Unit 2 - Practice Quiz

Correct Answer: The technique of gathering information about a target computer system

Explanation: Footprinting is the first step in ethical hacking, focusing on collecting as much information as possible about a target network to identify ways to intrude.

Correct Answer: Collecting information without direct interaction with the target

Explanation: Passive footprinting involves gathering information from public records, news, and social media without directly connecting to the target's network, thereby avoiding detection.

Correct Answer: Social Engineering attacks

Explanation: Footprinting allows attackers to gather personal or organizational details that can be used to craft convincing social engineering attacks or phishing emails.

Correct Answer: To search for pages containing a specific string in the page title

Explanation: The 'intitle:' operator restricts Google search results to pages that contain the specified keyword specifically within the HTML title tag.

Correct Answer: filetype:

Explanation: The 'filetype:' operator allows the user to search specifically for files with a certain extension, such as .pdf, .xls, or .doc.

Correct Answer: A repository of search queries (dorks) used to find sensitive data publicly available

Explanation: The GHDB is a collection of search queries, known as Google Dorks, that can uncover security loopholes, sensitive files, and error messages inadvertently exposed on the internet.

Correct Answer: To identify the technologies and hardware used by the target organization

Explanation: Job listings often describe specific technical requirements (e.g., 'Experience with Cisco ASA Firewalls' or 'Windows Server 2019'), revealing the underlying infrastructure to an attacker.

Correct Answer: EDGAR database

Explanation: The EDGAR database (Electronic Data Gathering, Analysis, and Retrieval system) is run by the SEC and contains financial reports and information about publicly traded companies.

Correct Answer: To identify live hosts, open ports, and services on a network

Explanation: Scanning is the phase following footprinting where the attacker actively connects to the system to identify live hosts, open ports, and the services running on them.

Correct Answer: Checking for social media profiles

Explanation: Checking for social media profiles is part of the Footprinting phase, not the Scanning phase. Scanning involves technical network interrogation (Live systems, Ports, Vulnerabilities).

Correct Answer: Stealth / SYN Scan

Explanation: A SYN scan involves sending a SYN packet and waiting for a SYN-ACK, but sending a RST instead of an ACK to close the connection, never completing the full 3-way handshake.

Correct Answer: TCP Connect completes the full 3-way handshake

Explanation: TCP Connect completes the full connection (SYN -> SYN-ACK -> ACK), which makes it more reliable but also more likely to be logged by the target system compared to a half-open SYN scan.

Correct Answer: FIN, URG, PSH

Explanation: An Xmas scan sets the FIN, URG, and PSH flags, lighting up the packet 'like a Christmas tree' to test how the target OS responds.

Correct Answer: It sends a packet with no flags set

Explanation: A Null scan sends a TCP packet with no flags set (0). Unix-based systems usually respond with a RST if the port is closed and ignore it if open.

Correct Answer: IDLE Scan

Explanation: An IDLE scan (or Zombie scan) uses a spoofed IP address of a silent (idle) machine on the network to probe the target, allowing the attacker to remain undetected.

Correct Answer: It is often slow and unreliable because UDP is connectionless

Explanation: UDP is connectionless and does not send acknowledgments. Scanners must wait for timeouts to determine if a port is open or filtered, making it slow.

Correct Answer: Capturing the welcome message or header sent by a service upon connection

Explanation: Banner grabbing is a technique used to determine the software and version running on a port by analyzing the initial text response (banner) provided by the service.

Correct Answer: Determining the operating system of a target host

Explanation: OS Fingerprinting is the method of identifying the specific operating system running on a target machine by analyzing the characteristics of data packets sent from it.

Correct Answer: Time to Live (TTL) values

Explanation: Different operating systems set different default Time to Live (TTL) values in their IP packets, allowing passive listeners to guess the OS.

Correct Answer: Sending specially crafted packets to the target and analyzing the response

Explanation: Active fingerprinting involves sending malformed or specific TCP/ICMP packets to the target and analyzing the unique way the OS responds to identify it.

Correct Answer: Nmap

Explanation: Nmap (Network Mapper) is the most widely used open-source tool for network discovery, port scanning, and OS fingerprinting.

Correct Answer: To identify which IP addresses in a range are live hosts

Explanation: A Ping Sweep involves sending ICMP Echo Requests to a range of IP addresses to determine which hosts are active (live) before attempting port scans.

Correct Answer: Ensuring sensitive directories are disallowed in robots.txt and not indexed

Explanation: To prevent Google hacking, administrators should configure robots.txt to disallow crawling of sensitive directories and ensure sensitive data is not publicly accessible.

Correct Answer: To hide internal network information from external users

Explanation: Split DNS uses two DNS servers: one for internal users (revealing internal IPs) and one for external users (revealing only public IPs), preventing attackers from mapping the internal network.

