1What is the primary definition of 'Footprinting' in the context of ethical hacking?
A.The technique of gathering information about a target computer system
B.The act of exploiting a vulnerability in a web application
C.The process of creating a backup of a system
D.The physical tracking of a target user
Correct Answer: The technique of gathering information about a target computer system
Explanation:
Footprinting is the first step in ethical hacking, focusing on collecting as much information as possible about a target network to identify ways to intrude.
Incorrect! Try again.
2Which of the following best describes 'Passive Footprinting'?
A.Running a denial of service attack
B.Interacting directly with the target system
C.Collecting information without direct interaction with the target
D.Scanning ports on the target server
Correct Answer: Collecting information without direct interaction with the target
Explanation:
Passive footprinting involves gathering information from public records, news, and social media without directly connecting to the target's network, thereby avoiding detection.
Incorrect! Try again.
3Which of the following is a major threat introduced by footprinting?
A.Automatic installation of malware
B.Slow internet connection
C.Social Engineering attacks
D.Immediate hardware failure
Correct Answer: Social Engineering attacks
Explanation:
Footprinting allows attackers to gather personal or organizational details that can be used to craft convincing social engineering attacks or phishing emails.
Incorrect! Try again.
4In the footprinting process, what is the 'intitle' Google search operator used for?
A.To search for a string within the URL
B.To limit results to a specific domain
C.To search for a specific file type
D.To search for pages containing a specific string in the page title
Correct Answer: To search for pages containing a specific string in the page title
Explanation:
The 'intitle:' operator restricts Google search results to pages that contain the specified keyword specifically within the HTML title tag.
Incorrect! Try again.
5Which Google search operator would a hacker use to find specific file types, such as PDF or XLS, potentially containing sensitive data?
A.site:
B.related:
C.filetype:
D.link:
Correct Answer: filetype:
Explanation:
The 'filetype:' operator allows the user to search specifically for files with a certain extension, such as .pdf, .xls, or .doc.
Incorrect! Try again.
6What is the 'Google Hacking Database' (GHDB)?
A.A software that blocks Google tracking
B.A repository of search queries (dorks) used to find sensitive data publicly available
C.A database of Google employee passwords
D.A tool to hack Google servers
Correct Answer: A repository of search queries (dorks) used to find sensitive data publicly available
Explanation:
The GHDB is a collection of search queries, known as Google Dorks, that can uncover security loopholes, sensitive files, and error messages inadvertently exposed on the internet.
Incorrect! Try again.
7How can job search sites be used for information gathering?
A.To steal employee bank accounts
B.To modify job descriptions
C.To shut down the company's recruitment portal
D.To identify the technologies and hardware used by the target organization
Correct Answer: To identify the technologies and hardware used by the target organization
Explanation:
Job listings often describe specific technical requirements (e.g., 'Experience with Cisco ASA Firewalls' or 'Windows Server 2019'), revealing the underlying infrastructure to an attacker.
Incorrect! Try again.
8Which financial service database in the US is often used to gather financial information about public companies?
A.EDGAR database
B.Exploit-DB
C.NVD database
D.Whois database
Correct Answer: EDGAR database
Explanation:
The EDGAR database (Electronic Data Gathering, Analysis, and Retrieval system) is run by the SEC and contains financial reports and information about publicly traded companies.
Incorrect! Try again.
9What is the primary purpose of 'Scanning' in the hacking methodology?
A.To identify live hosts, open ports, and services on a network
B.To install a backdoor
C.To gather preliminary information from public sources
D.To gain administrative access to the system
Correct Answer: To identify live hosts, open ports, and services on a network
Explanation:
Scanning is the phase following footprinting where the attacker actively connects to the system to identify live hosts, open ports, and the services running on them.
Incorrect! Try again.
10Which of the following is NOT a typical phase of the scanning methodology?
A.Checking for open ports
B.Checking for vulnerability
C.Checking for live systems
D.Checking for social media profiles
Correct Answer: Checking for social media profiles
Explanation:
Checking for social media profiles is part of the Footprinting phase, not the Scanning phase. Scanning involves technical network interrogation (Live systems, Ports, Vulnerabilities).
