1 $What is the primary function of a packet sniffer in a network environment?$

A.

To flood the network with data

B.

To encrypt network traffic

C.

To capture and analyze network traffic

D.

To block unauthorized access

2 $In which mode must a Network Interface Card (NIC) be configured to capture all packets on a network segment, regardless of the destination MAC address?$

A.

Private Mode

B.

Protected Mode

C.

Safe Mode

D.

Promiscuous Mode

3 $Which of the following best describes 'Passive Sniffing'?$

A.

Using ARP poisoning to redirect traffic

B.

Sniffing on a switched network by injecting packets

C.

Sniffing on a hub-based network without altering traffic

D.

Overloading the switch's CAM table

4 $Why is sniffing on a switched network more difficult than on a hub-based network?$

A.

Switches only forward packets to the specific destination port

B.

Switches encrypt all data by default

C.

Switches do not support Promiscuous mode

D.

Switches have built-in firewalls

5 $What attack technique involves flooding a switch with numerous fake MAC addresses to fill up its CAM table?$

A.

MAC Flooding

B.

ARP Poisoning

C.

DNS Spoofing

D.

DHCP Starvation

6 $What is the result when a switch enters 'fail-open' mode due to a MAC flooding attack?$

A.

It shuts down all ports

B.

It blocks all UDP traffic

C.

It acts like a hub and broadcasts all traffic

D.

It disconnects the attacker

7 $Which protocol is abused during an ARP Poisoning attack?$

A.

Automatic Retrieval Protocol

B.

Authenticated Resolution Protocol

C.

Address Resolution Protocol

D.

Advanced Routing Protocol

8 $ARP Poisoning is commonly used to facilitate which type of attack?$

A.

Man-in-the-Middle (MitM)

B.

SQL Injection

C.

Buffer Overflow

D.

Cross-Site Scripting

9 $What is MAC Spoofing?$

A.

Flooding the network with MAC addresses

B.

Changing the factory-assigned MAC address of a NIC in software

C.

Stealing a user's password via email

D.

Physically replacing a network card

10 $Which switch feature allows an administrator to copy traffic from one port to another for analysis?$

A.

VLAN Tagging

B.

Spanning Tree Protocol

C.

Port Security

D.

SPAN (Switched Port Analyzer)

11 $What is the primary difference between a SPAN port and a hardware network tap?$

A.

Taps drop packets; SPAN guarantees 100% capture

B.

SPAN is undetectable; taps are easily detected

C.

A tap is a physical device inserted into the cable; SPAN is a switch configuration

D.

A tap is software-based; SPAN is hardware-based

12 $Which tool is commonly associated with performing MAC flooding attacks?$

A.

macof

B.

Nessus

C.

Nmap

D.

Wireshark

13 $How can an administrator detect a NIC running in promiscuous mode using DNS?$

A.

The NIC blocks port 53

B.

The NIC performs reverse DNS lookups for every IP it sniffs

C.

The NIC will not respond to DNS queries

D.

The NIC sends broadcast DNS requests only

14 $Which method involves measuring the response time of a host to detect if it is sniffing?$

A.

Etherflood Method

B.

ARP Method

C.

DNS Method

D.

Latency/Ping Method

15 $Which of the following is the most effective defense against packet sniffing?$

A.

Using static IP addresses

B.

Hiding the SSID

C.

Using encryption (e.g., SSH, SSL/TLS)

D.

Using a complex password

16 $What is Social Engineering in the context of information security?$

A.

Manipulating people into divulging confidential information

B.

Hacking into social media servers

C.

Creating social networks for hackers

D.

Engineering secure social platforms

17 $Which is the first phase of a social engineering attack?$

A.

Exploit

B.

Research/Reconnaissance

C.

Develop Relationship

D.

Select Victim

18 $In the context of social engineering phases, what is 'Pretexting' often part of?$

A.

The hardware installation phase

B.

The cleanup phase

C.

The hook/trust development phase

D.

The research phase

19 $Which social engineering threat involves sending fraudulent emails appearing to be from reputable sources?$

A.

Tailgating

B.

Vishing

C.

Dumpster Diving

D.

Phishing

20 $What is 'Vishing'?$

A.

Virtual Phishing

B.

Voice/VoIP Phishing

C.

Video Phishing

D.

Visual Phishing

21 $What is 'Smishing'?$

A.

Phishing via SMS/Text messages

B.

Small Phishing attacks

C.

Smart Phishing

D.

Social Media Phishing

22 $Looking over someone's shoulder to get information such as PINs or passwords is known as:$

A.

Piggybacking

B.

Screen Scraping

C.

Eavesdropping

D.

Shoulder Surfing

23 $Searching through trash to find sensitive information like bills or notes is called:$

A.

Waste Management

B.

Dumpster Diving

C.

Recycling

D.

Garbage Spoofing

24 $An attacker waits for an authorized person to open a secure door and then follows them inside. This is called:$

A.

Fence Jumping

B.

Tailgating/Piggybacking

C.

Door Jamming

D.

Lock Picking

25 $Which attack involves leaving infected physical media (like a USB drive) in a public place hoping someone plugs it in?$

A.

Spamming

B.

Skimming

C.

