1What is the primary function of a packet sniffer in a network environment?
A.To block unauthorized access
B.To capture and analyze network traffic
C.To flood the network with data
D.To encrypt network traffic
Correct Answer: To capture and analyze network traffic
Explanation:
A packet sniffer is a tool used to capture data packets traversing a network for analysis, troubleshooting, or eavesdropping.
Incorrect! Try again.
2In which mode must a Network Interface Card (NIC) be configured to capture all packets on a network segment, regardless of the destination MAC address?
A.Promiscuous Mode
B.Safe Mode
C.Private Mode
D.Protected Mode
Correct Answer: Promiscuous Mode
Explanation:
Promiscuous mode allows a NIC to pass all traffic it receives to the CPU, not just frames addressed to its own MAC address.
Incorrect! Try again.
3Which of the following best describes 'Passive Sniffing'?
A.Sniffing on a hub-based network without altering traffic
B.Sniffing on a switched network by injecting packets
C.Using ARP poisoning to redirect traffic
D.Overloading the switch's CAM table
Correct Answer: Sniffing on a hub-based network without altering traffic
Explanation:
Passive sniffing occurs on hubs where traffic is sent to all ports; the sniffer simply listens without sending out data to manipulate the network.
Incorrect! Try again.
4Why is sniffing on a switched network more difficult than on a hub-based network?
A.Switches only forward packets to the specific destination port
B.Switches have built-in firewalls
C.Switches encrypt all data by default
D.Switches do not support Promiscuous mode
Correct Answer: Switches only forward packets to the specific destination port
Explanation:
Switches use MAC address tables to direct traffic only to the intended recipient, preventing a sniffer on another port from seeing the data.
Incorrect! Try again.
5What attack technique involves flooding a switch with numerous fake MAC addresses to fill up its CAM table?
A.DHCP Starvation
B.ARP Poisoning
C.DNS Spoofing
D.MAC Flooding
Correct Answer: MAC Flooding
Explanation:
MAC Flooding attempts to fill the Content Addressable Memory (CAM) table. Once full, the switch often fails open, acting like a hub and broadcasting traffic to all ports.
Incorrect! Try again.
6What is the result when a switch enters 'fail-open' mode due to a MAC flooding attack?
A.It shuts down all ports
B.It acts like a hub and broadcasts all traffic
C.It blocks all UDP traffic
D.It disconnects the attacker
Correct Answer: It acts like a hub and broadcasts all traffic
Explanation:
When the MAC table is full, the switch cannot learn new addresses and defaults to broadcasting frames to all ports, enabling sniffing.
Incorrect! Try again.
7Which protocol is abused during an ARP Poisoning attack?
A.Authenticated Resolution Protocol
B.Address Resolution Protocol
C.Automatic Retrieval Protocol
D.Advanced Routing Protocol
Correct Answer: Address Resolution Protocol
Explanation:
ARP Poisoning abuses the Address Resolution Protocol by sending falsified ARP messages to link the attacker's MAC address with the IP address of a legitimate computer or gateway.
Incorrect! Try again.
8ARP Poisoning is commonly used to facilitate which type of attack?
A.Buffer Overflow
B.Cross-Site Scripting
C.SQL Injection
D.Man-in-the-Middle (MitM)
Correct Answer: Man-in-the-Middle (MitM)
Explanation:
By poisoning the ARP cache, the attacker intercepts traffic between two targets (like a victim and a router), acting as a Man-in-the-Middle.
Incorrect! Try again.
9What is MAC Spoofing?
A.Stealing a user's password via email
B.Changing the factory-assigned MAC address of a NIC in software
C.Physically replacing a network card
D.Flooding the network with MAC addresses
Correct Answer: Changing the factory-assigned MAC address of a NIC in software
Explanation:
MAC Spoofing involves masking the genuine MAC address of a device with a fake one to bypass access control lists or conceal identity.
Incorrect! Try again.
10Which switch feature allows an administrator to copy traffic from one port to another for analysis?
