T1

Question 1

What is an “exposed attack surface”

Answer 1

Parts of a system or device that can be accessed or attacked over a network, such as open ports, services or protocols

Question 2

What is the purpose of Nmap?

Answer 2

Nmap is a network scanning tool used to discover hosts, open ports, and vulnerabilities on a network

Question 3

What is the command to perform network discovery using ICMP in Nmap?

Answer 3

sudo nmap -sn -v 192.168.0.0/24

Question 4

Why do attackers prefer ICMP scans ove TCP/UDP probes?

Answer 4

Less intrusive and more likely to bypass firewalls

Question 5

How do you perform a network discovery using TCP SYN packets to find active devices on the network?

Answer 5

sudo nmap -sS -v 192.168.0.0/24

Question 6

What is Netdiscover, and how is it different from Nmap?

Answer 6

A passive network discovey tool that listens for traffic, while Nmap actively probes devices.

Question 7

What is the command for passive discovey with Netdiscover?

Answer 7

sudo netdiscove -i < network_device > -p

Question 8

What is the purpose of port scanning in Nmap?

Answer 8

To find services running on a device by identifying open ports

Question 9

What does the command sudo map -sT < ip_host_address > do?

Answer 9

Scans the host using the TCP protocol to find open ports

Question 10

What does the command sudo nmap -sU < ip_host_address > do?

Answer 10

Scans the host using the UDP protocol to find open ports.

Question 11

What is the purpose of sudo nmap -O < ip_host_address >?

Answer 11

It performs a scan using default scripts to find detailed service information and potential vulnerabilities.

Question 12

What is the function of the Nmap “vuln” script?

Answer 12

Detects known vulnerabilities in the services running on the target host.

Question 13

What is Nikto, and what does it do?

Answer 13

Nikto is a web server scanner that identifies vulnerabilities and misconfigurations in HTTP/HTTPS servers.

Question 14

How do you use Nikto to scan a web server on HTTP?

Answer 14

nikto -h < ip_host_address >

Question 15

What is the command to perform a brute-force attack on an SSH service using Nmap?

Answer 15

nmap -p 22 –script ssh-brute -v < ip_host_address >

Question 16

What is privilege escalation?

Answer 16

The process of gaining higher privileges (e.g., admin/root access) on a system by exploiting weak passwords, vulnerabilities, or misconfigurations.

Question 17

What tool can be used to identify local vulnerabilities for privilege escalation?

Answer 17

Lynis

lynis audit system

Question 18

What are some common scanning parameters in Nmap?

Answer 18

• -sT: TCP connect scan.
• -sU: UDP scan.
• -O: Detect operating system.
• -sV: Detect service versions.

Question 19

How many ports are typically scanned by Nmap by default?

Answer 19

1,000 commonly used ports. To scan all 65,535 ports, use:

Question 20

What is the difference between active and passive scanning?

Answer 20

Active Scanning: Sends packets to devices to elicit responses (e.g., Nmap).
Passive Scanning: Observes network traffic without sending packets (e.g., Netdiscover).