Correct Answer: It determines if the firewall is stateful and which ports are filtered

Explanation: ACK scans are used to map out firewall rulesets. If a RST comes back, the port is unfiltered; if nothing comes back (or ICMP unreachable), it is filtered.

Correct Answer: The automated process of identifying known security weaknesses in systems

Explanation: Vulnerability scanning uses automated tools to test a system against a database of known vulnerabilities (like outdated software or missing patches).

Correct Answer: Nessus

Explanation: Nessus is a widely used proprietary vulnerability scanner developed by Tenable.

Correct Answer: The scanner reports a vulnerability that does not actually exist

Explanation: A false positive occurs when the scanning software incorrectly identifies a secure setting or configuration as a vulnerability.

Correct Answer: To hide their actual IP address and identity

Explanation: Proxies act as intermediaries. By routing traffic through a proxy, the target system logs the proxy's IP address instead of the attacker's, providing anonymity.

Correct Answer: Using multiple proxy servers in a sequence to increase anonymity

Explanation: Proxy chaining involves connecting through a series of proxy servers (A -> B -> C -> Target). This makes tracing the original source significantly more difficult.

Correct Answer: Providing anonymity by routing traffic through a distributed network of relays

Explanation: The Onion Router (TOR) directs internet traffic through a free, worldwide, volunteer overlay network to conceal a user's location and usage from network surveillance.

Correct Answer: Port Scanning

Explanation: A SYN scan is a specific technique used to determine the status of ports on a target system, placing it under the Port Scanning branch.

Correct Answer: Domain registration details like owner, contact info, and expiry

Explanation: WHOIS is a protocol used to query databases that store the registered users or assignees of an Internet resource, such as a domain name or IP address block.

Correct Answer: site:

Explanation: The 'site:' operator restricts the search results to the specified domain (e.g., site:example.com).

Correct Answer: The proxy owner may sniff/steal the data passing through it

Explanation: Public proxies are often untrusted. The administrator of the proxy server can inspect, log, or steal unencrypted data passing through their server.

Correct Answer: Configuring a firewall to block unsolicited connection attempts

Explanation: Firewalls and Intrusion Detection Systems (IDS) can be configured to detect scanning patterns and block IP addresses that attempt to connect to closed or sensitive ports.

Correct Answer: Displays Google's cached version of a web page

Explanation: The 'cache:' operator allows a user to view a snapshot of a webpage as it appeared when Google last crawled it, which is useful if the live site is down or content has changed.

Correct Answer: Footprinting/Reconnaissance

Explanation: Social networking sites are rich sources of personal and professional information, making them ideal for the initial footprinting and reconnaissance phase.

Correct Answer: To view previous versions of websites to find old info

Explanation: The Wayback Machine allows attackers to view older versions of a target's website, potentially revealing contact info or employee names that were removed from the current site.

Correct Answer: The scanner completes the 3-way handshake (SYN, SYN-ACK, ACK)

Explanation: In a Full Open (TCP Connect) scan, the scanner completes the connection by sending an ACK after receiving the SYN-ACK, establishing a full connection.

Correct Answer: Gathering publicly available information about competitors

Explanation: Competitive intelligence involves analyzing a competitor's footprint (websites, reports, news) to understand their strategy, which uses similar techniques to ethical hacking footprinting.

Correct Answer: To map the network path and routers between the attacker and the target

Explanation: Traceroute identifies the series of routers (hops) packets take to reach a destination, helping map the network topology.

Correct Answer: Stealth Scan

Explanation: Stealth scans (like SYN scans or FIN scans) are designed to avoid completing connections or use abnormal flags to bypass basic logging mechanisms.

Correct Answer: To mask the user's identity while browsing the web

Explanation: Anonymizers are tools or services (like proxies) that hide the user's real IP address and identity while they navigate the internet.

Correct Answer: The port is closed

Explanation: According to the TCP standard, if a device receives a SYN packet for a closed port, it should respond with a RST (Reset) packet.

Correct Answer: It avoids alerting the target

Explanation: Since passive footprinting relies on public data and does not interact with the target's systems, there are no logs generated on the target side, avoiding detection.

Correct Answer: Visual Traceroute

Explanation: Visual traceroute tools perform a traceroute and then map the IP locations of the hops onto a graphical map.

Correct Answer: Probing DNS servers to extract DNS records (A, MX, CNAME, etc.)

Explanation: DNS interrogation involves querying DNS servers to gather information about the organization's domain names, subdomains, mail servers, and IP addresses.

Correct Answer: Modifying the default TTL values and TCP window sizes

Explanation: By changing the default TCP/IP stack parameters (like TTL and Window size), administrators can confuse fingerprinting tools, making it harder to identify the OS.

Correct Answer: Footprinting gathers broad info, while Scanning actively probes the identified targets

Explanation: Footprinting is the initial broad research phase (often passive). Scanning is the subsequent active phase where specific technical details (ports, services) are probed on the targets found during footprinting.