Topic 3, Scanning
_______ is one of the programs used to wardial.
A.
DialIT
B.
Netstumbler
C.
TooPac
D.
Kismet
E.
ToneLoc
ToneLoc
Explanation: ToneLoc is one of the programs used to wardial. While this is considered an
"old school" technique, it is still effective at finding backdoors and out of band network entry
points.
You want to scan the live machine on the LAN, what type of scan you should use?
A.
Connect
B.
SYN
C.
TCP
D.
UDP
E.
PING
PING
Explanation: The ping scan is one of the quickest scans that nmap performs, since no
actual ports are queried. Unlike a port scan where thousands of packets are transferred
between two stations, a ping scan requires only two frames. This scan is useful for locating
active devices or determining if ICMP is passing through a firewall.
An nmap command that includes the host specification of 202.176.56-57.* will scan
_______ number of hosts.
A.
2
B.
256
C.
512
D.
Over 10,000
512
Explanation: The hosts with IP address 202.176.56.0-255 & 202.176.56.0-255 will be
scanned (256+256=512)
What is the proper response for a X-MAS scan if the port is open?
A.
SYN
B.
ACK
C.
FIN
D.
PSH
E.
RST
F.
No response
No response
Explanation: Closed ports respond to a X-MAS scan by ignoring the packet.
What flags are set in a X-MAS scan?(Choose all that apply.)
A.
SYN
B.
ACK
C.
FIN
D.
PSH
E.
RST
F.
URG
FIN
PSH
URG
Explanation: FIN, URG, and PSH are set high in the TCP packet for a X-MAS scan
________ is an automated vulnerability assessment tool.
A.
Whack a Mole
B.
Nmap
C.
Nessus
D.
Kismet
E.
Jill32
Nessus
Explanation: Nessus is a vulnerability assessment tool.
Which of the following is an automated vulnerability assessment tool.
A.
Whack a Mole
B.
Nmap
C.
Nessus
D.
Kismet
E.
Jill32
Nessus
Explanation: Nessus is a vulnerability assessment tool.
What are the four steps is used by nmap scanning?
A.
DNS Lookup
B.
ICMP Message
C.
Ping
D.
Reverse DNS lookup
E.
TCP three way handshake
F.
The Actual nmap scan
DNS Lookup
Ping
Reverse DNS lookup
The Actual nmap scan
Explanation: Nmap performs four steps during a normal device scan. Some of these steps
can be modified or disabled using options on the nmap command line.
If a hostname is used as a remote device specification, nmap will perform a DNS
lookup prior to the scan.
Nmap pings the remote device. This refers to the nmap "ping" process, not
(necessarily) a traditional ICMP echo request.
If an IP address is specified as the remote device, nmap will perform a reverse
DNS lookup in an effort to identify a name that might be associated with the IP
address. This is the opposite process of what happens in step 1, where an IP
address is found from a hostname specification.
Nmap executes the scan. Once the scan is over, this four-step process is
completed. Except for the actual scan process in step four, each of these steps
can be disabled or prevented using different IP addressing or nmap options. The
nmap process can be as "quiet" or as "loud" as necessary!
While performing a ping sweep of a subnet you receive an ICMP reply of Code
3/Type 13 for all the pings sent out.
What is the most likely cause behind this response?
A.
The firewall is dropping the packets.
B.
An in-line IDS is dropping the packets.
C.
A router is blocking ICMP.
D.
The host does not respond to ICMP packets.
A router is blocking ICMP.
Explanation: Type 3 message = Destination Unreachable [RFC792], Code 13 (cause) =
Communication Administratively Prohibited [RFC1812]
Which of the following nmap command in Linux procedures the above output?
A.
sudo nmap –sP 192.168.0.1/24
B.
root nmap –sA 192.168.0.1/24
C.
run nmap –TX 192.168.0.1/24
D.
launch nmap –PP 192.168.0.1/24
sudo nmap –sP 192.168.0.1/24
Explanation: This is an output from a ping scan. The option –sP will give you a ping scan
of the 192.168.0.1/24 network.
What is the proper response for a FIN scan if the port is closed?
A.
SYN
B.
ACK
C.
FIN
D.
PSH
E.
RST
RST
Explanation: Closed ports respond to a FIN scan with a RST.
You are scanning the target network for the first time. You are able to detect few
convention open ports. While attempting to perform conventional service
identification by connecting to the open ports, the scan yields either bad or no
result. As you are unsure of the protocols in use, you want to discover as many
different protocols as possible. Which of the following scan options can help you
achieve this?
A.
Nessus sacn with TCP based pings
B.
Netcat scan with the switches
C.
Nmap scan with the P (ping scan) switch
D.
Nmap with the O (Raw IP Packets switch
Nmap with the O (Raw IP Packets switch
Explanation:
-sO IP protocol scans: This method is used to determine which IP protocols are supported
on a host. The technique is to send raw IP packets without any further protocol header to
each specified protocol on the target machine. If we receive an ICMP protocol unreachable
message, then the protocol is not in use. Otherwise we assume it is open. Note that some
hosts (AIX, HP-UX, Digital UNIX) and firewalls may not send protocol unreachable
messages.
| Page 6 out of 64 Pages |
| Previous |