A.VLAN Tagging
B.Port Security
C.Spanning Tree Protocol
D.SPAN (Switched Port Analyzer)
Correct Answer: SPAN (Switched Port Analyzer)
Explanation:
SPAN, or Port Mirroring, is a feature on switches that copies packets from one or more ports to a designated monitoring port for analysis.
Incorrect! Try again.
11What is the primary difference between a SPAN port and a hardware network tap?
A.A tap is a physical device inserted into the cable; SPAN is a switch configuration
B.Taps drop packets; SPAN guarantees 100% capture
C.SPAN is undetectable; taps are easily detected
D.A tap is software-based; SPAN is hardware-based
Correct Answer: A tap is a physical device inserted into the cable; SPAN is a switch configuration
Explanation:
A hardware tap is a physical device connected between cables to capture traffic, whereas SPAN is a configuration setting on the switch itself.
Incorrect! Try again.
12Which tool is commonly associated with performing MAC flooding attacks?
A.macof
B.Nmap
C.Nessus
D.Wireshark
Correct Answer: macof
Explanation:
macof is a tool (part of the Dsniff suite) specifically designed to flood a switch with random MAC addresses.
Incorrect! Try again.
13How can an administrator detect a NIC running in promiscuous mode using DNS?
A.The NIC blocks port 53
B.The NIC sends broadcast DNS requests only
C.The NIC will not respond to DNS queries
D.The NIC performs reverse DNS lookups for every IP it sniffs
Correct Answer: The NIC performs reverse DNS lookups for every IP it sniffs
Explanation:
Many sniffers attempt to resolve IP addresses to hostnames. A sudden spike in reverse DNS lookups from a single host can indicate a sniffer.
Incorrect! Try again.
14Which method involves measuring the response time of a host to detect if it is sniffing?
A.Latency/Ping Method
B.Etherflood Method
C.DNS Method
D.ARP Method
Correct Answer: Latency/Ping Method
Explanation:
A machine in promiscuous mode consumes CPU resources to process all traffic, which can slightly increase the time it takes to respond to Ping (ICMP) requests.
Incorrect! Try again.
15Which of the following is the most effective defense against packet sniffing?
A.Using static IP addresses
B.Hiding the SSID
C.Using encryption (e.g., SSH, SSL/TLS)
D.Using a complex password
Correct Answer: Using encryption (e.g., SSH, SSL/TLS)
Explanation:
Sniffing captures data in transit. If the data is encrypted (like HTTPS or SSH), the attacker captures unreadable ciphertext rather than sensitive information.
Incorrect! Try again.
16What is Social Engineering in the context of information security?
A.Engineering secure social platforms
B.Creating social networks for hackers
C.Manipulating people into divulging confidential information
D.Hacking into social media servers
Correct Answer: Manipulating people into divulging confidential information
Explanation:
Social engineering relies on human interaction and psychological manipulation to trick users into breaking security procedures.
Incorrect! Try again.
17Which is the first phase of a social engineering attack?
A.Research/Reconnaissance
B.Select Victim
C.Exploit
D.Develop Relationship
Correct Answer: Research/Reconnaissance
Explanation:
The first phase involves gathering information about the target organization or individual to plan a convincing attack.
Incorrect! Try again.
18In the context of social engineering phases, what is 'Pretexting' often part of?
A.The hardware installation phase
B.The research phase
C.The hook/trust development phase
D.The cleanup phase
Correct Answer: The hook/trust development phase
Explanation:
Pretexting involves creating a fabricated scenario (the hook) to establish trust or authority to steal information.
Incorrect! Try again.
19Which social engineering threat involves sending fraudulent emails appearing to be from reputable sources?
A.Vishing
B.Tailgating
C.Phishing
D.Dumpster Diving
Correct Answer: Phishing
Explanation:
Phishing is the practice of sending emails purporting to be from reputable companies to induce individuals to reveal personal information.
Incorrect! Try again.
20What is 'Vishing'?
