Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

ag-Cybersecurity Bootcamp Study Aid > Nmap and Scanning Review Quiz > Flashcards

Nmap and Scanning Review Quiz Flashcards

1
Q

Which type of hacker is considered unethical?

  1. White Hat
  2. Grey Hat
  3. Black Hat
  4. Blue Hat
A

3. Black Hat

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the main difference between ethical and malicious hackers?

  1. Ethical hackers have written permission
  2. Ethical hackers have verbal permission
  3. Ethical hackers don’t use real exploits
  4. Malicious hackers never perform information gathering
A

1. Ethical hackers have written permission

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which type of testing takes place when pentesters have no knowledge of the target network?

  1. Grey Box
  2. Black Box
  3. White Box
  4. Blind test
A

2. Black Box

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Suppose an attacker alters the contents of two files on the server. Which of the following best describes what was compromised?

  1. Authentication
  2. Confidentiality
  3. Integrity
  4. Availability
A

3. Integrity

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which of the following is _not_ a part of information gathering?

  1. Host Discovery
  2. Finding Physical Addresses
  3. Spidering the Client’s Website
  4. Exploiting a Database Server
A
  1. Exploiting a Database Server
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A SYN Scan is used in which kind of reconnaissance?

  1. Active Reconnaissance
  2. Passive Reconnaissance
  3. Open Source Information Gathering
  4. Internal Reconnaissance
A

1. Active Reconnaissance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

An ICMP Type 8 message indicates which of the following?

  1. Ping Request
  2. Router Advertisement
  3. Host Unreachable Message
  4. TTL Failure
A

1. Ping Request

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Suppose you run a SYN scan against a target host. Which of the following best describes the state of connections to the target machine after the scan?

  1. Half-Open
  2. Fully Open
  3. Full Duplex
  4. Half Duplex
A

1. Half-Open

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which of the following is a Layer 2 attack?

  1. ARP Spoofing
  2. SQL Injection
  3. BGP Hijacking
  4. Ping Sweep
A

1. ARP Spoofing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which of the following Nmap flags is used for OS fingerprinting?

  1. -A
  2. oN
  3. -sS
  4. sU
A
  1. -A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Identify what the following Nmap command does: nmap -sn 192.168.12.0/24

  1. Port-Scan all devices in `192.168.12.0/24
  2. Perform a UDP scan on `192.168.12.0/24
  3. Service-Scan `192.168.12.0/24
  4. Perform a Ping Sweep on `192.168.12.0/24
A
  1. Perform a Ping Sweep on `192.168.12.0/24
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Suppose you run the following command. If port 22 is open, which TCP flag is set on the response?

bash
 $ nmap -sS -p 22 192.168.12.7
  1. ACK
  2. SYN
  3. RST
  4. URG
A
  1. SYN
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which argument will be used for OS detection in Nmap?

  1. -G
  2. -L
  3. -S
  4. -O
A
  1. -O
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What will the following nmap command accomplish?

NMAP -sS -O -p 123,153 192.168.100.4

  1. A stealth scan, opening port 123 and 153
  2. A stealth scan, determine the operating system, and scanning of ports 123 and 153
  3. A stealth scan checking all open ports excluding ports 123 and 153
A

2. A stealth scan, determine the operating system, and scanning of ports 123 and 153

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Regarding port enumeration, which port does DNS zone transfer use?

  1. UDP port 161
  2. TCP/UDP port 389
  3. TCP port 137
  4. TCP port 53
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

You are sent to scan a remote host using nmap. Which of the following scan types is the BEST choice to gather the most information while minimizing the chance of detection?

  1. TCP connect scan (-sT)
  2. Xmas scan (-sX)
  3. UDP scan (-sU)
  4. SYN scan (-sS)
A
  1. SYN scan (-sS)
17
Q

You are asked to access a server at a particular IP address. The server does not respond to ping requests, what could be the reason(s)? Select all the apply.

  1. The host is down
  2. Server configured not to respond to ping
  3. Firewall blocks TCP
  4. Firewall blocks ICMP
A
  1. The host is down
  2. Server configured not to respond to ping
    1. Firewall blocks ICMP
18
Q

Which command would you issue to scan all TCP ports on 192.168.1.1?

  1. nmap -p 0,65535 192.168.1.1
  2. nmap -p 1,65536 192.168.1.1
  3. nmap -p 192.168.1.1
  4. nmap -p 0-65535 192.168.1.1
A
  1. nmap -p 0-65535 192.168.1.1
19
Q

Which of the following nmap arguments are used to perform a Null scan:

  1. -sS
  2. -sP
  3. -sN
  4. -sF
A
  1. -sN
20
Q

Most scan attempts can be detected and flagged by:

  1. Proxy
  2. IDS
  3. Router
  4. Switch
A
  1. IDS
21
Q

Which of these scan types in nmap would make a full TCP connection to the target system?

  1. XMAS scan
  2. TCP connect scan
  3. All of these
  4. SYN stealth scan
A
  1. TCP connect scan
22
Q

What does the Nmap -sU flag do?

  1. Enable OS Scanning
  2. Enable TCP scanning
  3. Enable UDP Scanning
  4. Enable Service Scanning
A
  1. Enable UDP Scanning
23
Q

Which of the following is also known as a Zombie scan?

  1. SYN Scan
  2. IDLE Scan
  3. UDP Scan
  4. Full-Connect Scan
A
  1. IDLE Scan
24
Q

Which of the following commands scans both TCP and UDP port 445?

  1. nmap -sT -sU -p 445 192.168.12.75
  2. nmap -p U:445,T:445 192.168.12.75
  3. nmap -sU -pU 445 -pT 192.168.12.75
  4. nmap -sS –all-protocols 192.168.12.75
A
  1. nmap -p U:445,T:445 192.168.12.75
25
Q

Suppose you discover the following IP addresses on a target network: 192.168.1.24 and 192.168.1.35. Both machines have a netmask of 255.255.255.0. Which of the following is true?

  1. The machines are on the same subnet.
  2. The machines are on separate subnets.
  3. The machines are unreachable from one another.
  4. Neither machine is running Windows.
A
  1. The machines are on the same subnet.
26
Q

Which of the following scan types is used to infer firewall rules?

  1. Full Connect Scan
  2. ACK Scan
  3. SYN Scan
  4. IDLE Scan
A
  1. ACK Scan
27
Q

Suppose you dump a Linux machine’s /etc/passwd file during the information gathering phase. You see the lines /bin/nologin and /bin/false for many users. What does this mean?

  1. These users don’t exist.
  2. These users exist, but aren’t stored in the database.
  3. These users exist, but can’t use an interactive shell.
  4. These users exist, but their accounts have been disabled.
A
  1. These users exist, but can’t use an interactive shell.
28
Q

Identify one advantage of an IDLE scan.

  1. They allow an attacker to get information about a target’s open ports without actually sending packets.
  2. They allow an attacker to scan a target without revealing their IP address.
  3. They are undetectable.
  4. They can find all open ports on a machine, including those that are filtered by a firewall.
A
  1. They allow an attacker to scan a target without revealing their IP address.
29
Q

Which of the following commands runs all of Nmap’s SMB scripts against a target?

  1. nmap –smb-all -sV -p 445 192.168.12.17
  2. nmap –script –smb-scripts 192.168.12.17
  3. nmap –script smb-enum-* -sV -p 445 192.168.12.17
  4. nmap –script smb-enum-* 192.168.12.17`
A
  1. nmap –script smb-enum-* -sV -p 445 192.168.12.17

ag-Cybersecurity Bootcamp Study Aid (55 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions