1What is the primary definition of 'Footprinting' in the context of ethical hacking?
A.The physical tracking of a target user
B.The technique of gathering information about a target computer system
C.The process of creating a backup of a system
D.The act of exploiting a vulnerability in a web application
Correct Answer: The technique of gathering information about a target computer system
Explanation:
Footprinting is the first step in ethical hacking, focusing on collecting as much information as possible about a target network to identify ways to intrude.
Incorrect! Try again.
2Which of the following best describes 'Passive Footprinting'?
A.Collecting information without direct interaction with the target
B.Interacting directly with the target system
C.Scanning ports on the target server
D.Running a denial of service attack
Correct Answer: Collecting information without direct interaction with the target
Explanation:
Passive footprinting involves gathering information from public records, news, and social media without directly connecting to the target's network, thereby avoiding detection.
Incorrect! Try again.
3Which of the following is a major threat introduced by footprinting?
A.Slow internet connection
B.Automatic installation of malware
C.Immediate hardware failure
D.Social Engineering attacks
Correct Answer: Social Engineering attacks
Explanation:
Footprinting allows attackers to gather personal or organizational details that can be used to craft convincing social engineering attacks or phishing emails.
Incorrect! Try again.
4In the footprinting process, what is the 'intitle' Google search operator used for?
A.To limit results to a specific domain
B.To search for a string within the URL
C.To search for a specific file type
D.To search for pages containing a specific string in the page title
Correct Answer: To search for pages containing a specific string in the page title
Explanation:
The 'intitle:' operator restricts Google search results to pages that contain the specified keyword specifically within the HTML title tag.
Incorrect! Try again.
5Which Google search operator would a hacker use to find specific file types, such as PDF or XLS, potentially containing sensitive data?
A.link:
B.filetype:
C.related:
D.site:
Correct Answer: filetype:
Explanation:
The 'filetype:' operator allows the user to search specifically for files with a certain extension, such as .pdf, .xls, or .doc.
Incorrect! Try again.
6What is the 'Google Hacking Database' (GHDB)?
A.A repository of search queries (dorks) used to find sensitive data publicly available
B.A tool to hack Google servers
C.A database of Google employee passwords
D.A software that blocks Google tracking
Correct Answer: A repository of search queries (dorks) used to find sensitive data publicly available
Explanation:
The GHDB is a collection of search queries, known as Google Dorks, that can uncover security loopholes, sensitive files, and error messages inadvertently exposed on the internet.
Incorrect! Try again.
7How can job search sites be used for information gathering?
A.To modify job descriptions
B.To steal employee bank accounts
C.To identify the technologies and hardware used by the target organization
D.To shut down the company's recruitment portal
Correct Answer: To identify the technologies and hardware used by the target organization
Explanation:
Job listings often describe specific technical requirements (e.g., 'Experience with Cisco ASA Firewalls' or 'Windows Server 2019'), revealing the underlying infrastructure to an attacker.
Incorrect! Try again.
8Which financial service database in the US is often used to gather financial information about public companies?
A.NVD database
B.Whois database
C.EDGAR database
D.Exploit-DB
Correct Answer: EDGAR database
Explanation:
The EDGAR database (Electronic Data Gathering, Analysis, and Retrieval system) is run by the SEC and contains financial reports and information about publicly traded companies.
Incorrect! Try again.
9What is the primary purpose of 'Scanning' in the hacking methodology?
A.To gather preliminary information from public sources
B.To identify live hosts, open ports, and services on a network
C.To gain administrative access to the system
D.To install a backdoor
Correct Answer: To identify live hosts, open ports, and services on a network
Explanation:
Scanning is the phase following footprinting where the attacker actively connects to the system to identify live hosts, open ports, and the services running on them.
Incorrect! Try again.
10Which of the following is NOT a typical phase of the scanning methodology?
A.Checking for live systems
B.Checking for open ports
C.Checking for vulnerability
D.Checking for social media profiles
Correct Answer: Checking for social media profiles
Explanation:
Checking for social media profiles is part of the Footprinting phase, not the Scanning phase. Scanning involves technical network interrogation (Live systems, Ports, Vulnerabilities).