A.Video Phishing
B.Virtual Phishing
C.Voice/VoIP Phishing
D.Visual Phishing
Correct Answer: Voice/VoIP Phishing
Explanation:
Vishing stands for Voice Phishing, where attackers use telephone systems to trick victims into surrendering private information.
Incorrect! Try again.
21What is 'Smishing'?
A.Phishing via SMS/Text messages
B.Smart Phishing
C.Small Phishing attacks
D.Social Media Phishing
Correct Answer: Phishing via SMS/Text messages
Explanation:
Smishing uses Short Message Service (SMS) systems to send phony text messages to trick users.
Incorrect! Try again.
22Looking over someone's shoulder to get information such as PINs or passwords is known as:
A.Shoulder Surfing
B.Piggybacking
C.Screen Scraping
D.Eavesdropping
Correct Answer: Shoulder Surfing
Explanation:
Shoulder surfing involves direct observation of a user entering sensitive information.
Incorrect! Try again.
23Searching through trash to find sensitive information like bills or notes is called:
A.Garbage Spoofing
B.Waste Management
C.Dumpster Diving
D.Recycling
Correct Answer: Dumpster Diving
Explanation:
Dumpster diving is the physical technique of searching through refuse to find discarded documents containing sensitive data.
Incorrect! Try again.
24An attacker waits for an authorized person to open a secure door and then follows them inside. This is called:
A.Lock Picking
B.Tailgating/Piggybacking
C.Fence Jumping
D.Door Jamming
Correct Answer: Tailgating/Piggybacking
Explanation:
Tailgating or piggybacking is gaining physical access to a restricted area by following closely behind an authorized person.
Incorrect! Try again.
25Which attack involves leaving infected physical media (like a USB drive) in a public place hoping someone plugs it in?
A.Spamming
B.Baiting
C.Skimming
D.Phishing
Correct Answer: Baiting
Explanation:
Baiting relies on the curiosity of the victim to pick up a physical device (like a USB labeled 'Salary') and plug it into a computer, executing malware.
Incorrect! Try again.
26What is 'Quid Pro Quo' in social engineering?
A.Promising a benefit in exchange for information
B.Using a fake website
C.Threatening a victim
D.Stealing an ID card
Correct Answer: Promising a benefit in exchange for information
Explanation:
Quid Pro Quo involves an attacker promising a service or benefit (like technical support or a gift) in exchange for access or information.
Incorrect! Try again.
27Identity theft primarily involves:
A.Crashing a server
B.Stealing a physical laptop
C.Impersonating someone using their personal information
D.Deleting a user's files
Correct Answer: Impersonating someone using their personal information
Explanation:
Identity theft occurs when an attacker steals PII (Personally Identifiable Information) to commit fraud or crimes in the victim's name.
Incorrect! Try again.
28What is the primary goal of a Denial of Service (DoS) attack?
A.To disrupt the availability of a service
B.To compromise data integrity
C.To gain administrative access
D.To steal data
Correct Answer: To disrupt the availability of a service
Explanation:
DoS attacks aim to make a machine or network resource unavailable to its intended users.
Incorrect! Try again.
29What distinguishes a DDoS attack from a standard DoS attack?
A.DDoS targets databases only
B.DDoS uses a single attacker
C.DDoS uses multiple compromised systems (botnet)
D.DDoS is only done via email
Correct Answer: DDoS uses multiple compromised systems (botnet)
Explanation:
Distributed Denial of Service (DDoS) involves multiple compromised systems attacking a single target simultaneously.
Incorrect! Try again.
30In a DDoS architecture, what is a 'Zombie'?
A.The firewall
B.The target server
C.A compromised computer controlled by the attacker
D.The attacker's computer
Correct Answer: A compromised computer controlled by the attacker
Explanation:
A zombie (or bot) is a computer that has been infected with malware and is controlled remotely by the attacker to perform DDoS attacks.
Incorrect! Try again.
31Which attack exploits the TCP three-way handshake by sending many connection requests but never completing them?
