1 $What is the primary function of a packet sniffer in a network environment?$

A.

To block unauthorized access

B.

To capture and analyze network traffic

C.

To encrypt network traffic

D.

To flood the network with data

2 $In which mode must a Network Interface Card (NIC) be configured to capture all packets on a network segment, regardless of the destination MAC address?$

A.

Safe Mode

B.

Protected Mode

C.

Promiscuous Mode

D.

Private Mode

3 $Which of the following best describes 'Passive Sniffing'?$

A.

Using ARP poisoning to redirect traffic

B.

Sniffing on a hub-based network without altering traffic

C.

Sniffing on a switched network by injecting packets

D.

Overloading the switch's CAM table

4 $Why is sniffing on a switched network more difficult than on a hub-based network?$

A.

Switches only forward packets to the specific destination port

B.

Switches have built-in firewalls

C.

Switches encrypt all data by default

D.

Switches do not support Promiscuous mode

5 $What attack technique involves flooding a switch with numerous fake MAC addresses to fill up its CAM table?$

A.

MAC Flooding

B.

DHCP Starvation

C.

DNS Spoofing

D.

ARP Poisoning

6 $What is the result when a switch enters 'fail-open' mode due to a MAC flooding attack?$

A.

It disconnects the attacker

B.

It blocks all UDP traffic

C.

It acts like a hub and broadcasts all traffic

D.

It shuts down all ports

7 $Which protocol is abused during an ARP Poisoning attack?$

A.

Automatic Retrieval Protocol

B.

Address Resolution Protocol

C.

Advanced Routing Protocol

D.

Authenticated Resolution Protocol

8 $ARP Poisoning is commonly used to facilitate which type of attack?$

A.

Buffer Overflow

B.

SQL Injection

C.

Man-in-the-Middle (MitM)

D.

Cross-Site Scripting

9 $What is MAC Spoofing?$

A.

Physically replacing a network card

B.

Stealing a user's password via email

C.

Flooding the network with MAC addresses

D.

Changing the factory-assigned MAC address of a NIC in software

10 $Which switch feature allows an administrator to copy traffic from one port to another for analysis?$

A.

Port Security

B.

Spanning Tree Protocol

C.

VLAN Tagging

D.

SPAN (Switched Port Analyzer)

11 $What is the primary difference between a SPAN port and a hardware network tap?$

A.

Taps drop packets; SPAN guarantees 100% capture

B.

A tap is software-based; SPAN is hardware-based

C.

SPAN is undetectable; taps are easily detected

D.

A tap is a physical device inserted into the cable; SPAN is a switch configuration

12 $Which tool is commonly associated with performing MAC flooding attacks?$

A.

Nessus

B.

macof

C.

Nmap

D.

Wireshark

13 $How can an administrator detect a NIC running in promiscuous mode using DNS?$

A.

The NIC blocks port 53

B.

The NIC performs reverse DNS lookups for every IP it sniffs

C.

The NIC will not respond to DNS queries

D.

The NIC sends broadcast DNS requests only

14 $Which method involves measuring the response time of a host to detect if it is sniffing?$

A.

ARP Method

B.

Latency/Ping Method

C.

Etherflood Method

D.

DNS Method

15 $Which of the following is the most effective defense against packet sniffing?$

A.

Hiding the SSID

B.

Using encryption (e.g., SSH, SSL/TLS)

C.

Using a complex password

D.

Using static IP addresses

16 $What is Social Engineering in the context of information security?$

A.

Hacking into social media servers

B.

Manipulating people into divulging confidential information

C.

Creating social networks for hackers

D.

Engineering secure social platforms

17 $Which is the first phase of a social engineering attack?$

A.

Research/Reconnaissance

B.

Select Victim

C.

Exploit

D.

Develop Relationship

18 $In the context of social engineering phases, what is 'Pretexting' often part of?$

A.

The hook/trust development phase

B.

The cleanup phase

C.

The hardware installation phase

D.

The research phase

19 $Which social engineering threat involves sending fraudulent emails appearing to be from reputable sources?$

A.

Tailgating

B.

Phishing

C.

Vishing

D.

Dumpster Diving

20 $What is 'Vishing'?$

A.

Video Phishing

B.

Virtual Phishing

C.

Visual Phishing

D.

Voice/VoIP Phishing

21 $What is 'Smishing'?$

A.

Social Media Phishing

B.

Smart Phishing

C.

Phishing via SMS/Text messages

D.

Small Phishing attacks

22 $Looking over someone's shoulder to get information such as PINs or passwords is known as:$

A.

Screen Scraping

B.

Eavesdropping

C.

Piggybacking

D.

Shoulder Surfing

23 $Searching through trash to find sensitive information like bills or notes is called:$

A.

Dumpster Diving

B.

Recycling

C.

Waste Management

D.

Garbage Spoofing

24 $An attacker waits for an authorized person to open a secure door and then follows them inside. This is called:$

A.

Door Jamming

B.

Fence Jumping

C.

Tailgating/Piggybacking

D.

Lock Picking

25 $Which attack involves leaving infected physical media (like a USB drive) in a public place hoping someone plugs it in?$

A.

Skimming

B.

Baiting

C.

