1What is the primary definition of 'Footprinting' in the context of ethical hacking?
A.The physical tracking of a target user
B.The technique of gathering information about a target computer system
C.The act of exploiting a vulnerability in a web application
D.The process of creating a backup of a system
Correct Answer: The technique of gathering information about a target computer system
Explanation:
Footprinting is the first step in ethical hacking, focusing on collecting as much information as possible about a target network to identify ways to intrude.
Incorrect! Try again.
2Which of the following best describes 'Passive Footprinting'?
A.Running a denial of service attack
B.Interacting directly with the target system
C.Collecting information without direct interaction with the target
D.Scanning ports on the target server
Correct Answer: Collecting information without direct interaction with the target
Explanation:
Passive footprinting involves gathering information from public records, news, and social media without directly connecting to the target's network, thereby avoiding detection.
Incorrect! Try again.
3Which of the following is a major threat introduced by footprinting?
A.Slow internet connection
B.Immediate hardware failure
C.Automatic installation of malware
D.Social Engineering attacks
Correct Answer: Social Engineering attacks
Explanation:
Footprinting allows attackers to gather personal or organizational details that can be used to craft convincing social engineering attacks or phishing emails.
Incorrect! Try again.
4In the footprinting process, what is the 'intitle' Google search operator used for?
A.To search for a specific file type
B.To search for pages containing a specific string in the page title
C.To limit results to a specific domain
D.To search for a string within the URL
Correct Answer: To search for pages containing a specific string in the page title
Explanation:
The 'intitle:' operator restricts Google search results to pages that contain the specified keyword specifically within the HTML title tag.
Incorrect! Try again.
5Which Google search operator would a hacker use to find specific file types, such as PDF or XLS, potentially containing sensitive data?
A.link:
B.site:
C.related:
D.filetype:
Correct Answer: filetype:
Explanation:
The 'filetype:' operator allows the user to search specifically for files with a certain extension, such as .pdf, .xls, or .doc.
Incorrect! Try again.
6What is the 'Google Hacking Database' (GHDB)?
A.A tool to hack Google servers
B.A repository of search queries (dorks) used to find sensitive data publicly available
C.A software that blocks Google tracking
D.A database of Google employee passwords
Correct Answer: A repository of search queries (dorks) used to find sensitive data publicly available
Explanation:
The GHDB is a collection of search queries, known as Google Dorks, that can uncover security loopholes, sensitive files, and error messages inadvertently exposed on the internet.
Incorrect! Try again.
7How can job search sites be used for information gathering?
A.To modify job descriptions
B.To identify the technologies and hardware used by the target organization
C.To steal employee bank accounts
D.To shut down the company's recruitment portal
Correct Answer: To identify the technologies and hardware used by the target organization
Explanation:
Job listings often describe specific technical requirements (e.g., 'Experience with Cisco ASA Firewalls' or 'Windows Server 2019'), revealing the underlying infrastructure to an attacker.
Incorrect! Try again.
8Which financial service database in the US is often used to gather financial information about public companies?
A.EDGAR database
B.Whois database
C.Exploit-DB
D.NVD database
Correct Answer: EDGAR database
Explanation:
The EDGAR database (Electronic Data Gathering, Analysis, and Retrieval system) is run by the SEC and contains financial reports and information about publicly traded companies.
Incorrect! Try again.
9What is the primary purpose of 'Scanning' in the hacking methodology?
A.To identify live hosts, open ports, and services on a network
B.To gather preliminary information from public sources
C.To gain administrative access to the system
D.To install a backdoor
Correct Answer: To identify live hosts, open ports, and services on a network
Explanation:
Scanning is the phase following footprinting where the attacker actively connects to the system to identify live hosts, open ports, and the services running on them.
Incorrect! Try again.
10Which of the following is NOT a typical phase of the scanning methodology?
A.Checking for vulnerability
B.Checking for open ports
C.Checking for live systems
D.Checking for social media profiles
Correct Answer: Checking for social media profiles
Explanation:
Checking for social media profiles is part of the Footprinting phase, not the Scanning phase. Scanning involves technical network interrogation (Live systems, Ports, Vulnerabilities).
