Unit 3 - Practice Quiz

INT245 50 Questions
0 Correct 0 Wrong 50 Left
0/50

1 Which of the following creates a 'half-open' connection to determine if a port is open, making it less likely to be logged by the target system?

A. TCP Connect Scan (-sT)
B. Ping Scan (-sn)
C. UDP Scan (-sU)
D. TCP SYN Scan (-sS)

2 When analyzing vulnerability scan results, what is a False Positive?

A. The scanner crashes the target service.
B. The scanner fails to identify an existing vulnerability.
C. The scanner identifies a vulnerability that does not actually exist.
D. The scanner correctly identifies a critical vulnerability.

3 Which open-source vulnerability scanner was originally a fork of the last open-source version of Nessus?

A. OpenVAS
B. Nexpose
C. Qualys
D. Burp Suite

4 In the context of Nmap timing templates used for evasion, which flag represents 'Paranoid' mode, sending packets very slowly to evade IDS?

A. -T1
B. -T5
C. -T3
D. -T0

5 Why are automated scanners generally poor at detecting Business Logic Vulnerabilities?

A. Scanners cannot decrypt SSL/TLS traffic.
B. Logic flaws are only found in compiled code, not web apps.
C. Logic flaws depend on context and intended workflow, not syntax errors.
D. Scanners do not support HTTP POST requests.

6 Which command allows an attacker to clear the command history in a Linux environment to cover tracks?

A. cat /dev/null
B. history -c
C. ls -la
D. clear

7 What is the primary difference between a Credentialed Scan and a Non-Credentialed Scan?

A. Credentialed scans log in to the system to audit local settings and patches.
B. Non-credentialed scans are faster but cause more network traffic.
C. Credentialed scans are illegal.
D. Non-credentialed scans can read the registry and configuration files.

8 Which CVSS v3.1 score range represents a Critical severity vulnerability?

A.
B.
C.
D.

9 Which Nmap technique involves sending packets from the attacker's IP mixed with packets from other spoofed IP addresses to confuse the target's IDS/Firewall?

A. Decoy Scanning (-D)
B. Source Port Manipulation (--source-port)
C. MAC Address Spoofing (--spoof-mac)
D. Packet Fragmentation (-f)

10 Which tool is specifically designed for scanning web servers for dangerous files, outdated server software, and default configuration problems?

A. Kismet
B. Wireshark
C. Nikto
D. John the Ripper

11 An attacker changes the source port of their packets to 53. What evasion technique is this, and why might it work?

A. Timing attack; it speeds up the scan.
B. Fragmentation; it splits the header.
C. Decoy scanning; it hides the IP address.
D. Source Port Manipulation; firewalls may trust traffic from DNS ports.

12 In a vulnerability assessment, what does deduplication refer to?

A. Running the scan twice to ensure accuracy.
B. Copying the report to multiple servers.
C. Removing critical vulnerabilities from the report.
D. Consolidating multiple reports of the same vulnerability on the same host into a single finding.

13 What is the purpose of Packet Fragmentation (-f) in Nmap during a scan?

A. To increase scanning speed.
B. To verify the MTU size of the network.
C. To split TCP headers into smaller fragments to bypass packet filters/firewalls.
D. To corrupt the target file system.

14 Which of the following is considered a Logical Vulnerability?

A. Buffer Overflow in the search parameter.
B. Missing X-Frame-Options header.
C. Insecure Direct Object Reference (IDOR) allowing access to another user's bill.
D. Using an outdated version of Apache.

15 Which Windows command is used to manipulate or clear event logs?

A. wevtutil
B. rm -rf
C. chmod
D. netstat

16 What is the difference between a Vulnerability Scan and a Penetration Test?

A. A scan is more expensive than a pentest.
B. A scan is manual; a pentest is automated.
C. A scan is automated and identifies potential issues; a pentest involves manual exploitation to verify risks.
D. They are exactly the same.

17 Which specific Nmap script engine (NSE) category is safe to run on a production network without likely causing a crash?

A. vuln
B. safe
C. dos
D. exploit

18 When interpreting vulnerability data, which metric defines the complexity required to exploit the vulnerability?

A. Attack Vector (AV)
B. User Interaction (UI)
C. Attack Complexity (AC)
D. Privileges Required (PR)

19 Which scan type is most likely to cause a Denial of Service (DoS) on unstable legacy equipment?

A. Intrusive / Aggressive scan
B. Discovery scan
C. Host discovery
D. Passive sniffing

20 In the context of covering tracks, what is Time Stomping?

A. Slowing down the CPU.
B. Modifying the timestamp (access, modify, create) of a file to hide when it was used.
C. Deleting the time server.
D. Running a scan at 3:00 AM.

21 Which tool is essentially a suite of tools centered around a web proxy, used for manual web application security testing?

A. Snort
B. Burp Suite
C. Nessus
D. Nmap

22 What is a False Negative in scanning results?

A. The scanner fails to identify a vulnerability that actually exists.
B. The scanner reports a vulnerability that exists.
C. The scanner cannot connect to the host.
D. The scanner reports a vulnerability that does not exist.

23 Which scanning technique determines the operating system of the target by analyzing the TCP/IP stack implementation responses?

A. Banner Grabbing
B. OS Fingerprinting
C. Port Sweeping
D. Zone Transfer

24 To perform an 'Idle Scan' (zombie scan) using Nmap to stay completely invisible, which flag is used?

A. -sI
B. -sA
C. -sZ
D. -sN

25 When analyzing results, a vulnerability with a high CVSS score but no known exploit code is generally prioritized:

A. As 'Informational' only.
B. Lower than a medium score vulnerability with an active exploit being used in the wild.
C. Higher than a low score vulnerability with an active exploit.
D. As a False Positive.

