1What is the primary function of a packet sniffer in a network environment?
A.To encrypt network traffic
B.To capture and analyze network traffic
C.To block unauthorized access
D.To flood the network with data
Correct Answer: To capture and analyze network traffic
Explanation:A packet sniffer is a tool used to capture data packets traversing a network for analysis, troubleshooting, or eavesdropping.
Incorrect! Try again.
2In which mode must a Network Interface Card (NIC) be configured to capture all packets on a network segment, regardless of the destination MAC address?
A.Protected Mode
B.Promiscuous Mode
C.Private Mode
D.Safe Mode
Correct Answer: Promiscuous Mode
Explanation:Promiscuous mode allows a NIC to pass all traffic it receives to the CPU, not just frames addressed to its own MAC address.
Incorrect! Try again.
3Which of the following best describes 'Passive Sniffing'?
A.Sniffing on a switched network by injecting packets
B.Sniffing on a hub-based network without altering traffic
C.Overloading the switch's CAM table
D.Using ARP poisoning to redirect traffic
Correct Answer: Sniffing on a hub-based network without altering traffic
Explanation:Passive sniffing occurs on hubs where traffic is sent to all ports; the sniffer simply listens without sending out data to manipulate the network.
Incorrect! Try again.
4Why is sniffing on a switched network more difficult than on a hub-based network?
A.Switches encrypt all data by default
B.Switches only forward packets to the specific destination port
C.Switches do not support Promiscuous mode
D.Switches have built-in firewalls
Correct Answer: Switches only forward packets to the specific destination port
Explanation:Switches use MAC address tables to direct traffic only to the intended recipient, preventing a sniffer on another port from seeing the data.
Incorrect! Try again.
5What attack technique involves flooding a switch with numerous fake MAC addresses to fill up its CAM table?
A.ARP Poisoning
B.MAC Flooding
C.DHCP Starvation
D.DNS Spoofing
Correct Answer: MAC Flooding
Explanation:MAC Flooding attempts to fill the Content Addressable Memory (CAM) table. Once full, the switch often fails open, acting like a hub and broadcasting traffic to all ports.
Incorrect! Try again.
6What is the result when a switch enters 'fail-open' mode due to a MAC flooding attack?
A.It shuts down all ports
B.It acts like a hub and broadcasts all traffic
C.It blocks all UDP traffic
D.It disconnects the attacker
Correct Answer: It acts like a hub and broadcasts all traffic
Explanation:When the MAC table is full, the switch cannot learn new addresses and defaults to broadcasting frames to all ports, enabling sniffing.
Incorrect! Try again.
7Which protocol is abused during an ARP Poisoning attack?
A.Address Resolution Protocol
B.Advanced Routing Protocol
C.Automatic Retrieval Protocol
D.Authenticated Resolution Protocol
Correct Answer: Address Resolution Protocol
Explanation:ARP Poisoning abuses the Address Resolution Protocol by sending falsified ARP messages to link the attacker's MAC address with the IP address of a legitimate computer or gateway.
Incorrect! Try again.
8ARP Poisoning is commonly used to facilitate which type of attack?
A.SQL Injection
B.Man-in-the-Middle (MitM)
C.Buffer Overflow
D.Cross-Site Scripting
Correct Answer: Man-in-the-Middle (MitM)
Explanation:By poisoning the ARP cache, the attacker intercepts traffic between two targets (like a victim and a router), acting as a Man-in-the-Middle.
Incorrect! Try again.
9What is MAC Spoofing?
A.Physically replacing a network card
B.Flooding the network with MAC addresses
C.Changing the factory-assigned MAC address of a NIC in software
D.Stealing a user's password via email
Correct Answer: Changing the factory-assigned MAC address of a NIC in software
Explanation:MAC Spoofing involves masking the genuine MAC address of a device with a fake one to bypass access control lists or conceal identity.
Incorrect! Try again.
10Which switch feature allows an administrator to copy traffic from one port to another for analysis?