Phishing

D.

Baiting

26 $What is 'Quid Pro Quo' in social engineering?$

A.

Threatening a victim

B.

Stealing an ID card

C.

Using a fake website

D.

Promising a benefit in exchange for information

27 $Identity theft primarily involves:$

A.

Deleting a user's files

B.

Stealing a physical laptop

C.

Crashing a server

D.

Impersonating someone using their personal information

28 $What is the primary goal of a Denial of Service (DoS) attack?$

A.

To disrupt the availability of a service

B.

To gain administrative access

C.

To compromise data integrity

D.

To steal data

29 $What distinguishes a DDoS attack from a standard DoS attack?$

A.

DDoS uses multiple compromised systems (botnet)

B.

DDoS targets databases only

C.

DDoS uses a single attacker

D.

DDoS is only done via email

30 $In a DDoS architecture, what is a 'Zombie'?$

A.

The attacker's computer

B.

The target server

C.

A compromised computer controlled by the attacker

D.

The firewall

31 $Which attack exploits the TCP three-way handshake by sending many connection requests but never completing them?$

A.

UDP Flood

B.

SYN Flood

C.

Ping of Death

D.

HTTP GET Flood

32 $What is a 'Smurf Attack'?$

A.

Crashing a database with SQL queries

B.

Using spoofed broadcast pings to flood a target

C.

Sending oversized ICMP packets

D.

Sending malware via email

33 $Which of the following is an example of a Permanent Denial of Service (PDoS) attack?$

A.

Phlashing

B.

Teardrop Attack

C.

SYN Flooding

D.

Session Hijacking

34 $What type of DoS attack targets the application layer (Layer 7)?$

A.

SYN Flood

B.

UDP Flood

C.

Smurf Attack

D.

HTTP Flood

35 $Which tool, known as the 'Low Orbit Ion Cannon', is a popular open-source network stress testing and DoS tool?$

A.

Netcat

B.

Nmap

C.

Metasploit

D.

LOIC

36 $What is the function of a Command and Control (C&C) server in a DDoS attack?$

A.

To send instructions to the botnet

B.

To generate logs

C.

To host the victim website

D.

To filter traffic

37 $Which DoS tool is designed to keep many connections to the target web server open and hold them as long as possible?$

A.

Wireshark

B.

Ping

C.

Slowloris

D.

John the Ripper

38 $What is a 'Teardrop' attack?$

A.

Disconnecting the power cable

B.

Flooding with tear-shaped emojis

C.

Sending packets with future timestamps

D.

Sending fragmented packets that cannot be reassembled

39 $Hping3 is a command-line oriented TCP/IP packet assembler/analyzer that can be used for:$

A.

Generating specific packet floods for DoS

B.

Only passive sniffing

C.

Repairing corrupted files

D.

Social engineering

40 $What is a 'Reflection Attack'?$

A.

Reflecting laser signals

B.

Hacking the internal router

C.

Spoofing the victim's IP and sending requests to third-party servers

D.

Mirroring the victim's website

41 $Which of the following is a critical consideration when performing a DoS Pen-Test?$

A.

Coordinate with the ISP and cloud provider

B.

Target the personal devices of employees

C.

Use the most destructive malware available

D.

Ensure the attack is done without permission

42 $What is 'Blackholing' or 'Sinkholing' in the context of DDoS mitigation?$

A.

Deleting the attacker's computer

B.

Hacking back the attacker

C.

Shutting down the internet

D.

Redirecting malicious traffic to a non-existent endpoint

43 $Which UDP-based amplification attack uses Network Time Protocol servers?$

A.

NTP Amplification

B.

SYN Flood

C.

Slowloris

D.

HTTP Flood

44 $What is the concept of 'Reverse Social Engineering'?$

A.

The victim attacks the social engineer

B.

Ignoring social engineering attempts

C.

The attacker creates a problem and convinces the victim to contact them for help

D.

Using software to block social media

45 $Which tool is an advanced version of LOIC that supports HTTP floods and customization?$

A.

Traceroute

B.

Netstat

C.

Ping

D.

HOIC (High Orbit Ion Cannon)

46 $What does a packet sniffer capture when a network uses unencrypted Telnet?$

A.

Garbage characters

B.

Encrypted hashes

C.

Only the headers

D.

Plaintext usernames and passwords

47 $In a Man-in-the-Middle attack enabled by ARP poisoning, the attacker acts as:$

A.

A relay between the victim and the gateway

B.

A firewall

C.

A DNS server

D.

A database administrator

48 $Which of the following describes 'Impersonation' in social engineering?$

A.

Pretending to be a legitimate user or authority figure

B.

Installing a virus

C.

Cracking a password

D.

Scanning ports

49 $What is the 'Ping of Death'?$

A.

Pinging a server every second

B.

A ping that carries a virus

C.

A ping that destroys the hardware

D.

Sending an ICMP packet larger than the maximum IP packet size (65,535 bytes)

50 $Which countermeasure helps prevent ARP Poisoning on a switch?$

A.

Disabling all ports

B.

Dynamic ARP Inspection (DAI)

C.

Using Hubs instead of Switches

D.

Turning off the power

Unit 4 - Practice Quiz