Incorrect! Try again.
11Which type of scan is known as a 'Half-open' scan?
A.Null Scan
B.TCP Connect Scan
C.Stealth / SYN Scan
D.Xmas Scan
Correct Answer: Stealth / SYN Scan
Explanation:
A SYN scan involves sending a SYN packet and waiting for a SYN-ACK, but sending a RST instead of an ACK to close the connection, never completing the full 3-way handshake.
Incorrect! Try again.
12What distinguishes a 'TCP Connect' scan from a 'SYN' scan?
A.TCP Connect requires root privileges
B.TCP Connect completes the full 3-way handshake
C.TCP Connect is more stealthy
D.TCP Connect uses UDP packets
Correct Answer: TCP Connect completes the full 3-way handshake
Explanation:
TCP Connect completes the full connection (SYN -> SYN-ACK -> ACK), which makes it more reliable but also more likely to be logged by the target system compared to a half-open SYN scan.
Incorrect! Try again.
13In an 'Xmas Scan', which flags are set in the TCP packet?
A.FIN, URG, PSH
B.No flags set
C.SYN only
D.SYN, ACK, RST
Correct Answer: FIN, URG, PSH
Explanation:
An Xmas scan sets the FIN, URG, and PSH flags, lighting up the packet 'like a Christmas tree' to test how the target OS responds.
Incorrect! Try again.
14What is the defining characteristic of a 'Null Scan'?
A.It sends a packet with no flags set
B.It sends a packet with all flags set
C.It sends a ping request only
D.It sends an empty UDP payload
Correct Answer: It sends a packet with no flags set
Explanation:
A Null scan sends a TCP packet with no flags set (0). Unix-based systems usually respond with a RST if the port is closed and ignore it if open.
Incorrect! Try again.
15Which scan type relies on a 'Zombie' machine to hide the attacker's identity?
A.IDLE Scan
B.Ping Sweep
C.TCP Connect Scan
D.UDP Scan
Correct Answer: IDLE Scan
Explanation:
An IDLE scan (or Zombie scan) uses a spoofed IP address of a silent (idle) machine on the network to probe the target, allowing the attacker to remain undetected.
Incorrect! Try again.
16What is the main challenge associated with 'UDP Scanning'?
A.It is often slow and unreliable because UDP is connectionless
B.It is too fast
C.It requires authentication
D.It is connection-oriented
Correct Answer: It is often slow and unreliable because UDP is connectionless
Explanation:
UDP is connectionless and does not send acknowledgments. Scanners must wait for timeouts to determine if a port is open or filtered, making it slow.
Incorrect! Try again.
17What is 'Banner Grabbing'?
A.Capturing the welcome message or header sent by a service upon connection
B.Copying the website logo
C.Stealing physical banners from a company
D.Intercepting Wi-Fi signals
Correct Answer: Capturing the welcome message or header sent by a service upon connection
Explanation:
Banner grabbing is a technique used to determine the software and version running on a port by analyzing the initial text response (banner) provided by the service.
Incorrect! Try again.
18What is 'OS Fingerprinting'?
A.Finding the owner of the operating system
B.Determining the operating system of a target host
C.Cracking the OS password
D.Scanning for fingerprints on a laptop
Correct Answer: Determining the operating system of a target host
Explanation:
OS Fingerprinting is the method of identifying the specific operating system running on a target machine by analyzing the characteristics of data packets sent from it.
Incorrect! Try again.
19Which parameter is commonly analyzed in Passive OS Fingerprinting?
A.CPU Temperature
B.Hard drive serial number
C.Time to Live (TTL) values
D.Login Username
Correct Answer: Time to Live (TTL) values
Explanation:
Different operating systems set different default Time to Live (TTL) values in their IP packets, allowing passive listeners to guess the OS.
Incorrect! Try again.
20What is 'Active OS Fingerprinting'?
A.Checking the website HTML source code
B.Sending specially crafted packets to the target and analyzing the response
C.Sniffing traffic without sending packets
D.Asking the admin for the OS version
Correct Answer: Sending specially crafted packets to the target and analyzing the response
Explanation:
Active fingerprinting involves sending malformed or specific TCP/ICMP packets to the target and analyzing the unique way the OS responds to identify it.