A.Port Security
B.VLAN Tagging
C.SPAN (Switched Port Analyzer)
D.Spanning Tree Protocol
Correct Answer: SPAN (Switched Port Analyzer)
Explanation:SPAN, or Port Mirroring, is a feature on switches that copies packets from one or more ports to a designated monitoring port for analysis.
Incorrect! Try again.
11What is the primary difference between a SPAN port and a hardware network tap?
A.A tap is software-based; SPAN is hardware-based
B.A tap is a physical device inserted into the cable; SPAN is a switch configuration
C.SPAN is undetectable; taps are easily detected
D.Taps drop packets; SPAN guarantees 100% capture
Correct Answer: A tap is a physical device inserted into the cable; SPAN is a switch configuration
Explanation:A hardware tap is a physical device connected between cables to capture traffic, whereas SPAN is a configuration setting on the switch itself.
Incorrect! Try again.
12Which tool is commonly associated with performing MAC flooding attacks?
A.Wireshark
B.macof
C.Nmap
D.Nessus
Correct Answer: macof
Explanation:macof is a tool (part of the Dsniff suite) specifically designed to flood a switch with random MAC addresses.
Incorrect! Try again.
13How can an administrator detect a NIC running in promiscuous mode using DNS?
A.The NIC will not respond to DNS queries
B.The NIC performs reverse DNS lookups for every IP it sniffs
C.The NIC blocks port 53
D.The NIC sends broadcast DNS requests only
Correct Answer: The NIC performs reverse DNS lookups for every IP it sniffs
Explanation:Many sniffers attempt to resolve IP addresses to hostnames. A sudden spike in reverse DNS lookups from a single host can indicate a sniffer.
Incorrect! Try again.
14Which method involves measuring the response time of a host to detect if it is sniffing?
A.ARP Method
B.Latency/Ping Method
C.DNS Method
D.Etherflood Method
Correct Answer: Latency/Ping Method
Explanation:A machine in promiscuous mode consumes CPU resources to process all traffic, which can slightly increase the time it takes to respond to Ping (ICMP) requests.
Incorrect! Try again.
15Which of the following is the most effective defense against packet sniffing?
A.Using static IP addresses
B.Using encryption (e.g., SSH, SSL/TLS)
C.Hiding the SSID
D.Using a complex password
Correct Answer: Using encryption (e.g., SSH, SSL/TLS)
Explanation:Sniffing captures data in transit. If the data is encrypted (like HTTPS or SSH), the attacker captures unreadable ciphertext rather than sensitive information.
Incorrect! Try again.
16What is Social Engineering in the context of information security?
A.Hacking into social media servers
B.Manipulating people into divulging confidential information
C.Creating social networks for hackers
D.Engineering secure social platforms
Correct Answer: Manipulating people into divulging confidential information
Explanation:Social engineering relies on human interaction and psychological manipulation to trick users into breaking security procedures.
Incorrect! Try again.
17Which is the first phase of a social engineering attack?
A.Select Victim
B.Research/Reconnaissance
C.Develop Relationship
D.Exploit
Correct Answer: Research/Reconnaissance
Explanation:The first phase involves gathering information about the target organization or individual to plan a convincing attack.
Incorrect! Try again.
18In the context of social engineering phases, what is 'Pretexting' often part of?
A.The cleanup phase
B.The research phase
C.The hook/trust development phase
D.The hardware installation phase
Correct Answer: The hook/trust development phase
Explanation:Pretexting involves creating a fabricated scenario (the hook) to establish trust or authority to steal information.
Incorrect! Try again.
19Which social engineering threat involves sending fraudulent emails appearing to be from reputable sources?
A.Vishing
B.Phishing
C.Tailgating
D.Dumpster Diving
Correct Answer: Phishing
Explanation:Phishing is the practice of sending emails purporting to be from reputable companies to induce individuals to reveal personal information.
Incorrect! Try again.
20What is 'Vishing'?
