Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CEH Notes > CEH Notes 01 > Flashcards

CEH Notes 01 Flashcards

1
Q

Quiz 1: Which port number is used by HTTP?
A. 80
B. 443
C. 23
D. 161

A

Answer: A. 80

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Quiz 2: Which port number is used by HTTPS?
A. 80
B. 443
C. 23
D. 161

A

Answer: B. 443

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Quiz 3: Which port numbers are used by FTP?
A. 20, 21
B. 23, 25
C. 80, 443
D. 123, 456

A

Answer: A. 20, 21

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Quiz 4: Which port number is used by Telnet?
A. 20
B. 21
C. 22
D. 23

A

Answer: D. 23

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Quiz 5: Which port number is used by SSH?
A. 20
B. 21
C. 22
D. 23

A

Answer: C. 22

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Quiz 6: Which port number is used by DNS for queries and replies?
A. 53
B. 123
C. 161
D. 389

A

Answer: A. 53

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Quiz 7: Which port number is used by DNS for zone transfers?
A. 53
B. 80
C. 161
D. 389

A

Answer: A. 53

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Quiz 8: Which port number is used by NTP?
A. 20
B. 21
C. 22
D. 123

A

Answer: D. 123

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Quiz 9: Which port number is used by RDP?
A. 20
B. 21
C. 22
D. 3389

A

Answer: D. 3389

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Quiz 10: Which port number is used by HP JetDirect?
A. 80
B. 443
C. 23
D. 9100

A

Answer: D. 9100

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Quiz 11: Which port number is used by LDAP?
A. 389
B. 636
C. 161
D. 445

A

Answer: A. 389

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Quiz 12: Which port number is used by LDAPS?
A. 636
B. 389
C. 161
D. 445

A

Answer: A. 636

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Quiz 14: Which port number is used by SYSLOG?
A. 53
B. 161
C. 514
D. 3389

A

Answer: C. 514

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Quiz 15: Which port numbers are used by MS SQL Server?
A. 80, 443
B. 123, 456
C. 1433, 1434
D. 3306, 3307

A

Answer: C. 1433, 1434

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Quiz 16: Which port number is used by MySQL?
A. 3306
B. 389
C. 161
D. 445

A

Answer: A. 3306

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Quiz 17: Which port number is used by Oracle DB?
A. 1521
B. 3306
C. 53
D. 3389

A

Answer: A. 1521

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Quiz 18: Which port number is used by SMB?
A. 80
B. 443
C. 23
D. 445

A

Answer: D. 445

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Quiz 19: Which port numbers are used by NetBIOS?
A. 20, 21, 22
B. 53, 161, 445
C. 137, 138, 139
D. 1433, 1434, 3306

A

Answer: C. 137, 138, 139

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Quiz 1: Which phase of the Cyber Kill Chain involves collecting as much information as possible about the target?
A. Reconnaissance
B. Delivery
C. Exploitation
D. Command and Control

A

Answer: A. Reconnaissance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Quiz 2: Which phase of the Cyber Kill Chain involves selecting or creating a malicious payload or exploit?
A. Weaponization
B. Installation
C. Actions on Objectives
D. Delivery

A

Answer: A. Weaponization

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Quiz 3: Which phase of the Cyber Kill Chain involves sending the weapon to the victim?
A. Reconnaissance
B. Installation
C. Delivery
D. Command and Control

A

Answer: C. Delivery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Quiz 4: Which phase of the Cyber Kill Chain involves exploiting a client-side vulnerability to gain remote access to the target system?
A. Exploitation
B. Installation
C. Reconnaissance
D. Command and Control

A

Answer: A. Exploitation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Quiz 5: Which phase of the Cyber Kill Chain involves downloading and installing more malware to create a backdoor?
A. Reconnaissance
B. Actions on Objectives
C. Installation
D. Delivery

A

Answer: C. Installation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Quiz 6: Which phase of the Cyber Kill Chain involves establishing a 2-way communication channel between the victim and attacker’s computers?
A. Delivery
B. Command and Control
C. Reconnaissance
D. Exploitation

A

Answer: B. Command and Control

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Quiz 7: Which phase of the Cyber Kill Chain is the final objective of the attack?
A. Delivery
B. Installation
C. Actions on Objectives
D. Reconnaissance