Incorrect! Try again.
21Which tool is the industry standard for network scanning and OS fingerprinting?
A.Wireshark
B.Aircrack-ng
C.Nmap
D.John the Ripper
Correct Answer: Nmap
Explanation:
Nmap (Network Mapper) is the most widely used open-source tool for network discovery, port scanning, and OS fingerprinting.
Incorrect! Try again.
22What is a 'Ping Sweep' used for?
A.To clean up temporary files
B.To crash a server
C.To measure internet speed
D.To identify which IP addresses in a range are live hosts
Correct Answer: To identify which IP addresses in a range are live hosts
Explanation:
A Ping Sweep involves sending ICMP Echo Requests to a range of IP addresses to determine which hosts are active (live) before attempting port scans.
Incorrect! Try again.
23Which of the following is a countermeasure against Google Hacking?
A.Removing the robots.txt file
B.Using a shorter domain name
C.Ensuring sensitive directories are disallowed in robots.txt and not indexed
D.Registering the site with more search engines
Correct Answer: Ensuring sensitive directories are disallowed in robots.txt and not indexed
Explanation:
To prevent Google hacking, administrators should configure robots.txt to disallow crawling of sensitive directories and ensure sensitive data is not publicly accessible.
Incorrect! Try again.
24What is 'Split DNS' used for as a countermeasure?
A.To hide internal network information from external users
B.To increase the number of available IP addresses
C.To speed up internet access
D.To split the internet bill
Correct Answer: To hide internal network information from external users
Explanation:
Split DNS uses two DNS servers: one for internal users (revealing internal IPs) and one for external users (revealing only public IPs), preventing attackers from mapping the internal network.
Incorrect! Try again.
25How can an ACK scan help an attacker?
A.It opens a backdoor
B.It crashes the system
C.It determines if the firewall is stateful and which ports are filtered
D.It retrieves the admin password
Correct Answer: It determines if the firewall is stateful and which ports are filtered
Explanation:
ACK scans are used to map out firewall rulesets. If a RST comes back, the port is unfiltered; if nothing comes back (or ICMP unreachable), it is filtered.
Incorrect! Try again.
26What is 'Vulnerability Scanning'?
A.Scanning a document to PDF
B.The automated process of identifying known security weaknesses in systems
C.Monitoring network traffic for speed
D.Scanning for viruses on a USB drive
Correct Answer: The automated process of identifying known security weaknesses in systems
Explanation:
Vulnerability scanning uses automated tools to test a system against a database of known vulnerabilities (like outdated software or missing patches).
Incorrect! Try again.
27Which of the following is a common vulnerability scanning tool?
A.Nessus
B.FileZilla
C.Photoshop
D.Outlook
Correct Answer: Nessus
Explanation:
Nessus is a widely used proprietary vulnerability scanner developed by Tenable.
Incorrect! Try again.
28What is a 'False Positive' in vulnerability scanning?
A.The scanner fails to find an existing vulnerability
B.The scanner crashes during the scan
C.The scanner reports a vulnerability that does not actually exist
D.The scanner finds a critical vulnerability
Correct Answer: The scanner reports a vulnerability that does not actually exist
Explanation:
A false positive occurs when the scanning software incorrectly identifies a secure setting or configuration as a vulnerability.
Incorrect! Try again.
29Why would an attacker use a 'Proxy' during scanning?
A.To bypass antivirus software on their own machine
B.To hide their actual IP address and identity
C.To speed up the scan
D.To encrypt the target hard drive
Correct Answer: To hide their actual IP address and identity
Explanation:
Proxies act as intermediaries. By routing traffic through a proxy, the target system logs the proxy's IP address instead of the attacker's, providing anonymity.
Incorrect! Try again.
30What is 'Proxy Chaining'?
A.Using multiple proxy servers in a sequence to increase anonymity
B.Connecting multiple computers with a physical chain
C.Linking a proxy to a firewall
D.Blocking all proxies
Correct Answer: Using multiple proxy servers in a sequence to increase anonymity
Explanation:
Proxy chaining involves connecting through a series of proxy servers (A -> B -> C -> Target). This makes tracing the original source significantly more difficult.