26 Which of the following is a method to cover tracks on a web server?

A. Using nmap -T4.
B. Sending SQL injection queries.
C. Running ipconfig.
D. Modifying the User-Agent string to look like a standard browser.

27 Which mathematical equation represents the number of possible ports in a TCP/IP connection?

A.
B.
C.
D.

28 What is the primary function of the Common Vulnerabilities and Exposures (CVE) list?

A. To sell antivirus software.
B. To provide a scoring system for severity.
C. To provide a dictionary of common names for publicly known cybersecurity vulnerabilities.
D. To list all IP addresses of hackers.

29 A scanner detects that http://target.com/admin returns a 200 OK status code without requiring a password. This is an example of:

A. Cross-Site Scripting (XSS)
B. Broken Access Control / Authentication Bypass
C. SQL Injection
D. Buffer Overflow

30 Which Nmap scan type is characterized by sending packets with no flags set (Null scan)?

A. -sX
B. -sP
C. -sF
D. -sN

31 Which tool is commonly used for automated SQL injection and database takeover during a vulnerability scan?

A. SQLMap
B. Aircrack-ng
C. Wireshark
D. Hydra

32 In the context of evasion, what is Steganography?

A. Spoofing MAC addresses.
B. Using a VPN.
C. Hiding data (or malicious code) within another file, such as an image or audio file.
D. Encrypting the hard drive.

33 Which component of the CVSS score is NOT constant and changes over time?

A. Impact Subscore
B. Temporal Score
C. Vector String
D. Base Score

34 What is the specific risk of running a UDP Scan (-sU) compared to a TCP scan?

A. It requires authentication.
B. It is always faster.
C. It is incredibly slow because open ports often don't respond and closed ports send ICMP errors which are rate-limited.
D. It cannot detect open ports.

35 A vulnerability report shows 'Apache 2.4.49' is running. This information was likely gathered via:

A. Heuristic Analysis
B. Source Code Review
C. Social Engineering
D. Service Banner Grabbing

36 Which of the following is a technique to evade Network Access Control (NAC) by impersonating a printer or VoIP phone?

A. Null Scan
B. MAC Spoofing
C. Cross-Site Scripting
D. IP Fragmentation

37 What is the purpose of a Proxy Chain in the context of scanning and evasion?

A. To speed up the connection.
B. To chain multiple exploits together.
C. To route traffic through multiple intermediate servers to hide the attacker's true IP.
D. To decrypt SSL traffic.

38 Which logical vulnerability occurs when an application checks for a condition (like balance > 0) but the state changes before the action is completed?

A. SQL Injection
B. Path Traversal
C. XSS
D. Race Condition

39 In a vulnerability scan report, 'Severity' is usually a combination of:

A. Impact and Likelihood
B. Cost and Time
C. TCP and UDP
D. Source and Destination

40 Which type of scan focuses solely on identifying live hosts on a network range without checking for open ports?

A. Compliance Scan
B. Ping Sweep / Discovery Scan
C. Port Scan
D. Vulnerability Scan

41 What is the function of the command rm ~/.bash_history?

A. It removes the bash shell.
B. It updates the system.
C. It deletes the Linux kernel.
D. It deletes the user's command history file to hide executed commands.

42 Which tool would be best suited for analyzing the results of a vulnerability scan and prioritizing remediation based on asset value?

A. Netcat
B. Metasploit
C. A Vulnerability Management Platform (e.g., Tenable.sc)
D. Nmap

43 If an attacker wants to scan a target behind a firewall that drops all incoming SYN packets, which scan might succeed by sending ACK packets to map firewall rules?

A. Stealth Scan
B. TCP ACK Scan (-sA)
C. TCP Connect Scan
D. Version Scan

44 What is a compliance scan?

A. A scan that checks if the system meets specific configuration standards (like PCI-DSS or CIS Benchmarks).
B. A scan that checks for malware.
C. A scan run by the government.
D. A scan that is legally required every day.

45 Which vulnerability arises from trusting user input without validation, allowing script execution in the victim's browser?

A. Cross-Site Scripting (XSS)
B. Buffer Overflow
C. SQL Injection
D. Man-in-the-Middle

46 When covering tracks, why might an attacker use a Rootkit?

A. To encrypt the data for ransom.
B. To maintain persistent, privileged access while hiding processes and files from the OS.
C. To crack passwords faster.
D. To scan the network faster.

47 Which of the following describes Parameter Manipulation?

A. Guessing passwords.
B. Scanning for open ports.
C. Flooding the network with packets.
D. Changing the URL query string values (e.g., price=100 to price=1) to exploit logic.

48 In Nmap, what does the flag -p- denote?

A. Scan ports 1-1024.
B. Scan all 65,535 ports.
C. Scan no ports (Ping only).
D. Scan only popular ports.

49 Which tool is primarily a framework for developing and executing exploit code against a remote target machine?

A. Wireshark
B. Nessus
C. Metasploit Framework
D. John the Ripper

50 During scanning, what is the 'Christmas Tree' scan (-sX)?

A. A scan sent only on holidays.
B. A scan with the FIN, URG, and PSH flags set to 'on'.
C. A scan that uses red and green packets.
D. A scan that logs all data.