Incorrect! Try again.
11Which type of scan is known as a 'Half-open' scan?
A.Null Scan
B.Stealth / SYN Scan
C.TCP Connect Scan
D.Xmas Scan
Correct Answer: Stealth / SYN Scan
Explanation:
A SYN scan involves sending a SYN packet and waiting for a SYN-ACK, but sending a RST instead of an ACK to close the connection, never completing the full 3-way handshake.
Incorrect! Try again.
12What distinguishes a 'TCP Connect' scan from a 'SYN' scan?
A.TCP Connect completes the full 3-way handshake
B.TCP Connect requires root privileges
C.TCP Connect is more stealthy
D.TCP Connect uses UDP packets
Correct Answer: TCP Connect completes the full 3-way handshake
Explanation:
TCP Connect completes the full connection (SYN -> SYN-ACK -> ACK), which makes it more reliable but also more likely to be logged by the target system compared to a half-open SYN scan.
Incorrect! Try again.
13In an 'Xmas Scan', which flags are set in the TCP packet?
A.No flags set
B.FIN, URG, PSH
C.SYN, ACK, RST
D.SYN only
Correct Answer: FIN, URG, PSH
Explanation:
An Xmas scan sets the FIN, URG, and PSH flags, lighting up the packet 'like a Christmas tree' to test how the target OS responds.
Incorrect! Try again.
14What is the defining characteristic of a 'Null Scan'?
A.It sends a packet with all flags set
B.It sends a packet with no flags set
C.It sends an empty UDP payload
D.It sends a ping request only
Correct Answer: It sends a packet with no flags set
Explanation:
A Null scan sends a TCP packet with no flags set (0). Unix-based systems usually respond with a RST if the port is closed and ignore it if open.
Incorrect! Try again.
15Which scan type relies on a 'Zombie' machine to hide the attacker's identity?
A.Ping Sweep
B.TCP Connect Scan
C.IDLE Scan
D.UDP Scan
Correct Answer: IDLE Scan
Explanation:
An IDLE scan (or Zombie scan) uses a spoofed IP address of a silent (idle) machine on the network to probe the target, allowing the attacker to remain undetected.
Incorrect! Try again.
16What is the main challenge associated with 'UDP Scanning'?
A.It requires authentication
B.It is too fast
C.It is often slow and unreliable because UDP is connectionless
D.It is connection-oriented
Correct Answer: It is often slow and unreliable because UDP is connectionless
Explanation:
UDP is connectionless and does not send acknowledgments. Scanners must wait for timeouts to determine if a port is open or filtered, making it slow.
Incorrect! Try again.
17What is 'Banner Grabbing'?
A.Capturing the welcome message or header sent by a service upon connection
B.Copying the website logo
C.Intercepting Wi-Fi signals
D.Stealing physical banners from a company
Correct Answer: Capturing the welcome message or header sent by a service upon connection
Explanation:
Banner grabbing is a technique used to determine the software and version running on a port by analyzing the initial text response (banner) provided by the service.
Incorrect! Try again.
18What is 'OS Fingerprinting'?
A.Scanning for fingerprints on a laptop
B.Cracking the OS password
C.Determining the operating system of a target host
D.Finding the owner of the operating system
Correct Answer: Determining the operating system of a target host
Explanation:
OS Fingerprinting is the method of identifying the specific operating system running on a target machine by analyzing the characteristics of data packets sent from it.
Incorrect! Try again.
19Which parameter is commonly analyzed in Passive OS Fingerprinting?
A.Login Username
B.CPU Temperature
C.Time to Live (TTL) values
D.Hard drive serial number
Correct Answer: Time to Live (TTL) values
Explanation:
Different operating systems set different default Time to Live (TTL) values in their IP packets, allowing passive listeners to guess the OS.
Incorrect! Try again.
20What is 'Active OS Fingerprinting'?
A.Sniffing traffic without sending packets
B.Asking the admin for the OS version
C.Checking the website HTML source code
D.Sending specially crafted packets to the target and analyzing the response
Correct Answer: Sending specially crafted packets to the target and analyzing the response
Explanation:
Active fingerprinting involves sending malformed or specific TCP/ICMP packets to the target and analyzing the unique way the OS responds to identify it.
