SIT384 - MCQ

Question 2

____ takes penetration testing to a higher level.

a. Hacking c. Security testing
b. Cracking d. Packet sniffing

Answer 2

c. Security testing

Question 3

The International Council of Electronic Commerce Consultants (EC-Council) has
developed a certification designation called ____.
a. CompTIA Security+
b. OSSTMM Professional Security Tester (OPST)
c. Certified Information Systems Security Professional (CISSP)
d. Certified Ethical Hacker (CEH)

Answer 3

d. Certified Ethical Hacker (CEH)

Question 4

In the TCP/IP stack, the ____ layer is concerned with controlling the flow of data,
sequencing packets for reassembly, and encapsulating the segment with a TCP or UDP
header.
a. Internet c. Transport
b. Network d. Application

Answer 4

c. Transport

Question 5

In the TCP/IP stack, the ____ layer uses IP addresses to route packets.

a. Internet c. Transport
b. Network d. Application

Answer 5

a. Internet

Question 6

A(n) ____ is the logical, not physical, component of a TCP connection.

a. ISN c. port
b. socket d. SYN

Answer 6

c. port

Question 7

The SMTP service uses port ____.

a. 25 c. 69
b. 53 d. 80

Answer 7

a. 25

Question 8

A ____ can replicate itself, usually through an executable program attached to an e-mail.

a. shell c. keylogger
b. virus d. rootkit

Answer 8

b. virus

Question 9

A ____ is a computer program that replicates and propagates itself without having to
attach itself to a host.
a. virus c. worm
b. Trojan d. shell

Answer 9

c. worm

Question 10

PKI stands for ____.

a. Public Key Infrastructure c. Protected Key Infrastructure
b. Private Key Infrastructure d. Primary Key Infrastructure

Answer 10

a. Public Key Infrastructure

Question 11

____ is a tool that is used to perform DNS zone transfers.

a. Whois c. Metis
b. Netcat d. Dig

Answer 11

d. DIG

Question 12

The HTTP ____ method retrieves data by URI.

a. GET c. POST
b. PUT d. HEAD

Answer 12

a. GET

Question 13

____ can be used to read PINs entered at ATMs or to detect long-distance authorization
codes that callers dial.
a. Shoulder surfing c. Zone transferring
b. Footprinting d. Social engineering

Answer 13

a. Shoulder Surfing

Question 14

____ is a reasonably priced commercial port scanner with a GUI interface.

a. AW Security Port Scanner c. Ethereal
b. Common Vulnerabilities and Exposures d. Tcpdump

Answer 14

a. AW Security Port Scanner

Question 15

The ____ relies on the OS of the attacked computer, so it?s a little more risky to use than
the SYN scan.
a. NULL scan c. XMAS scan
b. connect scan d. ACK scan

Answer 15

b. connect scan

Question 16

____ is currently the standard port-scanning tool for security professionals.

a. Unicornscan c. Nessus
b. Fping d. Nmap

Answer 16

d. Nmap

Question 17

Unicornscan optimizes ____ scanning beyond the capabilities of any other port scanner.

a. TCP c. ICMP
b. UDP d. IP

Answer 17

b. UDP

Question 18

____, an open-source fork of Nessus, functions much like a database server, performing
complex queries while the client interfaces with the server to simplify reporting and
configuration.
a. Unicornscan c. OpenVAS
b. NetScanTools d. Nmap

Answer 18

c. OpenVAS

Question 19

The ____ tool enables you to craft an IP packet to your liking.

a. Unicornscan c. Nmap
b. Hping d. Ethereal

Answer 19

b. Hping

Question 20

The ____ command gives you a quick way to see whether there are any shared resources
on a computer or server.
a. Nbtstat c. NetDDE
b. Net view d. Netmon Agent

Answer 20

b. Net view

Question 21

The open-source descendant of Nessus is called ____.

a. NW c. OpenVAS
b. WNessus d. WinNessus

Answer 21

c. OpenVAS