A

Answer: C. Actions on Objectives

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Quiz 1: Which class of hacker is an ethical hacker who tests systems with permission to find vulnerabilities and help fix them?
A. White Hat
B. Gray Hat
C. Black Hat
D. Script Kiddie

A

Answer: A. White Hat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Quiz 2: Which class of hacker falls between the white and black hat categories and may test systems without permission but may disclose vulnerabilities to the vendor?
A. White Hat
B. Gray Hat
C. Black Hat
D. Script Kiddie

A

Answer: B. Gray Hat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Quiz 3: Which class of hacker is an unethical hacker who uses his/her knowledge of security to break into systems and gain unauthorized access for personal gain?
A. White Hat
B. Gray Hat
C. Black Hat
D. Script Kiddie

A

Answer: C. Black Hat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Quiz 4: Which class of attacker is unskilled and uses pre-existing tools and scripts to perform attacks without understanding the underlying concepts?
A. White Hat
B. Gray Hat
C. Black Hat
D. Script Kiddie

A

Answer: D. Script Kiddie

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Quiz 5: Which class of hacker is not related to the concept of hacker classification?
A. White Hat
B. Gray Hat
C. Black Hat
D. Red Hat

A

Answer: D. Red Hat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Quiz 1: In which phase of hacking is information about the target gathered through open source intelligence, scanning, and enumeration?
A. Gaining Access
B. Scanning
C. Clearing Tracks
D. Reconnaissance

A

Answer: D. Reconnaissance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Quiz 2: Which phase of hacking involves looking for vulnerabilities in the target network or system using tools and techniques such as port scanning, vulnerability scanning, and fingerprinting?
A. Clearing Tracks
B. Gaining Access
C. Scanning
D. Reconnaissance

A

Answer: C. Scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Quiz 3: In which phase of hacking does the attacker exploit vulnerabilities to gain unauthorized access to the target system or network?
A. Maintaining Access
B. Gaining Access
C. Scanning
D. Reconnaissance

A

Answer: B. Gaining Access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

Quiz 3: In which phase of hacking does the attacker exploit vulnerabilities to gain unauthorized access to the target system or network?
A. Maintaining Access
B. Gaining Access
C. Scanning
D. Reconnaissance

A

Answer: B. Gaining Access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

Quiz 5: What is the use of multiple layers of defense, such as firewalls, intrusion detection/prevention systems, and access controls, to protect against attacks and minimize the impact of any successful attacks?
A. Defense in Depth
B. Gaining Access
C. Scanning
D. Clearing Tracks

A

Answer: A. Defense in Depth

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Quiz 6: What are the three levels of knowledge and access granted to the penetration tester during the testing process?
A. Red, Blue, Yellow
B. White, Gray, Black Box
C. Alpha, Beta, Gamma
D. A, B, C

A

Answer: B. White, Gray, Black Box

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

Quiz 1: What is the risk assessment approach that considers threats, defenses, and the likelihood and impact of an incident?
A. Quantitative risk assessment
B. Single Loss Expectancy
C. Qualitative assessment
D. Annual Loss Expectancy

A

Answer: C. Qualitative assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

Quiz 2: What is the risk assessment approach where dollar values are assigned to assets in order to calculate the potential financial loss in the event of an incident?
A. Quantitative risk assessment
B. Single Loss Expectancy
C. Qualitative assessment
D. Annual Loss Expectancy

A

Answer: A. Quantitative risk assessment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

Quiz 3: What calculation is used in quantitative risk assessments to determine the expected financial loss if a specific asset is lost?
A. Annual Loss Expectancy (ALE)
B. Single Loss Expectancy (SLE)
C. Exposure Factor (EF)
D. Asset Value (AV)

A

Answer: B. Single Loss Expectancy (SLE)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Quiz 4: What calculation is used in quantitative risk assessments to determine the expected financial loss in a year due to a specific incident?
A. Annual Loss Expectancy (ALE)
B. Single Loss Expectancy (SLE)
C. Exposure Factor (EF)
D. Asset Value (AV)

A

Answer: A. Annual Loss Expectancy (ALE)

41
Q

Quiz 5: What are the options for responding to identified risks?
A. Avoid, Transfer, Mitigate, Accept
B. Qualitative, Quantitative, Single Loss Expectancy, Annual Loss Expectancy
C. Threats, Defenses, Likelihood, Impact
D. None of the above