Incorrect! Try again.
21Which tool is the industry standard for network scanning and OS fingerprinting?
A.Nmap
B.Aircrack-ng
C.Wireshark
D.John the Ripper
Correct Answer: Nmap
Explanation:
Nmap (Network Mapper) is the most widely used open-source tool for network discovery, port scanning, and OS fingerprinting.
Incorrect! Try again.
22What is a 'Ping Sweep' used for?
A.To identify which IP addresses in a range are live hosts
B.To clean up temporary files
C.To measure internet speed
D.To crash a server
Correct Answer: To identify which IP addresses in a range are live hosts
Explanation:
A Ping Sweep involves sending ICMP Echo Requests to a range of IP addresses to determine which hosts are active (live) before attempting port scans.
Incorrect! Try again.
23Which of the following is a countermeasure against Google Hacking?
A.Using a shorter domain name
B.Ensuring sensitive directories are disallowed in robots.txt and not indexed
C.Registering the site with more search engines
D.Removing the robots.txt file
Correct Answer: Ensuring sensitive directories are disallowed in robots.txt and not indexed
Explanation:
To prevent Google hacking, administrators should configure robots.txt to disallow crawling of sensitive directories and ensure sensitive data is not publicly accessible.
Incorrect! Try again.
24What is 'Split DNS' used for as a countermeasure?
A.To hide internal network information from external users
B.To split the internet bill
C.To speed up internet access
D.To increase the number of available IP addresses
Correct Answer: To hide internal network information from external users
Explanation:
Split DNS uses two DNS servers: one for internal users (revealing internal IPs) and one for external users (revealing only public IPs), preventing attackers from mapping the internal network.
Incorrect! Try again.
25How can an ACK scan help an attacker?
A.It retrieves the admin password
B.It opens a backdoor
C.It determines if the firewall is stateful and which ports are filtered
D.It crashes the system
Correct Answer: It determines if the firewall is stateful and which ports are filtered
Explanation:
ACK scans are used to map out firewall rulesets. If a RST comes back, the port is unfiltered; if nothing comes back (or ICMP unreachable), it is filtered.
Incorrect! Try again.
26What is 'Vulnerability Scanning'?
A.Scanning for viruses on a USB drive
B.Monitoring network traffic for speed
C.Scanning a document to PDF
D.The automated process of identifying known security weaknesses in systems
Correct Answer: The automated process of identifying known security weaknesses in systems
Explanation:
Vulnerability scanning uses automated tools to test a system against a database of known vulnerabilities (like outdated software or missing patches).
Incorrect! Try again.
27Which of the following is a common vulnerability scanning tool?
A.FileZilla
B.Outlook
C.Nessus
D.Photoshop
Correct Answer: Nessus
Explanation:
Nessus is a widely used proprietary vulnerability scanner developed by Tenable.
Incorrect! Try again.
28What is a 'False Positive' in vulnerability scanning?
A.The scanner fails to find an existing vulnerability
B.The scanner reports a vulnerability that does not actually exist
C.The scanner crashes during the scan
D.The scanner finds a critical vulnerability
Correct Answer: The scanner reports a vulnerability that does not actually exist
Explanation:
A false positive occurs when the scanning software incorrectly identifies a secure setting or configuration as a vulnerability.
Incorrect! Try again.
29Why would an attacker use a 'Proxy' during scanning?
A.To encrypt the target hard drive
B.To hide their actual IP address and identity
C.To bypass antivirus software on their own machine
D.To speed up the scan
Correct Answer: To hide their actual IP address and identity
Explanation:
Proxies act as intermediaries. By routing traffic through a proxy, the target system logs the proxy's IP address instead of the attacker's, providing anonymity.
Incorrect! Try again.
30What is 'Proxy Chaining'?
A.Connecting multiple computers with a physical chain
B.Using multiple proxy servers in a sequence to increase anonymity
C.Blocking all proxies
D.Linking a proxy to a firewall
Correct Answer: Using multiple proxy servers in a sequence to increase anonymity
Explanation:
Proxy chaining involves connecting through a series of proxy servers (A -> B -> C -> Target). This makes tracing the original source significantly more difficult.