Incorrect! Try again.
31What is the 'TOR' network primarily used for in the context of security?
A.Hosting websites
B.Providing anonymity by routing traffic through a distributed network of relays
C.Filtering spam emails
D.Downloading movies faster
Correct Answer: Providing anonymity by routing traffic through a distributed network of relays
Explanation:
The Onion Router (TOR) directs internet traffic through a free, worldwide, volunteer overlay network to conceal a user's location and usage from network surveillance.
Incorrect! Try again.
32In the context of the 'Family tree of Scans', which category does a SYN scan belong to?
A.Port Scanning
B.Network Scanning
C.Vulnerability Scanning
D.Social Engineering
Correct Answer: Port Scanning
Explanation:
A SYN scan is a specific technique used to determine the status of ports on a target system, placing it under the Port Scanning branch.
Incorrect! Try again.
33What information does 'WHOIS' lookup provide?
A.Domain registration details like owner, contact info, and expiry
B.The root password of the server
C.The current GPS location of the server
D.The list of open ports
Correct Answer: Domain registration details like owner, contact info, and expiry
Explanation:
WHOIS is a protocol used to query databases that store the registered users or assignees of an Internet resource, such as a domain name or IP address block.
Incorrect! Try again.
34Which Google operator limits the search to a specific domain?
A.host:
B.domain:
C.site:
D.url:
Correct Answer: site:
Explanation:
The 'site:' operator restricts the search results to the specified domain (e.g., site:example.com).
Incorrect! Try again.
35What is a potential risk of using public proxies?
A.The proxy owner may sniff/steal the data passing through it
B.They always block HTTPS traffic
C.They are too expensive
D.They cannot access Google
Correct Answer: The proxy owner may sniff/steal the data passing through it
Explanation:
Public proxies are often untrusted. The administrator of the proxy server can inspect, log, or steal unencrypted data passing through their server.
Incorrect! Try again.
36Which of the following is a countermeasure against Port Scanning?
A.Publishing all IP addresses online
B.Configuring a firewall to block unsolicited connection attempts
C.Disabling the firewall
D.Using Telnet instead of SSH
Correct Answer: Configuring a firewall to block unsolicited connection attempts
Explanation:
Firewalls and Intrusion Detection Systems (IDS) can be configured to detect scanning patterns and block IP addresses that attempt to connect to closed or sensitive ports.
Incorrect! Try again.
37What does the Google operator 'cache:' do?
A.Deletes the browser cache
B.Hides the page from Google
C.Displays Google's cached version of a web page
D.Speeds up the search
Correct Answer: Displays Google's cached version of a web page
Explanation:
The 'cache:' operator allows a user to view a snapshot of a webpage as it appeared when Google last crawled it, which is useful if the live site is down or content has changed.
Incorrect! Try again.
38Social networking sites are primarily used in which phase of hacking?
A.Gaining Access
B.Footprinting/Reconnaissance
C.Clearing Tracks
D.Maintaining Access
Correct Answer: Footprinting/Reconnaissance
Explanation:
Social networking sites are rich sources of personal and professional information, making them ideal for the initial footprinting and reconnaissance phase.
Incorrect! Try again.
39What is the purpose of 'archive.org' (Wayback Machine) in footprinting?
A.To hack into government archives
B.To store stolen data
C.To archive email logs
D.To view previous versions of websites to find old info
Correct Answer: To view previous versions of websites to find old info
Explanation:
The Wayback Machine allows attackers to view older versions of a target's website, potentially revealing contact info or employee names that were removed from the current site.
Incorrect! Try again.
40In a 'Full Open' scan, what happens when a port is open?
A.The scanner sends RST immediately
B.The scanner sends a FIN packet
C.The scanner completes the 3-way handshake (SYN, SYN-ACK, ACK)
D.The scanner waits for a timeout
Correct Answer: The scanner completes the 3-way handshake (SYN, SYN-ACK, ACK)
Explanation:
In a Full Open (TCP Connect) scan, the scanner completes the connection by sending an ACK after receiving the SYN-ACK, establishing a full connection.
