Ethical Hacking 3

Question 1

Which UNIX tool can be used to determine the subnets in use on a network?

Answer 1

ICMPquery

Question 2

What can the ike-scan utility be used to test?

Answer 2

The ike-scan utility utilizes the IKE protocol for testing and fingerprinting VPN servers using IPSec

Question 3

You have just deployed a new set of firewall parameters and wish to test firewall rules using an application that will report on what information returns in response to the test. The ideal utility should be capable of remote OS fingerprinting and the ability to discover open ports behind firewalls. What utility should you use?

Answer 3

HPing2

Question 4

What is NOT a typical purpose for which a proxy server is used?

Answer 4

As a router

Question 5

What is the primary purpose of scanning from the perspective of an attacker?

Answer 5

The purpose is to gather information about specific IPs, target operating systems and system architecture, and services running.

Question 6

Regarding the features of the SSL proxy tool, what statement is accurate?

Answer 6

It is built on top of the OpenSSL library.

Question 7

Which protocol can be used for banner grabbing?

Answer 7

Telnet

Question 8

Anonymizers have several limitations; what statement regarding their use is not accurate?

Answer 8

Secure protocols such as HTTPS can be anonymized, but only thought the reduction of the security encryption provides.

Question 9

What operating system family uses a time dependent model where the initial sequence number of a TCP connections is incremented by a fixed amount for each time period?

Answer 9

Windows

Question 10

What type of scanning involves attempting to connect to a target system using TCP or UDP to determine if the services are listening?

Answer 10

port

Question 11

Which scanning method is a basic network scanning technique to determine which range of IP addresses map to live hosts (computers)?

Answer 11

ping sweep

Question 12

Which type of scan is intended to check the services running on a target computer by sending a sequence of messages in an attempt to break in?

Answer 12

port scanning

Question 13

A client has come to you for help in securing their network against scanning attempts. Specifically, the client wants to protect against OS fingerprinting by tools like Nmap. What should you recommend?

Answer 13

Deploy a network intrusion detection system such as snort to detect OS fingerprinting attempts.

Question 14

The TCP three-way handshake is a common networking process that is manipulated to accomplish which step of the scanning methodology?

Answer 14

Check for open ports

Question 15

During which step of the scanning methodology would you use a ping sweep?

Answer 15

Check for live systems

Question 16

What type of port scan is considered to be the most reliable form of TCP scanning?

Answer 16

TCP connect () scan

Question 17

What feature of TCP do attackers use to perform a half-open SYN scan?

Answer 17

Three-way handshake

Question 18

What is not a metric that is used to determine the operating system fingerprint?

Answer 18

Latency

Question 19

In passive fingerprinting, four areas are typically noted to determine the operating system. Which one is based on the number of hops to get to the target?

Answer 19

TTL

Question 20

Which scanning technique uses the IP routing function to deduce the state of a port?

Answer 20

ACK scan