A

Answer: A. Avoid, Transfer, Mitigate, Accept

42
Q

Quiz 1: What type of cyber threat intelligence provides high-level information on changing risks, such as emerging threat actors, geopolitical events, or new attack vectors?
A. Tactical
B. Technical
C. Operational
D. Strategic

A

Answer: D. Strategic

43
Q

Quiz 2: What type of cyber threat intelligence provides information on an attacker’s tactics, techniques, and procedures (TTPs)?
A. Tactical
B. Technical
C. Operational
D. Strategic

A

Answer: A. Tactical

44
Q

Quiz 3: What type of cyber threat intelligence provides information on a specific incoming attack or threat, such as IP addresses, domains, or command and control infrastructure?
A. Technical
B. Operational
C. Strategic
D. Tactical

A

Answer: B. Operational

45
Q

Quiz 4: What type of cyber threat intelligence provides information on specific indicators of compromise (IOCs), such as file hashes, registry keys, or network traffic patterns?
A. Technical
B. Operational
C. Strategic
D. Tactical

A

Answer: A. Technical

46
Q

Quiz 1: In which phase of incident handling and response does an organization create an IH&R plan, get training for incident handlers, obtain necessary tools, and create policies and procedures for incident management?
A. Incident Triage
B. Preparation
C. Notification
D. Recovery

A

Answer: B. Preparation

47
Q

Quiz 2: In which phase of incident handling and response is the incident analyzed, validated, categorized, and prioritized?
A. Incident Triage
B. Recovery
C. Notification
D. Evidence gathering / forensic analysis

A

Answer: A. Incident Triage

48
Q

Quiz 3: In which phase of incident handling and response is the root cause of the incident removed/eliminated, and all attack vectors are closed to prevent similar incidents from happening in the future?
A. Eradication
B. Recovery
C. Post-Incident activities
D. Containment

A

Answer: A. Eradication

49
Q

Quiz 4: What is the purpose of the post-incident activities phase in incident handling and response?
A. To review the incident and determine its impact
B. To restore systems, services, and data
C. To inform various stakeholders of the incident
D. To create an IH&R plan

A

Answer: A. To review the incident and determine its impact

50
Q

Quiz 1: In which phase of incident handling and response is the incident recorded and assigned to the appropriate incident handler personnel?
A. Notification
B. Incident Triage
C. Recovery
D. Incident Recording and Assignment

A

Answer: D. Incident Recording and Assignment

51
Q

Quiz 2: What is the purpose of the containment phase in incident handling and response?
A. To isolate the incident and stop its propagation
B. To restore systems, services, and data
C. To review the incident and determine its impact
D. To gather evidence and perform forensic analysis

A

Answer: A. To isolate the incident and stop its propagation

52
Q

Quiz 3: In which phase of incident handling and response is evidence gathered and submitted to the forensics department for investigation?
A. Recovery
B. Evidence gathering / forensic analysis
C. Notification
D. Eradication

A

Answer: B. Evidence gathering / forensic analysis

53
Q

Quiz 4: What is the purpose of the recovery phase in incident handling and response?
A. To isolate the incident and stop its propagation
B. To restore systems, services, and data
C. To review the incident and determine its impact
D. To gather evidence and perform forensic analysis

A

Answer: B. To restore systems, services, and data

54
Q

Quiz 1: Which US law sets the standard for protecting sensitive patient data?
A. FISMA
B. SOX
C. HIPAA
D. PCI-DSS

A

Answer: C. HIPAA

55
Q

Quiz 2: What is the purpose of the PCI-DSS?
A. To ensure the security of government information, operations, and assets
B. To define a comprehensive framework to protect financial disclosures of public companies
C. To maintain a secure environment for credit card information
D. To protect personally identifiable information

A

Answer: C. To maintain a secure environment for credit card information

56
Q

Quiz 3: Which US law sets standards for financial accounting and reporting of public companies?
A. FISMA
B. SOX
C. HIPAA
D. PCI-DSS

A

Answer: B. SOX

57
Q

Quiz 4: What is the definition of PII?
A. Any information related to an individual’s health status, medical condition, or treatment
B. Any information that can be used to identify a specific individual
C. A set of security standards for protecting government information
D. A set of standards for protecting sensitive patient data