Phishing

D.

Spamming

26 $What is 'Quid Pro Quo' in social engineering?$

A.

Using a fake website

B.

Threatening a victim

C.

Stealing an ID card

D.

Promising a benefit in exchange for information

27 $Identity theft primarily involves:$

A.

Crashing a server

B.

Stealing a physical laptop

C.

Deleting a user's files

D.

Impersonating someone using their personal information

28 $What is the primary goal of a Denial of Service (DoS) attack?$

A.

To disrupt the availability of a service

B.

To steal data

C.

To compromise data integrity

D.

To gain administrative access

29 $What distinguishes a DDoS attack from a standard DoS attack?$

A.

DDoS uses multiple compromised systems (botnet)

B.

DDoS is only done via email

C.

DDoS targets databases only

D.

DDoS uses a single attacker

30 $In a DDoS architecture, what is a 'Zombie'?$

A.

The firewall

B.

The attacker's computer

C.

A compromised computer controlled by the attacker

D.

The target server

31 $Which attack exploits the TCP three-way handshake by sending many connection requests but never completing them?$

A.

UDP Flood

B.

Ping of Death

C.

HTTP GET Flood

D.

SYN Flood

32 $What is a 'Smurf Attack'?$

A.

Crashing a database with SQL queries

B.

Using spoofed broadcast pings to flood a target

C.

Sending oversized ICMP packets

D.

Sending malware via email

33 $Which of the following is an example of a Permanent Denial of Service (PDoS) attack?$

A.

SYN Flooding

B.

Phlashing

C.

Session Hijacking

D.

Teardrop Attack

34 $What type of DoS attack targets the application layer (Layer 7)?$

A.

UDP Flood

B.

SYN Flood

C.

Smurf Attack

D.

HTTP Flood

35 $Which tool, known as the 'Low Orbit Ion Cannon', is a popular open-source network stress testing and DoS tool?$

A.

Metasploit

B.

LOIC

C.

Nmap

D.

Netcat

36 $What is the function of a Command and Control (C&C) server in a DDoS attack?$

A.

To send instructions to the botnet

B.

To filter traffic

C.

To generate logs

D.

To host the victim website

37 $Which DoS tool is designed to keep many connections to the target web server open and hold them as long as possible?$

A.

John the Ripper

B.

Slowloris

C.

Wireshark

D.

Ping

38 $What is a 'Teardrop' attack?$

A.

Disconnecting the power cable

B.

Sending fragmented packets that cannot be reassembled

C.

Flooding with tear-shaped emojis

D.

Sending packets with future timestamps

39 $Hping3 is a command-line oriented TCP/IP packet assembler/analyzer that can be used for:$

A.

Generating specific packet floods for DoS

B.

Only passive sniffing

C.

Repairing corrupted files

D.

Social engineering

40 $What is a 'Reflection Attack'?$

A.

Mirroring the victim's website

B.

Hacking the internal router

C.

Reflecting laser signals

D.

Spoofing the victim's IP and sending requests to third-party servers

41 $Which of the following is a critical consideration when performing a DoS Pen-Test?$

A.

Coordinate with the ISP and cloud provider

B.

Target the personal devices of employees

C.

Use the most destructive malware available

D.

Ensure the attack is done without permission

42 $What is 'Blackholing' or 'Sinkholing' in the context of DDoS mitigation?$

A.

Deleting the attacker's computer

B.

Redirecting malicious traffic to a non-existent endpoint

C.

Hacking back the attacker

D.

Shutting down the internet

43 $Which UDP-based amplification attack uses Network Time Protocol servers?$

A.

HTTP Flood

B.

Slowloris

C.

SYN Flood

D.

NTP Amplification

44 $What is the concept of 'Reverse Social Engineering'?$

A.

Using software to block social media

B.

The victim attacks the social engineer

C.

The attacker creates a problem and convinces the victim to contact them for help

D.

Ignoring social engineering attempts

45 $Which tool is an advanced version of LOIC that supports HTTP floods and customization?$

A.

Traceroute

B.

Ping

C.

Netstat

D.

HOIC (High Orbit Ion Cannon)

46 $What does a packet sniffer capture when a network uses unencrypted Telnet?$

A.

Garbage characters

B.

Encrypted hashes

C.

Plaintext usernames and passwords

D.

Only the headers

47 $In a Man-in-the-Middle attack enabled by ARP poisoning, the attacker acts as:$

A.

A firewall

B.

A relay between the victim and the gateway

C.

A DNS server

D.

A database administrator

48 $Which of the following describes 'Impersonation' in social engineering?$

A.

Pretending to be a legitimate user or authority figure

B.

Scanning ports

C.

Installing a virus

D.

Cracking a password

49 $What is the 'Ping of Death'?$

A.

Sending an ICMP packet larger than the maximum IP packet size (65,535 bytes)

B.

Pinging a server every second

C.

A ping that destroys the hardware

D.

A ping that carries a virus

50 $Which countermeasure helps prevent ARP Poisoning on a switch?$

A.

Dynamic ARP Inspection (DAI)

B.

Turning off the power

C.

Using Hubs instead of Switches

D.

Disabling all ports

Unit 4 - Practice Quiz