Incorrect! Try again.
31What is the 'TOR' network primarily used for in the context of security?
A.Providing anonymity by routing traffic through a distributed network of relays
B.Hosting websites
C.Filtering spam emails
D.Downloading movies faster
Correct Answer: Providing anonymity by routing traffic through a distributed network of relays
Explanation:
The Onion Router (TOR) directs internet traffic through a free, worldwide, volunteer overlay network to conceal a user's location and usage from network surveillance.
Incorrect! Try again.
32In the context of the 'Family tree of Scans', which category does a SYN scan belong to?
A.Social Engineering
B.Port Scanning
C.Vulnerability Scanning
D.Network Scanning
Correct Answer: Port Scanning
Explanation:
A SYN scan is a specific technique used to determine the status of ports on a target system, placing it under the Port Scanning branch.
Incorrect! Try again.
33What information does 'WHOIS' lookup provide?
A.Domain registration details like owner, contact info, and expiry
B.The root password of the server
C.The list of open ports
D.The current GPS location of the server
Correct Answer: Domain registration details like owner, contact info, and expiry
Explanation:
WHOIS is a protocol used to query databases that store the registered users or assignees of an Internet resource, such as a domain name or IP address block.
Incorrect! Try again.
34Which Google operator limits the search to a specific domain?
A.domain:
B.site:
C.host:
D.url:
Correct Answer: site:
Explanation:
The 'site:' operator restricts the search results to the specified domain (e.g., site:example.com).
Incorrect! Try again.
35What is a potential risk of using public proxies?
A.They always block HTTPS traffic
B.The proxy owner may sniff/steal the data passing through it
C.They cannot access Google
D.They are too expensive
Correct Answer: The proxy owner may sniff/steal the data passing through it
Explanation:
Public proxies are often untrusted. The administrator of the proxy server can inspect, log, or steal unencrypted data passing through their server.
Incorrect! Try again.
36Which of the following is a countermeasure against Port Scanning?
A.Disabling the firewall
B.Publishing all IP addresses online
C.Configuring a firewall to block unsolicited connection attempts
D.Using Telnet instead of SSH
Correct Answer: Configuring a firewall to block unsolicited connection attempts
Explanation:
Firewalls and Intrusion Detection Systems (IDS) can be configured to detect scanning patterns and block IP addresses that attempt to connect to closed or sensitive ports.
Incorrect! Try again.
37What does the Google operator 'cache:' do?
A.Hides the page from Google
B.Speeds up the search
C.Deletes the browser cache
D.Displays Google's cached version of a web page
Correct Answer: Displays Google's cached version of a web page
Explanation:
The 'cache:' operator allows a user to view a snapshot of a webpage as it appeared when Google last crawled it, which is useful if the live site is down or content has changed.
Incorrect! Try again.
38Social networking sites are primarily used in which phase of hacking?
A.Maintaining Access
B.Footprinting/Reconnaissance
C.Clearing Tracks
D.Gaining Access
Correct Answer: Footprinting/Reconnaissance
Explanation:
Social networking sites are rich sources of personal and professional information, making them ideal for the initial footprinting and reconnaissance phase.
Incorrect! Try again.
39What is the purpose of 'archive.org' (Wayback Machine) in footprinting?
A.To store stolen data
B.To hack into government archives
C.To view previous versions of websites to find old info
D.To archive email logs
Correct Answer: To view previous versions of websites to find old info
Explanation:
The Wayback Machine allows attackers to view older versions of a target's website, potentially revealing contact info or employee names that were removed from the current site.
Incorrect! Try again.
40In a 'Full Open' scan, what happens when a port is open?
A.The scanner completes the 3-way handshake (SYN, SYN-ACK, ACK)
B.The scanner sends RST immediately
C.The scanner waits for a timeout
D.The scanner sends a FIN packet
Correct Answer: The scanner completes the 3-way handshake (SYN, SYN-ACK, ACK)
Explanation:
In a Full Open (TCP Connect) scan, the scanner completes the connection by sending an ACK after receiving the SYN-ACK, establishing a full connection.