A

Answer: B. Any information that can be used to identify a specific individual

58
Q

Quiz 2: What is the purpose of the HIPAA?
A. To maintain a secure environment for credit card information
B. To define a comprehensive framework to protect government information
C. To protect sensitive patient data
D. To protect financial disclosures of public companies

A

Answer: C. To protect sensitive patient data

59
Q

Quiz 3: What does PII stand for?
A. Personal Investment Information
B. Personally Identifiable Information
C. Payment Industry Information
D. Public Information Infrastructure

A

Answer: B. Personally Identifiable Information

60
Q

Quiz 4: What is the purpose of the PCI-DSS?
A. To maintain a secure environment for credit card information
B. To ensure the security of government information
C. To protect sensitive patient data
D. To set standards for financial accounting and reporting of public companies

A

Answer: A. To maintain a secure environment for credit card information

61
Q

Quiz 5: Which US law defines a comprehensive framework to protect government information, operations, and assets against natural or man-made threats?
A. FISMA
B. SOX
C. HIPAA
D. PCI-DSS

A

Answer: A. FISMA

62
Q

Quiz 6: What does PHI stand for?
A. Personal Housing Information
B. Protected Health Information
C. Payment History Information
D. Public Health Infrastructure

A

Answer: B. Protected Health Information

63
Q

Quiz 1: What is the difference between Active and Passive reconnaissance?
A. Active reconnaissance involves eavesdropping while passive reconnaissance engages the target.
B. Active reconnaissance engages the target while passive reconnaissance involves eavesdropping.
C. Active reconnaissance involves conducting vulnerability scans while passive reconnaissance involves social engineering.
D. Active reconnaissance involves using search engines while passive reconnaissance involves using online tools.

A

Answer: B. Active reconnaissance engages the target while passive reconnaissance involves eavesdropping.

64
Q

Quiz 2: What does OSINT stand for?
A. Open-Source Internet Tools
B. Online Security Intelligence Techniques
C. Operating System Internet Tools
D. Open-Source Intelligence

A

Answer: D. Open-Source Intelligence

65
Q

Quiz 3: What is the purpose of Google advanced search operators?
A. To conduct social engineering attacks
B. To engage in active reconnaissance
C. To improve the effectiveness of search queries
D. To find vulnerabilities in websites

A

Answer: C. To improve the effectiveness of search queries

66
Q

Quiz 4: How do you negate a search term in Google search?
A. Use the “allinurl” operator
B. Use the “related” operator
C. Use the “intitle” operator
D. Use a hyphen before the search term

A

Answer: D. Use a hyphen before the search term

67
Q

Quiz 5: What is the purpose of Netcraft?
A. To provide internet security services
B. To find vulnerabilities in websites
C. To conduct social engineering attacks
D. To provide anonymous surfing

A

Answer: A. To provide internet security services

68
Q

Quiz 6: What is the purpose of Guardster.com?
A. To provide internet security services
B. To find vulnerabilities in websites
C. To conduct social engineering attacks
D. To provide anonymous surfing

A

Answer: D. To provide anonymous surfing

69
Q

Quiz 7: What is the purpose of Hootsuite?
A. To find vulnerabilities in websites
B. To provide internet security services
C. To conduct social engineering attacks
D. To manage social media accounts

A

Answer: D. To manage social media accounts

70
Q

Quiz 8: What is the purpose of Archive.org?
A. To provide anonymous surfing
B. To manage social media accounts
C. To find vulnerabilities in websites
D. To look up past versions of a website

A

Answer: D. To look up past versions of a website

71
Q

Quiz 9: What is the purpose of Web-Stat?
A. To find vulnerabilities in websites
B. To conduct social engineering attacks
C. To provide anonymous surfing
D. To observe visitors to a website in real-time

A

Answer: D. To observe visitors to a website in real-time

72
Q

Quiz 10: What is the purpose of CeWL?
A. To manage social media accounts
B. To conduct social engineering attacks
C. To provide internet security services
D. To crawl a website and make a list of words or terms

A

Answer: D. To crawl a website and make a list of words or terms

73
Q

Quiz 11: What is the purpose of email tracking tools like Infoga?
A. To conduct social engineering attacks
B. To manage social media accounts
C. To find vulnerabilities in websites
D. To track an email and extract information about the sender

A

Answer: D. To track an email and extract information about the sender

74
Q

Quiz: What is the purpose of a Whois Lookup?
A. To discover information about a registered domain name, such as DNS servers and creation date
B. To perform network diagnostics and identify IP devices
C. To look up who owns a particular IP address
D. To find the geographical location of routers and servers

A

Answer: A. To discover information about a registered domain name, such as DNS servers and creation date.