A.Video Phishing
B.Voice/VoIP Phishing
C.Virtual Phishing
D.Visual Phishing
Correct Answer: Voice/VoIP Phishing
Explanation:Vishing stands for Voice Phishing, where attackers use telephone systems to trick victims into surrendering private information.
Incorrect! Try again.
21What is 'Smishing'?
A.Phishing via SMS/Text messages
B.Small Phishing attacks
C.Smart Phishing
D.Social Media Phishing
Correct Answer: Phishing via SMS/Text messages
Explanation:Smishing uses Short Message Service (SMS) systems to send phony text messages to trick users.
Incorrect! Try again.
22Looking over someone's shoulder to get information such as PINs or passwords is known as:
A.Eavesdropping
B.Shoulder Surfing
C.Piggybacking
D.Screen Scraping
Correct Answer: Shoulder Surfing
Explanation:Shoulder surfing involves direct observation of a user entering sensitive information.
Incorrect! Try again.
23Searching through trash to find sensitive information like bills or notes is called:
A.Recycling
B.Dumpster Diving
C.Waste Management
D.Garbage Spoofing
Correct Answer: Dumpster Diving
Explanation:Dumpster diving is the physical technique of searching through refuse to find discarded documents containing sensitive data.
Incorrect! Try again.
24An attacker waits for an authorized person to open a secure door and then follows them inside. This is called:
A.Tailgating/Piggybacking
B.Fence Jumping
C.Lock Picking
D.Door Jamming
Correct Answer: Tailgating/Piggybacking
Explanation:Tailgating or piggybacking is gaining physical access to a restricted area by following closely behind an authorized person.
Incorrect! Try again.
25Which attack involves leaving infected physical media (like a USB drive) in a public place hoping someone plugs it in?
A.Phishing
B.Baiting
C.Spamming
D.Skimming
Correct Answer: Baiting
Explanation:Baiting relies on the curiosity of the victim to pick up a physical device (like a USB labeled 'Salary') and plug it into a computer, executing malware.
Incorrect! Try again.
26What is 'Quid Pro Quo' in social engineering?
A.Stealing an ID card
B.Promising a benefit in exchange for information
C.Threatening a victim
D.Using a fake website
Correct Answer: Promising a benefit in exchange for information
Explanation:Quid Pro Quo involves an attacker promising a service or benefit (like technical support or a gift) in exchange for access or information.
Incorrect! Try again.
27Identity theft primarily involves:
A.Stealing a physical laptop
B.Deleting a user's files
C.Impersonating someone using their personal information
D.Crashing a server
Correct Answer: Impersonating someone using their personal information
Explanation:Identity theft occurs when an attacker steals PII (Personally Identifiable Information) to commit fraud or crimes in the victim's name.
Incorrect! Try again.
28What is the primary goal of a Denial of Service (DoS) attack?
A.To steal data
B.To compromise data integrity
C.To disrupt the availability of a service
D.To gain administrative access
Correct Answer: To disrupt the availability of a service
Explanation:DoS attacks aim to make a machine or network resource unavailable to its intended users.
Incorrect! Try again.
29What distinguishes a DDoS attack from a standard DoS attack?
A.DDoS uses a single attacker
B.DDoS uses multiple compromised systems (botnet)
C.DDoS is only done via email
D.DDoS targets databases only
Correct Answer: DDoS uses multiple compromised systems (botnet)
Explanation:Distributed Denial of Service (DDoS) involves multiple compromised systems attacking a single target simultaneously.
Incorrect! Try again.
30In a DDoS architecture, what is a 'Zombie'?
A.The target server
B.The attacker's computer
C.A compromised computer controlled by the attacker
D.The firewall
Correct Answer: A compromised computer controlled by the attacker
Explanation:A zombie (or bot) is a computer that has been infected with malware and is controlled remotely by the attacker to perform DDoS attacks.
Incorrect! Try again.
31Which attack exploits the TCP three-way handshake by sending many connection requests but never completing them?