Incorrect! Try again.
11Which type of scan is known as a 'Half-open' scan?
A.Null Scan
B.Stealth / SYN Scan
C.Xmas Scan
D.TCP Connect Scan
Correct Answer: Stealth / SYN Scan
Explanation:
A SYN scan involves sending a SYN packet and waiting for a SYN-ACK, but sending a RST instead of an ACK to close the connection, never completing the full 3-way handshake.
Incorrect! Try again.
12What distinguishes a 'TCP Connect' scan from a 'SYN' scan?
A.TCP Connect is more stealthy
B.TCP Connect completes the full 3-way handshake
C.TCP Connect uses UDP packets
D.TCP Connect requires root privileges
Correct Answer: TCP Connect completes the full 3-way handshake
Explanation:
TCP Connect completes the full connection (SYN -> SYN-ACK -> ACK), which makes it more reliable but also more likely to be logged by the target system compared to a half-open SYN scan.
Incorrect! Try again.
13In an 'Xmas Scan', which flags are set in the TCP packet?
A.SYN, ACK, RST
B.No flags set
C.FIN, URG, PSH
D.SYN only
Correct Answer: FIN, URG, PSH
Explanation:
An Xmas scan sets the FIN, URG, and PSH flags, lighting up the packet 'like a Christmas tree' to test how the target OS responds.
Incorrect! Try again.
14What is the defining characteristic of a 'Null Scan'?
A.It sends an empty UDP payload
B.It sends a packet with all flags set
C.It sends a packet with no flags set
D.It sends a ping request only
Correct Answer: It sends a packet with no flags set
Explanation:
A Null scan sends a TCP packet with no flags set (0). Unix-based systems usually respond with a RST if the port is closed and ignore it if open.
Incorrect! Try again.
15Which scan type relies on a 'Zombie' machine to hide the attacker's identity?
A.TCP Connect Scan
B.IDLE Scan
C.Ping Sweep
D.UDP Scan
Correct Answer: IDLE Scan
Explanation:
An IDLE scan (or Zombie scan) uses a spoofed IP address of a silent (idle) machine on the network to probe the target, allowing the attacker to remain undetected.
Incorrect! Try again.
16What is the main challenge associated with 'UDP Scanning'?
A.It is often slow and unreliable because UDP is connectionless
B.It is too fast
C.It requires authentication
D.It is connection-oriented
Correct Answer: It is often slow and unreliable because UDP is connectionless
Explanation:
UDP is connectionless and does not send acknowledgments. Scanners must wait for timeouts to determine if a port is open or filtered, making it slow.
Incorrect! Try again.
17What is 'Banner Grabbing'?
A.Stealing physical banners from a company
B.Capturing the welcome message or header sent by a service upon connection
C.Copying the website logo
D.Intercepting Wi-Fi signals
Correct Answer: Capturing the welcome message or header sent by a service upon connection
Explanation:
Banner grabbing is a technique used to determine the software and version running on a port by analyzing the initial text response (banner) provided by the service.
Incorrect! Try again.
18What is 'OS Fingerprinting'?
A.Determining the operating system of a target host
B.Finding the owner of the operating system
C.Scanning for fingerprints on a laptop
D.Cracking the OS password
Correct Answer: Determining the operating system of a target host
Explanation:
OS Fingerprinting is the method of identifying the specific operating system running on a target machine by analyzing the characteristics of data packets sent from it.
Incorrect! Try again.
19Which parameter is commonly analyzed in Passive OS Fingerprinting?
A.CPU Temperature
B.Hard drive serial number
C.Login Username
D.Time to Live (TTL) values
Correct Answer: Time to Live (TTL) values
Explanation:
Different operating systems set different default Time to Live (TTL) values in their IP packets, allowing passive listeners to guess the OS.
Incorrect! Try again.
20What is 'Active OS Fingerprinting'?
A.Sending specially crafted packets to the target and analyzing the response
B.Sniffing traffic without sending packets
C.Checking the website HTML source code
D.Asking the admin for the OS version
Correct Answer: Sending specially crafted packets to the target and analyzing the response
Explanation:
Active fingerprinting involves sending malformed or specific TCP/ICMP packets to the target and analyzing the unique way the OS responds to identify it.