A.SYN Flood
B.UDP Flood
C.HTTP GET Flood
D.Ping of Death
Correct Answer: SYN Flood
Explanation:
A SYN flood sends SYN packets to the target but never sends the final ACK, leaving the server waiting with half-open connections until resources are exhausted.
Incorrect! Try again.
32What is a 'Smurf Attack'?
A.Sending oversized ICMP packets
B.Using spoofed broadcast pings to flood a target
C.Crashing a database with SQL queries
D.Sending malware via email
Correct Answer: Using spoofed broadcast pings to flood a target
Explanation:
A Smurf attack uses IP spoofing and ICMP Echo requests sent to a network broadcast address to flood the victim with Echo Replies.
Incorrect! Try again.
33Which of the following is an example of a Permanent Denial of Service (PDoS) attack?
A.Phlashing
B.Teardrop Attack
C.SYN Flooding
D.Session Hijacking
Correct Answer: Phlashing
Explanation:
Phlashing involves damaging the hardware (often by overwriting firmware) so strictly that the device must be replaced or reinstalled.
Incorrect! Try again.
34What type of DoS attack targets the application layer (Layer 7)?
A.UDP Flood
B.Smurf Attack
C.SYN Flood
D.HTTP Flood
Correct Answer: HTTP Flood
Explanation:
HTTP Floods mimic legitimate web browser requests to exhaust web server resources, operating at the Application Layer.
Incorrect! Try again.
35Which tool, known as the 'Low Orbit Ion Cannon', is a popular open-source network stress testing and DoS tool?
A.Metasploit
B.Nmap
C.LOIC
D.Netcat
Correct Answer: LOIC
Explanation:
LOIC (Low Orbit Ion Cannon) is a well-known tool used for generating massive amounts of traffic for DoS/DDoS attacks.
Incorrect! Try again.
36What is the function of a Command and Control (C&C) server in a DDoS attack?
A.To filter traffic
B.To host the victim website
C.To send instructions to the botnet
D.To generate logs
Correct Answer: To send instructions to the botnet
Explanation:
The C&C server allows the attacker (botmaster) to communicate with and control the zombie computers in a botnet.
Incorrect! Try again.
37Which DoS tool is designed to keep many connections to the target web server open and hold them as long as possible?
A.Ping
B.Wireshark
C.Slowloris
D.John the Ripper
Correct Answer: Slowloris
Explanation:
Slowloris opens many connections and sends partial HTTP requests, keeping the connections open to exhaust the server's concurrent connection pool.
Incorrect! Try again.
38What is a 'Teardrop' attack?
A.Sending fragmented packets that cannot be reassembled
B.Disconnecting the power cable
C.Sending packets with future timestamps
D.Flooding with tear-shaped emojis
Correct Answer: Sending fragmented packets that cannot be reassembled
Explanation:
A Teardrop attack involves sending overlapping, oversized, or malformed IP fragments that crash the OS when it tries to reassemble them.
Incorrect! Try again.
39Hping3 is a command-line oriented TCP/IP packet assembler/analyzer that can be used for:
A.Generating specific packet floods for DoS
B.Social engineering
C.Repairing corrupted files
D.Only passive sniffing
Correct Answer: Generating specific packet floods for DoS
Explanation:
Hping3 is a versatile tool used for crafting custom packets, often used in stress testing and DoS attacks (e.g., SYN flooding).
Incorrect! Try again.
40What is a 'Reflection Attack'?
A.Reflecting laser signals
B.Hacking the internal router
C.Spoofing the victim's IP and sending requests to third-party servers
D.Mirroring the victim's website
Correct Answer: Spoofing the victim's IP and sending requests to third-party servers
Explanation:
In a reflection attack, the attacker sends requests to reflectors (like DNS or NTP servers) with the victim's spoofed IP, causing the reflectors to send replies to the victim.
Incorrect! Try again.
41Which of the following is a critical consideration when performing a DoS Pen-Test?