A.Ping of Death
B.SYN Flood
C.UDP Flood
D.HTTP GET Flood
Correct Answer: SYN Flood
Explanation:A SYN flood sends SYN packets to the target but never sends the final ACK, leaving the server waiting with half-open connections until resources are exhausted.
Incorrect! Try again.
32What is a 'Smurf Attack'?
A.Sending oversized ICMP packets
B.Using spoofed broadcast pings to flood a target
C.Sending malware via email
D.Crashing a database with SQL queries
Correct Answer: Using spoofed broadcast pings to flood a target
Explanation:A Smurf attack uses IP spoofing and ICMP Echo requests sent to a network broadcast address to flood the victim with Echo Replies.
Incorrect! Try again.
33Which of the following is an example of a Permanent Denial of Service (PDoS) attack?
A.SYN Flooding
B.Phlashing
C.Teardrop Attack
D.Session Hijacking
Correct Answer: Phlashing
Explanation:Phlashing involves damaging the hardware (often by overwriting firmware) so strictly that the device must be replaced or reinstalled.
Incorrect! Try again.
34What type of DoS attack targets the application layer (Layer 7)?
A.UDP Flood
B.HTTP Flood
C.SYN Flood
D.Smurf Attack
Correct Answer: HTTP Flood
Explanation:HTTP Floods mimic legitimate web browser requests to exhaust web server resources, operating at the Application Layer.
Incorrect! Try again.
35Which tool, known as the 'Low Orbit Ion Cannon', is a popular open-source network stress testing and DoS tool?
A.LOIC
B.Nmap
C.Metasploit
D.Netcat
Correct Answer: LOIC
Explanation:LOIC (Low Orbit Ion Cannon) is a well-known tool used for generating massive amounts of traffic for DoS/DDoS attacks.
Incorrect! Try again.
36What is the function of a Command and Control (C&C) server in a DDoS attack?
A.To filter traffic
B.To send instructions to the botnet
C.To host the victim website
D.To generate logs
Correct Answer: To send instructions to the botnet
Explanation:The C&C server allows the attacker (botmaster) to communicate with and control the zombie computers in a botnet.
Incorrect! Try again.
37Which DoS tool is designed to keep many connections to the target web server open and hold them as long as possible?
A.Slowloris
B.Wireshark
C.John the Ripper
D.Ping
Correct Answer: Slowloris
Explanation:Slowloris opens many connections and sends partial HTTP requests, keeping the connections open to exhaust the server's concurrent connection pool.
Incorrect! Try again.
38What is a 'Teardrop' attack?
A.Sending fragmented packets that cannot be reassembled
B.Flooding with tear-shaped emojis
C.Sending packets with future timestamps
D.Disconnecting the power cable
Correct Answer: Sending fragmented packets that cannot be reassembled
Explanation:A Teardrop attack involves sending overlapping, oversized, or malformed IP fragments that crash the OS when it tries to reassemble them.
Incorrect! Try again.
39Hping3 is a command-line oriented TCP/IP packet assembler/analyzer that can be used for:
A.Only passive sniffing
B.Generating specific packet floods for DoS
C.Repairing corrupted files
D.Social engineering
Correct Answer: Generating specific packet floods for DoS
Explanation:Hping3 is a versatile tool used for crafting custom packets, often used in stress testing and DoS attacks (e.g., SYN flooding).
Incorrect! Try again.
40What is a 'Reflection Attack'?
A.Mirroring the victim's website
B.Spoofing the victim's IP and sending requests to third-party servers
C.Reflecting laser signals
D.Hacking the internal router
Correct Answer: Spoofing the victim's IP and sending requests to third-party servers
Explanation:In a reflection attack, the attacker sends requests to reflectors (like DNS or NTP servers) with the victim's spoofed IP, causing the reflectors to send replies to the victim.
Incorrect! Try again.
41Which of the following is a critical consideration when performing a DoS Pen-Test?
