Unit 4 - Practice Quiz

INT244 50 Questions
0 Correct 0 Wrong 50 Left
0/50

1 What is the primary function of a packet sniffer in a network environment?

A. To block unauthorized access
B. To capture and analyze network traffic
C. To flood the network with data
D. To encrypt network traffic

2 In which mode must a Network Interface Card (NIC) be configured to capture all packets on a network segment, regardless of the destination MAC address?

A. Promiscuous Mode
B. Safe Mode
C. Private Mode
D. Protected Mode

3 Which of the following best describes 'Passive Sniffing'?

A. Sniffing on a hub-based network without altering traffic
B. Sniffing on a switched network by injecting packets
C. Using ARP poisoning to redirect traffic
D. Overloading the switch's CAM table

4 Why is sniffing on a switched network more difficult than on a hub-based network?

A. Switches only forward packets to the specific destination port
B. Switches have built-in firewalls
C. Switches encrypt all data by default
D. Switches do not support Promiscuous mode

5 What attack technique involves flooding a switch with numerous fake MAC addresses to fill up its CAM table?

A. DHCP Starvation
B. ARP Poisoning
C. DNS Spoofing
D. MAC Flooding

6 What is the result when a switch enters 'fail-open' mode due to a MAC flooding attack?

A. It shuts down all ports
B. It acts like a hub and broadcasts all traffic
C. It blocks all UDP traffic
D. It disconnects the attacker

7 Which protocol is abused during an ARP Poisoning attack?

A. Authenticated Resolution Protocol
B. Address Resolution Protocol
C. Automatic Retrieval Protocol
D. Advanced Routing Protocol

8 ARP Poisoning is commonly used to facilitate which type of attack?

A. Buffer Overflow
B. Cross-Site Scripting
C. SQL Injection
D. Man-in-the-Middle (MitM)

9 What is MAC Spoofing?

A. Stealing a user's password via email
B. Changing the factory-assigned MAC address of a NIC in software
C. Physically replacing a network card
D. Flooding the network with MAC addresses

10 Which switch feature allows an administrator to copy traffic from one port to another for analysis?

A. VLAN Tagging
B. Port Security
C. Spanning Tree Protocol
D. SPAN (Switched Port Analyzer)

11 What is the primary difference between a SPAN port and a hardware network tap?

A. A tap is a physical device inserted into the cable; SPAN is a switch configuration
B. Taps drop packets; SPAN guarantees 100% capture
C. SPAN is undetectable; taps are easily detected
D. A tap is software-based; SPAN is hardware-based

12 Which tool is commonly associated with performing MAC flooding attacks?

A. macof
B. Nmap
C. Nessus
D. Wireshark

13 How can an administrator detect a NIC running in promiscuous mode using DNS?

A. The NIC blocks port 53
B. The NIC sends broadcast DNS requests only
C. The NIC will not respond to DNS queries
D. The NIC performs reverse DNS lookups for every IP it sniffs

14 Which method involves measuring the response time of a host to detect if it is sniffing?

A. Latency/Ping Method
B. Etherflood Method
C. DNS Method
D. ARP Method

15 Which of the following is the most effective defense against packet sniffing?

A. Using static IP addresses
B. Hiding the SSID
C. Using encryption (e.g., SSH, SSL/TLS)
D. Using a complex password

16 What is Social Engineering in the context of information security?

A. Engineering secure social platforms
B. Creating social networks for hackers
C. Manipulating people into divulging confidential information
D. Hacking into social media servers

17 Which is the first phase of a social engineering attack?

A. Research/Reconnaissance
B. Select Victim
C. Exploit
D. Develop Relationship

18 In the context of social engineering phases, what is 'Pretexting' often part of?

A. The hardware installation phase
B. The research phase
C. The hook/trust development phase
D. The cleanup phase

19 Which social engineering threat involves sending fraudulent emails appearing to be from reputable sources?

A. Vishing
B. Tailgating
C. Phishing
D. Dumpster Diving

20 What is 'Vishing'?

A. Video Phishing
B. Virtual Phishing
C. Voice/VoIP Phishing
D. Visual Phishing

21 What is 'Smishing'?

A. Phishing via SMS/Text messages
B. Smart Phishing
C. Small Phishing attacks
D. Social Media Phishing

22 Looking over someone's shoulder to get information such as PINs or passwords is known as:

A. Shoulder Surfing
B. Piggybacking
C. Screen Scraping
D. Eavesdropping

23 Searching through trash to find sensitive information like bills or notes is called:

A. Garbage Spoofing
B. Waste Management
C. Dumpster Diving
D. Recycling

24 An attacker waits for an authorized person to open a secure door and then follows them inside. This is called:

A. Lock Picking
B. Tailgating/Piggybacking
C. Fence Jumping
D. Door Jamming

25 Which attack involves leaving infected physical media (like a USB drive) in a public place hoping someone plugs it in?

