Nmap and Scanning Review Quiz Flashcards
Which type of hacker is considered unethical?
- White Hat
- Grey Hat
- Black Hat
- Blue Hat
3. Black Hat
What is the main difference between ethical and malicious hackers?
- Ethical hackers have written permission
- Ethical hackers have verbal permission
- Ethical hackers don’t use real exploits
- Malicious hackers never perform information gathering
1. Ethical hackers have written permission
Which type of testing takes place when pentesters have no knowledge of the target network?
- Grey Box
- Black Box
- White Box
- Blind test
2. Black Box
Suppose an attacker alters the contents of two files on the server. Which of the following best describes what was compromised?
- Authentication
- Confidentiality
- Integrity
- Availability
3. Integrity
Which of the following is _not_ a part of information gathering?
- Host Discovery
- Finding Physical Addresses
- Spidering the Client’s Website
- Exploiting a Database Server
- Exploiting a Database Server
A SYN Scan is used in which kind of reconnaissance?
- Active Reconnaissance
- Passive Reconnaissance
- Open Source Information Gathering
- Internal Reconnaissance
1. Active Reconnaissance
An ICMP Type 8 message indicates which of the following?
- Ping Request
- Router Advertisement
- Host Unreachable Message
- TTL Failure
1. Ping Request
Suppose you run a SYN scan against a target host. Which of the following best describes the state of connections to the target machine after the scan?
- Half-Open
- Fully Open
- Full Duplex
- Half Duplex
1. Half-Open
Which of the following is a Layer 2 attack?
- ARP Spoofing
- SQL Injection
- BGP Hijacking
- Ping Sweep
1. ARP Spoofing
Which of the following Nmap flags is used for OS fingerprinting?
- -A
- oN
- -sS
- sU
- -A
Identify what the following Nmap command does: nmap -sn 192.168.12.0/24
- Port-Scan all devices in `192.168.12.0/24
- Perform a UDP scan on `192.168.12.0/24
- Service-Scan `192.168.12.0/24
- Perform a Ping Sweep on `192.168.12.0/24
- Perform a Ping Sweep on `192.168.12.0/24
Suppose you run the following command. If port 22 is open, which TCP flag is set on the response?
bash $ nmap -sS -p 22 192.168.12.7
- ACK
- SYN
- RST
- URG
- SYN
Which argument will be used for OS detection in Nmap?
- -G
- -L
- -S
- -O
- -O
What will the following nmap command accomplish?
NMAP -sS -O -p 123,153 192.168.100.4
- A stealth scan, opening port 123 and 153
- A stealth scan, determine the operating system, and scanning of ports 123 and 153
- A stealth scan checking all open ports excluding ports 123 and 153
2. A stealth scan, determine the operating system, and scanning of ports 123 and 153
Regarding port enumeration, which port does DNS zone transfer use?
- UDP port 161
- TCP/UDP port 389
- TCP port 137
- TCP port 53
You are sent to scan a remote host using nmap. Which of the following scan types is the BEST choice to gather the most information while minimizing the chance of detection?
- TCP connect scan (-sT)
- Xmas scan (-sX)
- UDP scan (-sU)
- SYN scan (-sS)
- SYN scan (-sS)
You are asked to access a server at a particular IP address. The server does not respond to ping requests, what could be the reason(s)? Select all the apply.
- The host is down
- Server configured not to respond to ping
- Firewall blocks TCP
- Firewall blocks ICMP
- The host is down
- Server configured not to respond to ping
- Firewall blocks ICMP
Which command would you issue to scan all TCP ports on 192.168.1.1?
- nmap -p 0,65535 192.168.1.1
- nmap -p 1,65536 192.168.1.1
- nmap -p 192.168.1.1
- nmap -p 0-65535 192.168.1.1
- nmap -p 0-65535 192.168.1.1
Which of the following nmap arguments are used to perform a Null scan:
- -sS
- -sP
- -sN
- -sF
- -sN
Most scan attempts can be detected and flagged by:
- Proxy
- IDS
- Router
- Switch
- IDS
Which of these scan types in nmap would make a full TCP connection to the target system?
- XMAS scan
- TCP connect scan
- All of these
- SYN stealth scan
- TCP connect scan
What does the Nmap -sU
flag do?
- Enable OS Scanning
- Enable TCP scanning
- Enable UDP Scanning
- Enable Service Scanning
- Enable UDP Scanning
Which of the following is also known as a Zombie scan?
- SYN Scan
- IDLE Scan
- UDP Scan
- Full-Connect Scan
- IDLE Scan
Which of the following commands scans both TCP and UDP port 445?
- nmap -sT -sU -p 445 192.168.12.75
- nmap -p U:445,T:445 192.168.12.75
- nmap -sU -pU 445 -pT 192.168.12.75
- nmap -sS –all-protocols 192.168.12.75
- nmap -p U:445,T:445 192.168.12.75
Suppose you discover the following IP addresses on a target network: 192.168.1.24
and 192.168.1.35
. Both machines have a netmask of 255.255.255.0
. Which of the following is true?
- The machines are on the same subnet.
- The machines are on separate subnets.
- The machines are unreachable from one another.
- Neither machine is running Windows.
- The machines are on the same subnet.
Which of the following scan types is used to infer firewall rules?
- Full Connect Scan
- ACK Scan
- SYN Scan
- IDLE Scan
- ACK Scan
Suppose you dump a Linux machine’s /etc/passwd
file during the information gathering phase. You see the lines /bin/nologin
and /bin/false
for many users. What does this mean?
- These users don’t exist.
- These users exist, but aren’t stored in the database.
- These users exist, but can’t use an interactive shell.
- These users exist, but their accounts have been disabled.
- These users exist, but can’t use an interactive shell.
Identify one advantage of an IDLE scan.
- They allow an attacker to get information about a target’s open ports without actually sending packets.
- They allow an attacker to scan a target without revealing their IP address.
- They are undetectable.
- They can find all open ports on a machine, including those that are filtered by a firewall.
- They allow an attacker to scan a target without revealing their IP address.
Which of the following commands runs all of Nmap’s SMB scripts against a target?
- nmap –smb-all -sV -p 445 192.168.12.17
- nmap –script –smb-scripts 192.168.12.17
- nmap –script smb-enum-* -sV -p 445 192.168.12.17
- nmap –script smb-enum-* 192.168.12.17`
- nmap –script smb-enum-* -sV -p 445 192.168.12.17