A.Ensure the attack is done without permission
B.Coordinate with the ISP and cloud provider
C.Use the most destructive malware available
D.Target the personal devices of employees
Correct Answer: Coordinate with the ISP and cloud provider
Explanation:DoS testing generates high traffic which can trigger ISP blocks or violate service agreements; coordination and explicit permission are essential.
Incorrect! Try again.
42What is 'Blackholing' or 'Sinkholing' in the context of DDoS mitigation?
A.Deleting the attacker's computer
B.Redirecting malicious traffic to a non-existent endpoint
C.Shutting down the internet
D.Hacking back the attacker
Correct Answer: Redirecting malicious traffic to a non-existent endpoint
Explanation:Blackholing/Sinkholing involves routing excessive or malicious traffic to a null route or a specific server for analysis, keeping it away from the target.
Incorrect! Try again.
43Which UDP-based amplification attack uses Network Time Protocol servers?
A.HTTP Flood
B.NTP Amplification
C.SYN Flood
D.Slowloris
Correct Answer: NTP Amplification
Explanation:NTP Amplification exploits the 'monlist' command in older NTP servers to send large responses to a spoofed victim IP.
Incorrect! Try again.
44What is the concept of 'Reverse Social Engineering'?
A.The victim attacks the social engineer
B.The attacker creates a problem and convinces the victim to contact them for help
C.Ignoring social engineering attempts
D.Using software to block social media
Correct Answer: The attacker creates a problem and convinces the victim to contact them for help
Explanation:In reverse social engineering, the attacker sabotages a system or creates a problem, then advertises themselves as the solution, causing the victim to reach out voluntarily.
Incorrect! Try again.
45Which tool is an advanced version of LOIC that supports HTTP floods and customization?
A.HOIC (High Orbit Ion Cannon)
B.Ping
C.Traceroute
D.Netstat
Correct Answer: HOIC (High Orbit Ion Cannon)
Explanation:HOIC is an upgrade to LOIC, designed to attack up to 256 URLs simultaneously and use booster scripts to evade detection.
Incorrect! Try again.
46What does a packet sniffer capture when a network uses unencrypted Telnet?
A.Only the headers
B.Garbage characters
C.Plaintext usernames and passwords
D.Encrypted hashes
Correct Answer: Plaintext usernames and passwords
Explanation:Telnet transmits data in cleartext, meaning a sniffer can easily read usernames, passwords, and commands.
Incorrect! Try again.
47In a Man-in-the-Middle attack enabled by ARP poisoning, the attacker acts as:
A.A firewall
B.A relay between the victim and the gateway
C.A DNS server
D.A database administrator
Correct Answer: A relay between the victim and the gateway
Explanation:The attacker sits in the middle, forwarding modified or copied packets between the victim and the router/gateway.
Incorrect! Try again.
48Which of the following describes 'Impersonation' in social engineering?
A.Pretending to be a legitimate user or authority figure
B.Installing a virus
C.Cracking a password
D.Scanning ports
Correct Answer: Pretending to be a legitimate user or authority figure
Explanation:Impersonation involves assuming the identity of an employee, tech support, or executive to manipulate others.
Incorrect! Try again.
49What is the 'Ping of Death'?
A.A ping that destroys the hardware
B.Sending an ICMP packet larger than the maximum IP packet size (65,535 bytes)
C.Pinging a server every second
D.A ping that carries a virus
Correct Answer: Sending an ICMP packet larger than the maximum IP packet size (65,535 bytes)
Explanation:The Ping of Death involves sending a malformed or oversized ping packet that crashes older systems unable to handle packets larger than 65,535 bytes.
Incorrect! Try again.
50Which countermeasure helps prevent ARP Poisoning on a switch?
A.Dynamic ARP Inspection (DAI)
B.Disabling all ports
C.Using Hubs instead of Switches
D.Turning off the power
Correct Answer: Dynamic ARP Inspection (DAI)
Explanation:DAI is a security feature on switches that validates ARP packets in a network, discarding those with invalid IP-to-MAC address bindings.
Incorrect! Try again.
Give Feedback
Help us improve by sharing your thoughts or reporting issues.