Incorrect! Try again.
41Which of the following describes 'Competitive Intelligence' in the context of footprinting?
A.Gathering publicly available information about competitors
B.Stealing trade secrets via malware
C.Bribing competitor employees
D.Spying on employees via webcam
Correct Answer: Gathering publicly available information about competitors
Explanation:
Competitive intelligence involves analyzing a competitor's footprint (websites, reports, news) to understand their strategy, which uses similar techniques to ethical hacking footprinting.
Incorrect! Try again.
42What is 'Traceroute' used for in footprinting?
A.To map the network path and routers between the attacker and the target
B.To find the physical location of the server
C.To crack the Wi-Fi password
D.To scan for viruses
Correct Answer: To map the network path and routers between the attacker and the target
Explanation:
Traceroute identifies the series of routers (hops) packets take to reach a destination, helping map the network topology.
Incorrect! Try again.
43Which scan is designed to be invisible to legacy logging systems?
A.TCP Connect Scan
B.Ping Sweep
C.List Scan
D.Stealth Scan
Correct Answer: Stealth Scan
Explanation:
Stealth scans (like SYN scans or FIN scans) are designed to avoid completing connections or use abnormal flags to bypass basic logging mechanisms.
Incorrect! Try again.
44What is the primary function of an 'Anonymizer'?
A.To mask the user's identity while browsing the web
B.To delete cookies
C.To scan for malware
D.To encrypt emails
Correct Answer: To mask the user's identity while browsing the web
Explanation:
Anonymizers are tools or services (like proxies) that hide the user's real IP address and identity while they navigate the internet.
Incorrect! Try again.
45If a target system responds with an RST packet to a SYN packet, what does it usually mean?
A.The system is offline
B.The port is closed
C.The port is open
D.The port is filtered
Correct Answer: The port is closed
Explanation:
According to the TCP standard, if a device receives a SYN packet for a closed port, it should respond with a RST (Reset) packet.
Incorrect! Try again.
46What is the main benefit of 'Passive' footprinting over 'Active'?
A.It provides more detailed technical info
B.It is faster
C.It avoids alerting the target
D.It allows modifying data
Correct Answer: It avoids alerting the target
Explanation:
Since passive footprinting relies on public data and does not interact with the target's systems, there are no logs generated on the target side, avoiding detection.
Incorrect! Try again.
47Which tool allows you to visualize the path of a packet across the internet geographically?
A.Telnet
B.Netcat
C.Visual Traceroute
D.Ping
Correct Answer: Visual Traceroute
Explanation:
Visual traceroute tools perform a traceroute and then map the IP locations of the hops onto a graphical map.
Incorrect! Try again.
48What is 'DNS Interrogation'?
A.Asking the admin for the DNS password
B.Probing DNS servers to extract DNS records (A, MX, CNAME, etc.)
C.Redirecting DNS traffic
D.Deleting DNS records
Correct Answer: Probing DNS servers to extract DNS records (A, MX, CNAME, etc.)
Explanation:
DNS interrogation involves querying DNS servers to gather information about the organization's domain names, subdomains, mail servers, and IP addresses.
Incorrect! Try again.
49Which of the following is a countermeasure against OS Fingerprinting?
A.Using the default OS settings
B.Disabling antivirus
C.Modifying the default TTL values and TCP window sizes
D.Using an open Wi-Fi network
Correct Answer: Modifying the default TTL values and TCP window sizes
Explanation:
By changing the default TCP/IP stack parameters (like TTL and Window size), administrators can confuse fingerprinting tools, making it harder to identify the OS.
Incorrect! Try again.
50What is the relationship between Footprinting and Scanning?
A.Scanning is passive, Footprinting is active
B.They are the same thing
C.Scanning precedes Footprinting
D.Footprinting gathers broad info, while Scanning actively probes the identified targets
Correct Answer: Footprinting gathers broad info, while Scanning actively probes the identified targets
Explanation:
Footprinting is the initial broad research phase (often passive). Scanning is the subsequent active phase where specific technical details (ports, services) are probed on the targets found during footprinting.