Incorrect! Try again.
21Which tool is the industry standard for network scanning and OS fingerprinting?
A.Nmap
B.Aircrack-ng
C.John the Ripper
D.Wireshark
Correct Answer: Nmap
Explanation:
Nmap (Network Mapper) is the most widely used open-source tool for network discovery, port scanning, and OS fingerprinting.
Incorrect! Try again.
22What is a 'Ping Sweep' used for?
A.To measure internet speed
B.To identify which IP addresses in a range are live hosts
C.To crash a server
D.To clean up temporary files
Correct Answer: To identify which IP addresses in a range are live hosts
Explanation:
A Ping Sweep involves sending ICMP Echo Requests to a range of IP addresses to determine which hosts are active (live) before attempting port scans.
Incorrect! Try again.
23Which of the following is a countermeasure against Google Hacking?
A.Removing the robots.txt file
B.Using a shorter domain name
C.Registering the site with more search engines
D.Ensuring sensitive directories are disallowed in robots.txt and not indexed
Correct Answer: Ensuring sensitive directories are disallowed in robots.txt and not indexed
Explanation:
To prevent Google hacking, administrators should configure robots.txt to disallow crawling of sensitive directories and ensure sensitive data is not publicly accessible.
Incorrect! Try again.
24What is 'Split DNS' used for as a countermeasure?
A.To increase the number of available IP addresses
B.To hide internal network information from external users
C.To split the internet bill
D.To speed up internet access
Correct Answer: To hide internal network information from external users
Explanation:
Split DNS uses two DNS servers: one for internal users (revealing internal IPs) and one for external users (revealing only public IPs), preventing attackers from mapping the internal network.
Incorrect! Try again.
25How can an ACK scan help an attacker?
A.It determines if the firewall is stateful and which ports are filtered
B.It opens a backdoor
C.It crashes the system
D.It retrieves the admin password
Correct Answer: It determines if the firewall is stateful and which ports are filtered
Explanation:
ACK scans are used to map out firewall rulesets. If a RST comes back, the port is unfiltered; if nothing comes back (or ICMP unreachable), it is filtered.
Incorrect! Try again.
26What is 'Vulnerability Scanning'?
A.Scanning a document to PDF
B.The automated process of identifying known security weaknesses in systems
C.Scanning for viruses on a USB drive
D.Monitoring network traffic for speed
Correct Answer: The automated process of identifying known security weaknesses in systems
Explanation:
Vulnerability scanning uses automated tools to test a system against a database of known vulnerabilities (like outdated software or missing patches).
Incorrect! Try again.
27Which of the following is a common vulnerability scanning tool?
A.Outlook
B.Photoshop
C.Nessus
D.FileZilla
Correct Answer: Nessus
Explanation:
Nessus is a widely used proprietary vulnerability scanner developed by Tenable.
Incorrect! Try again.
28What is a 'False Positive' in vulnerability scanning?
A.The scanner reports a vulnerability that does not actually exist
B.The scanner crashes during the scan
C.The scanner finds a critical vulnerability
D.The scanner fails to find an existing vulnerability
Correct Answer: The scanner reports a vulnerability that does not actually exist
Explanation:
A false positive occurs when the scanning software incorrectly identifies a secure setting or configuration as a vulnerability.
Incorrect! Try again.
29Why would an attacker use a 'Proxy' during scanning?
A.To bypass antivirus software on their own machine
B.To encrypt the target hard drive
C.To hide their actual IP address and identity
D.To speed up the scan
Correct Answer: To hide their actual IP address and identity
Explanation:
Proxies act as intermediaries. By routing traffic through a proxy, the target system logs the proxy's IP address instead of the attacker's, providing anonymity.
Incorrect! Try again.
30What is 'Proxy Chaining'?
A.Connecting multiple computers with a physical chain
B.Linking a proxy to a firewall
C.Using multiple proxy servers in a sequence to increase anonymity
D.Blocking all proxies
Correct Answer: Using multiple proxy servers in a sequence to increase anonymity
Explanation:
Proxy chaining involves connecting through a series of proxy servers (A -> B -> C -> Target). This makes tracing the original source significantly more difficult.