Incorrect! Try again.
41Which of the following describes 'Competitive Intelligence' in the context of footprinting?
A.Gathering publicly available information about competitors
B.Spying on employees via webcam
C.Bribing competitor employees
D.Stealing trade secrets via malware
Correct Answer: Gathering publicly available information about competitors
Explanation:
Competitive intelligence involves analyzing a competitor's footprint (websites, reports, news) to understand their strategy, which uses similar techniques to ethical hacking footprinting.
Incorrect! Try again.
42What is 'Traceroute' used for in footprinting?
A.To map the network path and routers between the attacker and the target
B.To find the physical location of the server
C.To crack the Wi-Fi password
D.To scan for viruses
Correct Answer: To map the network path and routers between the attacker and the target
Explanation:
Traceroute identifies the series of routers (hops) packets take to reach a destination, helping map the network topology.
Incorrect! Try again.
43Which scan is designed to be invisible to legacy logging systems?
A.TCP Connect Scan
B.Stealth Scan
C.Ping Sweep
D.List Scan
Correct Answer: Stealth Scan
Explanation:
Stealth scans (like SYN scans or FIN scans) are designed to avoid completing connections or use abnormal flags to bypass basic logging mechanisms.
Incorrect! Try again.
44What is the primary function of an 'Anonymizer'?
A.To encrypt emails
B.To mask the user's identity while browsing the web
C.To scan for malware
D.To delete cookies
Correct Answer: To mask the user's identity while browsing the web
Explanation:
Anonymizers are tools or services (like proxies) that hide the user's real IP address and identity while they navigate the internet.
Incorrect! Try again.
45If a target system responds with an RST packet to a SYN packet, what does it usually mean?
A.The port is open
B.The port is closed
C.The port is filtered
D.The system is offline
Correct Answer: The port is closed
Explanation:
According to the TCP standard, if a device receives a SYN packet for a closed port, it should respond with a RST (Reset) packet.
Incorrect! Try again.
46What is the main benefit of 'Passive' footprinting over 'Active'?
A.It provides more detailed technical info
B.It allows modifying data
C.It is faster
D.It avoids alerting the target
Correct Answer: It avoids alerting the target
Explanation:
Since passive footprinting relies on public data and does not interact with the target's systems, there are no logs generated on the target side, avoiding detection.
Incorrect! Try again.
47Which tool allows you to visualize the path of a packet across the internet geographically?
A.Netcat
B.Visual Traceroute
C.Telnet
D.Ping
Correct Answer: Visual Traceroute
Explanation:
Visual traceroute tools perform a traceroute and then map the IP locations of the hops onto a graphical map.
Incorrect! Try again.
48What is 'DNS Interrogation'?
A.Deleting DNS records
B.Probing DNS servers to extract DNS records (A, MX, CNAME, etc.)
C.Asking the admin for the DNS password
D.Redirecting DNS traffic
Correct Answer: Probing DNS servers to extract DNS records (A, MX, CNAME, etc.)
Explanation:
DNS interrogation involves querying DNS servers to gather information about the organization's domain names, subdomains, mail servers, and IP addresses.
Incorrect! Try again.
49Which of the following is a countermeasure against OS Fingerprinting?
A.Modifying the default TTL values and TCP window sizes
B.Using the default OS settings
C.Disabling antivirus
D.Using an open Wi-Fi network
Correct Answer: Modifying the default TTL values and TCP window sizes
Explanation:
By changing the default TCP/IP stack parameters (like TTL and Window size), administrators can confuse fingerprinting tools, making it harder to identify the OS.
Incorrect! Try again.
50What is the relationship between Footprinting and Scanning?
A.Footprinting gathers broad info, while Scanning actively probes the identified targets
B.They are the same thing
C.Scanning precedes Footprinting
D.Scanning is passive, Footprinting is active
Correct Answer: Footprinting gathers broad info, while Scanning actively probes the identified targets
Explanation:
Footprinting is the initial broad research phase (often passive). Scanning is the subsequent active phase where specific technical details (ports, services) are probed on the targets found during footprinting.