A. Spamming
B. Baiting
C. Skimming
D. Phishing

26 What is 'Quid Pro Quo' in social engineering?

A. Promising a benefit in exchange for information
B. Using a fake website
C. Threatening a victim
D. Stealing an ID card

27 Identity theft primarily involves:

A. Crashing a server
B. Stealing a physical laptop
C. Impersonating someone using their personal information
D. Deleting a user's files

28 What is the primary goal of a Denial of Service (DoS) attack?

A. To disrupt the availability of a service
B. To compromise data integrity
C. To gain administrative access
D. To steal data

29 What distinguishes a DDoS attack from a standard DoS attack?

A. DDoS targets databases only
B. DDoS uses a single attacker
C. DDoS uses multiple compromised systems (botnet)
D. DDoS is only done via email

30 In a DDoS architecture, what is a 'Zombie'?

A. The firewall
B. The target server
C. A compromised computer controlled by the attacker
D. The attacker's computer

31 Which attack exploits the TCP three-way handshake by sending many connection requests but never completing them?

A. SYN Flood
B. UDP Flood
C. HTTP GET Flood
D. Ping of Death

32 What is a 'Smurf Attack'?

A. Sending oversized ICMP packets
B. Using spoofed broadcast pings to flood a target
C. Crashing a database with SQL queries
D. Sending malware via email

33 Which of the following is an example of a Permanent Denial of Service (PDoS) attack?

A. Phlashing
B. Teardrop Attack
C. SYN Flooding
D. Session Hijacking

34 What type of DoS attack targets the application layer (Layer 7)?

A. UDP Flood
B. Smurf Attack
C. SYN Flood
D. HTTP Flood

35 Which tool, known as the 'Low Orbit Ion Cannon', is a popular open-source network stress testing and DoS tool?

A. Metasploit
B. Nmap
C. LOIC
D. Netcat

36 What is the function of a Command and Control (C&C) server in a DDoS attack?

A. To filter traffic
B. To host the victim website
C. To send instructions to the botnet
D. To generate logs

37 Which DoS tool is designed to keep many connections to the target web server open and hold them as long as possible?

A. Ping
B. Wireshark
C. Slowloris
D. John the Ripper

38 What is a 'Teardrop' attack?

A. Sending fragmented packets that cannot be reassembled
B. Disconnecting the power cable
C. Sending packets with future timestamps
D. Flooding with tear-shaped emojis

39 Hping3 is a command-line oriented TCP/IP packet assembler/analyzer that can be used for:

A. Generating specific packet floods for DoS
B. Social engineering
C. Repairing corrupted files
D. Only passive sniffing

40 What is a 'Reflection Attack'?

A. Reflecting laser signals
B. Hacking the internal router
C. Spoofing the victim's IP and sending requests to third-party servers
D. Mirroring the victim's website

41 Which of the following is a critical consideration when performing a DoS Pen-Test?

A. Target the personal devices of employees
B. Ensure the attack is done without permission
C. Use the most destructive malware available
D. Coordinate with the ISP and cloud provider

42 What is 'Blackholing' or 'Sinkholing' in the context of DDoS mitigation?

A. Hacking back the attacker
B. Shutting down the internet
C. Deleting the attacker's computer
D. Redirecting malicious traffic to a non-existent endpoint

43 Which UDP-based amplification attack uses Network Time Protocol servers?

A. NTP Amplification
B. HTTP Flood
C. Slowloris
D. SYN Flood

44 What is the concept of 'Reverse Social Engineering'?

A. The attacker creates a problem and convinces the victim to contact them for help
B. Ignoring social engineering attempts
C. The victim attacks the social engineer
D. Using software to block social media

45 Which tool is an advanced version of LOIC that supports HTTP floods and customization?

A. HOIC (High Orbit Ion Cannon)
B. Traceroute
C. Netstat
D. Ping

46 What does a packet sniffer capture when a network uses unencrypted Telnet?

A. Plaintext usernames and passwords
B. Only the headers
C. Garbage characters
D. Encrypted hashes

47 In a Man-in-the-Middle attack enabled by ARP poisoning, the attacker acts as:

A. A firewall
B. A database administrator
C. A relay between the victim and the gateway
D. A DNS server

48 Which of the following describes 'Impersonation' in social engineering?

A. Cracking a password
B. Installing a virus
C. Scanning ports
D. Pretending to be a legitimate user or authority figure

49 What is the 'Ping of Death'?

A. A ping that destroys the hardware
B. Pinging a server every second
C. A ping that carries a virus
D. Sending an ICMP packet larger than the maximum IP packet size (65,535 bytes)

50 Which countermeasure helps prevent ARP Poisoning on a switch?

A. Turning off the power
B. Disabling all ports
C. Using Hubs instead of Switches
D. Dynamic ARP Inspection (DAI)