Incorrect! Try again.
31What is the 'TOR' network primarily used for in the context of security?
A.Hosting websites
B.Filtering spam emails
C.Providing anonymity by routing traffic through a distributed network of relays
D.Downloading movies faster
Correct Answer: Providing anonymity by routing traffic through a distributed network of relays
Explanation:
The Onion Router (TOR) directs internet traffic through a free, worldwide, volunteer overlay network to conceal a user's location and usage from network surveillance.
Incorrect! Try again.
32In the context of the 'Family tree of Scans', which category does a SYN scan belong to?
A.Port Scanning
B.Social Engineering
C.Vulnerability Scanning
D.Network Scanning
Correct Answer: Port Scanning
Explanation:
A SYN scan is a specific technique used to determine the status of ports on a target system, placing it under the Port Scanning branch.
Incorrect! Try again.
33What information does 'WHOIS' lookup provide?
A.The root password of the server
B.The list of open ports
C.The current GPS location of the server
D.Domain registration details like owner, contact info, and expiry
Correct Answer: Domain registration details like owner, contact info, and expiry
Explanation:
WHOIS is a protocol used to query databases that store the registered users or assignees of an Internet resource, such as a domain name or IP address block.
Incorrect! Try again.
34Which Google operator limits the search to a specific domain?
A.domain:
B.host:
C.url:
D.site:
Correct Answer: site:
Explanation:
The 'site:' operator restricts the search results to the specified domain (e.g., site:example.com).
Incorrect! Try again.
35What is a potential risk of using public proxies?
A.The proxy owner may sniff/steal the data passing through it
B.They are too expensive
C.They always block HTTPS traffic
D.They cannot access Google
Correct Answer: The proxy owner may sniff/steal the data passing through it
Explanation:
Public proxies are often untrusted. The administrator of the proxy server can inspect, log, or steal unencrypted data passing through their server.
Incorrect! Try again.
36Which of the following is a countermeasure against Port Scanning?
A.Publishing all IP addresses online
B.Configuring a firewall to block unsolicited connection attempts
C.Using Telnet instead of SSH
D.Disabling the firewall
Correct Answer: Configuring a firewall to block unsolicited connection attempts
Explanation:
Firewalls and Intrusion Detection Systems (IDS) can be configured to detect scanning patterns and block IP addresses that attempt to connect to closed or sensitive ports.
Incorrect! Try again.
37What does the Google operator 'cache:' do?
A.Deletes the browser cache
B.Speeds up the search
C.Displays Google's cached version of a web page
D.Hides the page from Google
Correct Answer: Displays Google's cached version of a web page
Explanation:
The 'cache:' operator allows a user to view a snapshot of a webpage as it appeared when Google last crawled it, which is useful if the live site is down or content has changed.
Incorrect! Try again.
38Social networking sites are primarily used in which phase of hacking?
A.Clearing Tracks
B.Maintaining Access
C.Gaining Access
D.Footprinting/Reconnaissance
Correct Answer: Footprinting/Reconnaissance
Explanation:
Social networking sites are rich sources of personal and professional information, making them ideal for the initial footprinting and reconnaissance phase.
Incorrect! Try again.
39What is the purpose of 'archive.org' (Wayback Machine) in footprinting?
A.To archive email logs
B.To store stolen data
C.To hack into government archives
D.To view previous versions of websites to find old info
Correct Answer: To view previous versions of websites to find old info
Explanation:
The Wayback Machine allows attackers to view older versions of a target's website, potentially revealing contact info or employee names that were removed from the current site.
Incorrect! Try again.
40In a 'Full Open' scan, what happens when a port is open?
A.The scanner waits for a timeout
B.The scanner sends RST immediately
C.The scanner sends a FIN packet
D.The scanner completes the 3-way handshake (SYN, SYN-ACK, ACK)
Correct Answer: The scanner completes the 3-way handshake (SYN, SYN-ACK, ACK)
Explanation:
In a Full Open (TCP Connect) scan, the scanner completes the connection by sending an ACK after receiving the SYN-ACK, establishing a full connection.