75
Q

Quiz: What is the purpose of ARIN Whois search?
A. To discover information about a registered domain name, such as DNS servers and creation date
B. To perform network diagnostics and identify IP devices
C. To look up who owns a particular IP address
D. To see the range of IP’s owned by an organization

A

Answer: D. To see the range of IP’s owned by an organization.

76
Q

Quiz: What is VisualRoute?
A. A tool for DNS footprinting
B. A tool for Whois Lookup
C. A traceroute and network diagnostics tool
D. A tool for performing email tracking

A

Answer: C. A traceroute and network diagnostics tool that can identify the geographical location of routers, servers, and other IP devices.

77
Q

Quiz: What is DNS footprinting?
A. Finding DNS information such as web, mail, and DNS server addresses
B. Identifying the geographical location of routers and servers
C. Extracting information about a sender’s identity and IP address
D. Crawling a website to make a list of e-mail addresses

A

Answer: A. Finding DNS information such as web, mail, and DNS server addresses.

78
Q

Quiz: What is the purpose of a DNS SOA record?
A. To map an IP address to a fully qualified domain name
B. To map an IPv6 address to a fully qualified domain name
C. To find the mail server IP
D. To identify the primary DNS server for a domain

A

Answer: D. To identify the primary DNS server for a domain.

79
Q

Quiz 1: What is the TCP 3-way handshake and what is its purpose?
A. A protocol used for fast data transfers
B. A process that establishes a TCP conversation and synchronizes sequence and acknowledgement numbers
C. A handshake used to establish a UDP connection
D. A method of spoofing IP addresses

A

Answer: B. A process that establishes a TCP conversation and synchronizes sequence and acknowledgement numbers.

80
Q

Quiz 2: What are the 6 TCP flags and what do they do?
A. SYN, ACK, FIN, RST, PSH, URG
B. SYN, ACK, FIN, RST, PSH, STOP
C. START, ACK, FIN, RST, PSH, URG
D. SYN, ACK, STOP, RESET, PSH, URG

A

Answer: A. SYN, ACK, FIN, RST, PSH, URG. The SYN flag is used to synchronize sequence numbers, the ACK flag is used to acknowledge received packets, the FIN flag is used to terminate a TCP conversation, the RST flag is used to reset the connection, the PSH flag is used to push data to the receiving application, and the URG flag is used to indicate urgent data.

81
Q

Quiz 3: What is UDP and what are its characteristics?
A. A protocol used for fast data transfers
B. A process that establishes a TCP conversation and synchronizes sequence and acknowledgement numbers
C. A handshake used to establish a TCP connection
D. A method of spoofing IP addresses

A

Answer: A. A protocol used for fast data transfers. UDP is a simple protocol with no flags, no handshake, and no reliability. It is built for speed or for small data transfers.

82
Q

What is the default Nmap host discovery type?
a) ARP ping scan (-PR)
b) ICMP Echo Ping (-PE)
c) ICMP Timestamp Ping (-PP)
d) TCP SYN Ping (-PS)

A

Answer: a) ARP ping scan (-PR)

83
Q

Which Nmap host discovery type uses the ICMP protocol to see if the target is live?
a) ARP ping scan (-PR)
b) ICMP Echo Ping (-PE)
c) ICMP Timestamp Ping (-PP)
d) TCP SYN Ping (-PS)

A

Answer: b) ICMP Echo Ping (-PE)

84
Q

Which Nmap host discovery type can be used if ICMP ECHO pings are blocked by the firewall?
a) ARP ping scan (-PR)
b) ICMP Echo Ping (-PE)
c) ICMP Timestamp Ping (-PP)
d) TCP SYN Ping (-PS)

A

Answer: c) ICMP Timestamp Ping (-PP)

85
Q

Which Nmap host discovery type sends a packet with the TCP SYN flag turned on?
a) ARP ping scan (-PR)
b) ICMP Echo Ping (-PE)
c) ICMP Timestamp Ping (-PP)
d) TCP SYN Ping (-PS)