A.Target the personal devices of employees
B.Ensure the attack is done without permission
C.Use the most destructive malware available
D.Coordinate with the ISP and cloud provider
Correct Answer: Coordinate with the ISP and cloud provider
Explanation:
DoS testing generates high traffic which can trigger ISP blocks or violate service agreements; coordination and explicit permission are essential.
Incorrect! Try again.
42What is 'Blackholing' or 'Sinkholing' in the context of DDoS mitigation?
A.Hacking back the attacker
B.Shutting down the internet
C.Deleting the attacker's computer
D.Redirecting malicious traffic to a non-existent endpoint
Correct Answer: Redirecting malicious traffic to a non-existent endpoint
Explanation:
Blackholing/Sinkholing involves routing excessive or malicious traffic to a null route or a specific server for analysis, keeping it away from the target.
Incorrect! Try again.
43Which UDP-based amplification attack uses Network Time Protocol servers?
A.NTP Amplification
B.HTTP Flood
C.Slowloris
D.SYN Flood
Correct Answer: NTP Amplification
Explanation:
NTP Amplification exploits the 'monlist' command in older NTP servers to send large responses to a spoofed victim IP.
Incorrect! Try again.
44What is the concept of 'Reverse Social Engineering'?
A.The attacker creates a problem and convinces the victim to contact them for help
B.Ignoring social engineering attempts
C.The victim attacks the social engineer
D.Using software to block social media
Correct Answer: The attacker creates a problem and convinces the victim to contact them for help
Explanation:
In reverse social engineering, the attacker sabotages a system or creates a problem, then advertises themselves as the solution, causing the victim to reach out voluntarily.
Incorrect! Try again.
45Which tool is an advanced version of LOIC that supports HTTP floods and customization?
A.HOIC (High Orbit Ion Cannon)
B.Traceroute
C.Netstat
D.Ping
Correct Answer: HOIC (High Orbit Ion Cannon)
Explanation:
HOIC is an upgrade to LOIC, designed to attack up to 256 URLs simultaneously and use booster scripts to evade detection.
Incorrect! Try again.
46What does a packet sniffer capture when a network uses unencrypted Telnet?
A.Plaintext usernames and passwords
B.Only the headers
C.Garbage characters
D.Encrypted hashes
Correct Answer: Plaintext usernames and passwords
Explanation:
Telnet transmits data in cleartext, meaning a sniffer can easily read usernames, passwords, and commands.
Incorrect! Try again.
47In a Man-in-the-Middle attack enabled by ARP poisoning, the attacker acts as:
A.A firewall
B.A database administrator
C.A relay between the victim and the gateway
D.A DNS server
Correct Answer: A relay between the victim and the gateway
Explanation:
The attacker sits in the middle, forwarding modified or copied packets between the victim and the router/gateway.
Incorrect! Try again.
48Which of the following describes 'Impersonation' in social engineering?
A.Cracking a password
B.Installing a virus
C.Scanning ports
D.Pretending to be a legitimate user or authority figure
Correct Answer: Pretending to be a legitimate user or authority figure
Explanation:
Impersonation involves assuming the identity of an employee, tech support, or executive to manipulate others.
Incorrect! Try again.
49What is the 'Ping of Death'?
A.A ping that destroys the hardware
B.Pinging a server every second
C.A ping that carries a virus
D.Sending an ICMP packet larger than the maximum IP packet size (65,535 bytes)
Correct Answer: Sending an ICMP packet larger than the maximum IP packet size (65,535 bytes)
Explanation:
The Ping of Death involves sending a malformed or oversized ping packet that crashes older systems unable to handle packets larger than 65,535 bytes.
Incorrect! Try again.
50Which countermeasure helps prevent ARP Poisoning on a switch?
A.Turning off the power
B.Disabling all ports
C.Using Hubs instead of Switches
D.Dynamic ARP Inspection (DAI)
Correct Answer: Dynamic ARP Inspection (DAI)
Explanation:
DAI is a security feature on switches that validates ARP packets in a network, discarding those with invalid IP-to-MAC address bindings.