Incorrect! Try again.
41Which of the following describes 'Competitive Intelligence' in the context of footprinting?
A.Spying on employees via webcam
B.Bribing competitor employees
C.Gathering publicly available information about competitors
D.Stealing trade secrets via malware
Correct Answer: Gathering publicly available information about competitors
Explanation:
Competitive intelligence involves analyzing a competitor's footprint (websites, reports, news) to understand their strategy, which uses similar techniques to ethical hacking footprinting.
Incorrect! Try again.
42What is 'Traceroute' used for in footprinting?
A.To map the network path and routers between the attacker and the target
B.To crack the Wi-Fi password
C.To find the physical location of the server
D.To scan for viruses
Correct Answer: To map the network path and routers between the attacker and the target
Explanation:
Traceroute identifies the series of routers (hops) packets take to reach a destination, helping map the network topology.
Incorrect! Try again.
43Which scan is designed to be invisible to legacy logging systems?
A.Stealth Scan
B.Ping Sweep
C.List Scan
D.TCP Connect Scan
Correct Answer: Stealth Scan
Explanation:
Stealth scans (like SYN scans or FIN scans) are designed to avoid completing connections or use abnormal flags to bypass basic logging mechanisms.
Incorrect! Try again.
44What is the primary function of an 'Anonymizer'?
A.To delete cookies
B.To encrypt emails
C.To mask the user's identity while browsing the web
D.To scan for malware
Correct Answer: To mask the user's identity while browsing the web
Explanation:
Anonymizers are tools or services (like proxies) that hide the user's real IP address and identity while they navigate the internet.
Incorrect! Try again.
45If a target system responds with an RST packet to a SYN packet, what does it usually mean?
A.The system is offline
B.The port is open
C.The port is closed
D.The port is filtered
Correct Answer: The port is closed
Explanation:
According to the TCP standard, if a device receives a SYN packet for a closed port, it should respond with a RST (Reset) packet.
Incorrect! Try again.
46What is the main benefit of 'Passive' footprinting over 'Active'?
A.It allows modifying data
B.It avoids alerting the target
C.It is faster
D.It provides more detailed technical info
Correct Answer: It avoids alerting the target
Explanation:
Since passive footprinting relies on public data and does not interact with the target's systems, there are no logs generated on the target side, avoiding detection.
Incorrect! Try again.
47Which tool allows you to visualize the path of a packet across the internet geographically?
A.Netcat
B.Ping
C.Visual Traceroute
D.Telnet
Correct Answer: Visual Traceroute
Explanation:
Visual traceroute tools perform a traceroute and then map the IP locations of the hops onto a graphical map.
Incorrect! Try again.
48What is 'DNS Interrogation'?
A.Probing DNS servers to extract DNS records (A, MX, CNAME, etc.)
B.Redirecting DNS traffic
C.Asking the admin for the DNS password
D.Deleting DNS records
Correct Answer: Probing DNS servers to extract DNS records (A, MX, CNAME, etc.)
Explanation:
DNS interrogation involves querying DNS servers to gather information about the organization's domain names, subdomains, mail servers, and IP addresses.
Incorrect! Try again.
49Which of the following is a countermeasure against OS Fingerprinting?
A.Using the default OS settings
B.Modifying the default TTL values and TCP window sizes
C.Disabling antivirus
D.Using an open Wi-Fi network
Correct Answer: Modifying the default TTL values and TCP window sizes
Explanation:
By changing the default TCP/IP stack parameters (like TTL and Window size), administrators can confuse fingerprinting tools, making it harder to identify the OS.
Incorrect! Try again.
50What is the relationship between Footprinting and Scanning?
A.Scanning precedes Footprinting
B.Footprinting gathers broad info, while Scanning actively probes the identified targets
C.Scanning is passive, Footprinting is active
D.They are the same thing
Correct Answer: Footprinting gathers broad info, while Scanning actively probes the identified targets
Explanation:
Footprinting is the initial broad research phase (often passive). Scanning is the subsequent active phase where specific technical details (ports, services) are probed on the targets found during footprinting.