A

Answer: d) TCP SYN Ping (-PS)

86
Q

Which Nmap host discovery type sends a UDP packet to the host?
a) ARP ping scan (-PR)
b) ICMP Echo Ping (-PE)
c) ICMP Timestamp Ping (-PP)
d) UDP Ping (-PU)

A

Answer: d) UDP Ping (-PU)

87
Q

How many flags are there in the TCP header?
a) 4
b) 6
c) 8
d) 10

A

Answer: b) 6

88
Q

Which TCP flag is used to initiate a connection?
a) SYN
b) ACK
c) FIN
d) RST

A

Answer: a) SYN

89
Q

Which TCP flag is used to terminate a connection?
a) SYN
b) ACK
c) FIN
d) RST

A

Answer: c) FIN

90
Q

Quiz: What is the Nmap option for skipping host discovery and assuming the host is online?

A. -ST
B. -PS
C. -Pn
D. -PA

A

Answer: C. -Pn

91
Q

Quiz: Which Nmap port scanning option completes the TCP 3-way handshake and is the most “normal looking” scan?

A. -ST
B. -SS
C. -SV
D. -SU

A

Answer: A. -ST

92
Q

Quiz: What Nmap option is used for UDP scans and indicates an open port when there is no reply to the scan?

A. -ST
B. -SS
C. -SV
D. -SU

A

Answer: D. -SU

93
Q

Quiz: What are the abnormal flag combinations used by the Xmas, Null, Fin, and Maimon scans in Nmap?

A. SYN, RST
B. Fin, Urg, Push
C. ACK, RST
D. NO flags

A

Answer: B. Fin, Urg, Push

94
Q

Quiz: Which Nmap option is used for version detection and provides the exact version number of the service?

A. -ST
B. -SS
C. -SV
D. -SU

A

Answer: C. -SV

95
Q

Quiz: Which scan can map out firewall rule-sets, especially if there are several firewalls in a row?
A. Maimon scan
B. ACK scan
C. Firewalking
D. Idle scan

A

Answer: C. Firewalking.

Explanation: Firewalking is the process of mapping out firewall rule-sets, especially if there are multiple firewalls in a row. It involves probing the firewall to see which ports are open or filtered. By doing this, the attacker can determine which services are allowed through the firewall and identify potential weaknesses.

96
Q

Quiz: What does an ACK scan return when a port is open or closed?
A. RST
B. SYN-ACK
C. FIN
D. No reply

A

Answer: A. RST.

Explanation: An ACK scan returns a RST whether the port is open or closed (but not filtered). However, looking at deeper details of the RST can give clues as to whether the port is open. If the TTL is less than 64 or the window size is non-zero, then the port is open.

97
Q

Quiz: What does a Fast scan (-F) do?
A. Scans the top 1,000 most common ports
B. Scans the top 100 most common ports
C. Scans all ports
D. Performs a version detection scan

A

Answer: B. Scans the top 100 most common ports.

Explanation: By default, if port numbers are not specified, the top 1,000 most common ports will be scanned. Using the -F switch instead will only scan the top 100 most common port numbers. This is useful for quickly identifying potential targets for further scanning.

98
Q

Quiz: What is the purpose of an Idle scan?
A. To map out firewall rule-sets
B. To find open ports
C. To identify specific services and version numbers
D. To perform a port scan from a spoofed IP address

A

Answer: D. To perform a port scan from a spoofed IP address.

Explanation: The purpose of an Idle scan is to perform a port scan from a spoofed IP address to avoid detection. The scan utilizes the IPID field in the IP header to determine whether a target port is open or closed. An IPID increase of 2 means the port is open, while an IPID increase of 1 means the port is closed.

99
Q

Quiz: What is the purpose of adding the -sV switch to a port scan in nmap?
A. To skip host discovery and go straight to port scanning
B. To perform a UDP scan
C. To find open ports on a target
D. To verify the exact service and version number running on a target

A

Answer: D. To verify the exact service and version number running on a target.

Explanation: When performing a port scan with nmap, adding the -sV switch will verify the exact service and version number running on a target in addition to finding open ports. This can be useful for identifying specific vulnerabilities that are associated with a particular service version.

CEH Notes (7 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions