Scanning and Enumeration

Question 1

What type an attack is DNS Bruteforcing? (Active or Passive)

Answer 1

Passive.

Question 2

TCP Flag

What is SYN (Synchronize) flag used for?

Answer 2

Set during initial communication. Negotiating of parameters and sequence numbers

Question 3

TCP Flag

What is ACK (Acknowledgment) flag used for?

Answer 3

Set as an acknowledgement to the SYN flag. Always set after initial SYN

Question 4

TCP Flag

What is RST (Reset) flag used for?

Answer 4

Forces the termination of a connection (in both directions)

Question 5

TCP Flag

What is FIN (Finish) flag used for?

Answer 5

Ordered close to communications

Question 6

TCP Flag

What is PSH (Push) flag used for?

Answer 6

Forces the delivery of data without concern for buffering

Question 7

TCP Flag

What is URG (Urgent) flag used for?

Answer 7

Data inside is being sent out of band. Example is cancelling a message

Question 8

What is the 3 step TCP handshake?

Answer 8

1. SYN
2. SYN-ACK
3. ACK

Question 9

What does ICMP stand for?

Answer 9

Internet Control Message Protocol

Question 10

What ICMP message type is 0?

Answer 10

0: Echo Reply

Question 11

What ICMP message type is 3?

Answer 11

3: Destination Unreachable

Question 12

What ICMP message type is 4?

Answer 12

4: Source Quench

Question 13

What ICMP message type is 5?

Answer 13

5: Redirect

Question 14

What ICMP message type is 8?

Answer 14

8: Echo Request

Question 15

What ICMP message type is 11?

Answer 15

11: Time Exceeded

Question 16

Nmap

How do you initiate Full Connect Scan?

Answer 16

nmap -sT

Question 17

Nmap

How do you initiate Stealth (SYN )Scan?

Answer 17

nmap -sS

Question 18

Nmap

How do you initiate ACK Scan?

Answer 18

nmap -sA

Question 19

Nmap

How do you initiate FIN scan?

Answer 19

nmap -sF

Question 20

Nmap

How do you initiate IDLE (Zombie) Scan

Answer 20

nmap -sI

Question 21

Nmap

How do you initiate DNS List Scan?

Answer 21

nmap -sL

Question 22

Nmap

How do you initiate NULL Scan?

Answer 22

nmap -sN

Question 23

Nmap

How do you initiate Protocol Scan?

Answer 23

nmap -sO

Question 24

Nmap

How do you initiate Ping Scan?

Answer 24

nmap -sP

Question 25

Nmap How do you initiate RPC scan?

Answer 25

nmap -sR

Question 26

Nmap How do you initiate Window scan?

Answer 26

nmap -sW

Question 27

Nmap How do you initiate Xmas scan?

Answer 27

nmap -sX

Question 28

Nmap How do you initiate ICMP ping?

Answer 28

nmap -PI

Question 29

Nmap How do you initiate No ping?

Answer 29

nmap -Pn

Question 30

Nmap How do you initiate SYN ping?

Answer 30

nmap -PS

Question 31

Nmap How do you initiate TCP ping?

Answer 31

nmap -PT

Question 32

Nmap How do you set packet fragmentation flag?

Answer 32

nmap -f

Question 33

Nmap How do you set Decoy flag?

Answer 33

nmap -D

Question 34

Hping How do you initiate ICMP mode?

Answer 34

hping3 -1

Question 35

Hping How do you initiate UDP mode?

Answer 35

hping3 -2

Question 36

Hping How do you initiate Scan mode?

Answer 36

hping3 -8

Question 37

Hping How do you initiate Listen mode?

Answer 37

hping3 -9

Question 38

Hping How do you initiate Flood mode?

Answer 38

hping3 --flood

Question 39

Hping How do you collect sequence numbers?

Answer 39

hping -Q

Question 40

Hping How do you set port number?

Answer 40

hping3 -p

Question 41

Hping How do you set FIN flag?

Answer 41

hping3 -F

Question 42

Hping How do you set SYN flag?

Answer 42

hping3 -S

Question 43

Hping How do you set RST flag?

Answer 43

hping3 -R

Question 44

Hping How do you set PSH flag?

Answer 44

hping3 -P

Question 45

Hping How do you set ACK flag?

Answer 45

hping3 -A

Question 46

Hping How do you set URG flag?

Answer 46

hping3 -U

Question 47

Hping How do you set Xmas flag?

Answer 47

hping3 -X

Question 48

SNMP: What is the read-only string?

Answer 48

public

Question 49

SNMP: What is the read-write string?

Answer 49

private

Question 50

What is meant by the following command? ping -t 1.1.1.1

Answer 50

Continuos ping until manually stopeed

Question 51

What is meant by the following command? ping -a 1.1.1.1

Answer 51

Resolve hostname to IP

Question 52

What is meant by the following command? ping -n 6 1.1.1.1

Answer 52

Ping specified amount of times (6).

Question 53

What is mean by the following command? ping -i 12 1.1.1.1

Answer 53

-i specified Time to Live

Question 54

What records does a zone file contain?

Answer 54

SOA NS A MX

Question 55

What tool would you use to fingerprint VPN firewalls?

Answer 55

ike-scan

Question 56

What is ping of death?

Answer 56

Sending packets that exceeds the byte limit (65,535)

Question 57

What is the proper response for a NULL scan if the port is closed?

Answer 57

RST

Question 58

What is a Smurf Attack?

Answer 58

DDoS attack, floods the target network with infinite ICMP request packets with spoofed address of the networks broadcast address.

Question 59

What is the pattern to identify LM hashes that are below 8 characters long?

Answer 59

The hashes will end with AAD3B435B51404EE

Question 60

What are the 3 Access Vector Metrics used in Nessus reports?

Answer 60

1. Local (L) 2. Adjacent Network (A) 3. Network (N)

Question 61

What is a Fraggle attack?

Answer 61

DoS attack that uses UDP protocol

Question 62

What is a Tear Drop attack?

Answer 62

DoS attack that exploits a packet fragment bug

Question 63

What is a SYN Flood attack?

Answer 63

Sending a SYN request to host ports and leaving incomplete TCP handshakes so other users are unable to connect.

Question 64

What is a SYN Attack?

Answer 64

Floods SYN packets to the target with spoofed source IP

Question 65

What is a ICMP Flood attack?

Answer 65

ICMP Echo requests with spoofed source IP

Question 66

What is a Peer-to-peer attack?

Answer 66

Redirect peer-to-peer connections to the target host

Question 67

What is a LAND attack?

Answer 67

Sending SYN packet to the target host with same source IP as the target, crashing the system if Vulnerable.

Question 68

What is purpose of Low Ordbit Ion Cannon (LOIC) tools?

Answer 68

TCP, UDP, HTTP DDoS tool

Question 69

What type of tools is Trinity on Linux?

Answer 69

DDoS Tool

Question 70

What is a Tribe Flood Network?

Answer 70

Voluntary hosts of a botnet, used for DDoS.

Question 71

Which service is NBTSTAT used against?

Answer 71

To discover information from NetBios, ports 137, 138, 139

Question 72

What is Blind/Anonymous FTP?

Answer 72

Allows users to go directly to a specific directory as long as they use the correct path and file name.

Question 73

Nmap How do you initiate default script engine scan?

Answer 73

nmap -sC or nmap --script=default

Question 74

nmap script options

Answer 74

nmap --script=default nmap --script-args= : provides arguments to script nmap --script-args-file= : provides nse script args in a file nmap --script-trace : shows all data sent and received nmap --script-updatedb : updates script database nmap --script-help : shows help