured.

A

Only packets with 192.168.0.34 in either the source or destination address are captured.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An illustration of a series of packets captured with Wireshark, using a filter.

You have been asked to perform a penetration test for a company to see if any sensitive information can be captured by a potential hacker. You have used Wireshark to capture a series of packets. Using the tcp contains Invoice filter, you have found one packet. Using the captured information shown, which of the following is the account manager’s email address?

answer

rscam@woodspecialist.com

fstone@rocks.com

rsmith@thehomedepot.com

lpratt@lowes.com

A

rscam@woodspecialist.com

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

An illustration of a series of packets captured with Wireshark, using a filter.

You have just captured the following packet using Wireshark and the filter shown. Which of the following is the captured password?

answer

watson

watson-p

p@ssw0rd

St@y0ut!@

A

St@y0ut!@

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

An illustration of a series of packets captured with Wireshark, using a filter.
You have been asked to perform a penetration test for a company to see if any sensitive information can be captured by a potential hacker. You have used Wireshark to capture a series of packets. Using the tcp contains Invoice filter, you have found one packet. Using the captured information shown, which of the following is the name of the company requesting payment?

answer

The Home Depot

Lowes

ACME, Inc

Wood Specialist

A

ACME, Inc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Your network administrator is configuring settings so the switch shuts down a port when the max number of MAC addresses is reached. What is the network administrator taking countermeasures against?

answer

Sniffing

Hijacking

Filtering

Spoofing

A

Sniffing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Listen to exam instructions
Using sniffers has become one way for an attacker to view and gather network traffic. If an attacker overcomes your defenses and obtains network traffic, which of the following is the best countermeasure for securing the captured network traffic?

answer

Implement acceptable use policies.

Use intrusion detection countermeasures.

Eliminate unnecessary system applications.

Use encryption for all sensitive traffic.

A

Use encryption for all sensitive traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

TestOut Ethical Hacker Pro (28 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions