Unit 3 - Practice Quiz

INT245 50 Questions
0 Correct 0 Wrong 50 Left
0/50

1 Which of the following creates a 'half-open' connection to determine if a port is open, making it less likely to be logged by the target system?

A. Ping Scan (-sn)
B. UDP Scan (-sU)
C. TCP Connect Scan (-sT)
D. TCP SYN Scan (-sS)

2 When analyzing vulnerability scan results, what is a False Positive?

A. The scanner crashes the target service.
B. The scanner identifies a vulnerability that does not actually exist.
C. The scanner fails to identify an existing vulnerability.
D. The scanner correctly identifies a critical vulnerability.

3 Which open-source vulnerability scanner was originally a fork of the last open-source version of Nessus?

A. Burp Suite
B. OpenVAS
C. Qualys
D. Nexpose

4 In the context of Nmap timing templates used for evasion, which flag represents 'Paranoid' mode, sending packets very slowly to evade IDS?

A. -T3
B. -T1
C. -T5
D. -T0

5 Why are automated scanners generally poor at detecting Business Logic Vulnerabilities?

A. Logic flaws are only found in compiled code, not web apps.
B. Scanners cannot decrypt SSL/TLS traffic.
C. Scanners do not support HTTP POST requests.
D. Logic flaws depend on context and intended workflow, not syntax errors.

6 Which command allows an attacker to clear the command history in a Linux environment to cover tracks?

A. ls -la
B. clear
C. history -c
D. cat /dev/null

7 What is the primary difference between a Credentialed Scan and a Non-Credentialed Scan?

A. Non-credentialed scans can read the registry and configuration files.
B. Credentialed scans log in to the system to audit local settings and patches.
C. Non-credentialed scans are faster but cause more network traffic.
D. Credentialed scans are illegal.

8 Which CVSS v3.1 score range represents a Critical severity vulnerability?

A.
B.
C.
D.

9 Which Nmap technique involves sending packets from the attacker's IP mixed with packets from other spoofed IP addresses to confuse the target's IDS/Firewall?

A. Source Port Manipulation (--source-port)
B. MAC Address Spoofing (--spoof-mac)
C. Decoy Scanning (-D)
D. Packet Fragmentation (-f)

10 Which tool is specifically designed for scanning web servers for dangerous files, outdated server software, and default configuration problems?

A. Nikto
B. Wireshark
C. John the Ripper
D. Kismet

11 An attacker changes the source port of their packets to 53. What evasion technique is this, and why might it work?

A. Source Port Manipulation; firewalls may trust traffic from DNS ports.
B. Fragmentation; it splits the header.
C. Decoy scanning; it hides the IP address.
D. Timing attack; it speeds up the scan.

12 In a vulnerability assessment, what does deduplication refer to?

A. Removing critical vulnerabilities from the report.
B. Copying the report to multiple servers.
C. Running the scan twice to ensure accuracy.
D. Consolidating multiple reports of the same vulnerability on the same host into a single finding.

13 What is the purpose of Packet Fragmentation (-f) in Nmap during a scan?

A. To verify the MTU size of the network.
B. To corrupt the target file system.
C. To split TCP headers into smaller fragments to bypass packet filters/firewalls.
D. To increase scanning speed.

14 Which of the following is considered a Logical Vulnerability?

A. Using an outdated version of Apache.
B. Insecure Direct Object Reference (IDOR) allowing access to another user's bill.
C. Buffer Overflow in the search parameter.
D. Missing X-Frame-Options header.

15 Which Windows command is used to manipulate or clear event logs?

A. wevtutil
B. rm -rf
C. netstat
D. chmod

16 What is the difference between a Vulnerability Scan and a Penetration Test?

A. A scan is more expensive than a pentest.
B. A scan is manual; a pentest is automated.
C. They are exactly the same.
D. A scan is automated and identifies potential issues; a pentest involves manual exploitation to verify risks.

17 Which specific Nmap script engine (NSE) category is safe to run on a production network without likely causing a crash?

A. safe
B. dos
C. vuln
D. exploit

18 When interpreting vulnerability data, which metric defines the complexity required to exploit the vulnerability?

A. Attack Vector (AV)
B. Attack Complexity (AC)
C. User Interaction (UI)
D. Privileges Required (PR)

19 Which scan type is most likely to cause a Denial of Service (DoS) on unstable legacy equipment?

A. Discovery scan
B. Passive sniffing
C. Intrusive / Aggressive scan
D. Host discovery

20 In the context of covering tracks, what is Time Stomping?

A. Modifying the timestamp (access, modify, create) of a file to hide when it was used.
B. Deleting the time server.
C. Running a scan at 3:00 AM.
D. Slowing down the CPU.

21 Which tool is essentially a suite of tools centered around a web proxy, used for manual web application security testing?

A. Nmap
B. Burp Suite
C. Nessus
D. Snort

22 What is a False Negative in scanning results?

A. The scanner reports a vulnerability that exists.
B. The scanner cannot connect to the host.
C. The scanner reports a vulnerability that does not exist.
D. The scanner fails to identify a vulnerability that actually exists.

23 Which scanning technique determines the operating system of the target by analyzing the TCP/IP stack implementation responses?

A. Port Sweeping
B. Zone Transfer
C. OS Fingerprinting
D. Banner Grabbing

24 To perform an 'Idle Scan' (zombie scan) using Nmap to stay completely invisible, which flag is used?

A. -sA
B. -sZ
C. -sN
D. -sI

25 When analyzing results, a vulnerability with a high CVSS score but no known exploit code is generally prioritized:

A. Lower than a medium score vulnerability with an active exploit being used in the wild.
B. Higher than a low score vulnerability with an active exploit.
C. As 'Informational' only.
D. As a False Positive.

26 Which of the following is a method to cover tracks on a web server?

A. Running ipconfig.
B. Modifying the User-Agent string to look like a standard browser.
C. Using nmap -T4.
D. Sending SQL injection queries.

27 Which mathematical equation represents the number of possible ports in a TCP/IP connection?

A.
B.
C.
D.

28 What is the primary function of the Common Vulnerabilities and Exposures (CVE) list?

A. To provide a dictionary of common names for publicly known cybersecurity vulnerabilities.
B. To sell antivirus software.
C. To provide a scoring system for severity.
D. To list all IP addresses of hackers.

29 A scanner detects that http://target.com/admin returns a 200 OK status code without requiring a password. This is an example of:

A. Cross-Site Scripting (XSS)
B. SQL Injection
C. Broken Access Control / Authentication Bypass
D. Buffer Overflow

30 Which Nmap scan type is characterized by sending packets with no flags set (Null scan)?

A. -sP
B. -sN
C. -sF
D. -sX

31 Which tool is commonly used for automated SQL injection and database takeover during a vulnerability scan?

A. Aircrack-ng
B. Wireshark
C. SQLMap
D. Hydra

32 In the context of evasion, what is Steganography?

A. Encrypting the hard drive.
B. Hiding data (or malicious code) within another file, such as an image or audio file.
C. Using a VPN.
D. Spoofing MAC addresses.

33 Which component of the CVSS score is NOT constant and changes over time?

A. Base Score
B. Vector String
C. Temporal Score
D. Impact Subscore

34 What is the specific risk of running a UDP Scan (-sU) compared to a TCP scan?

A. It cannot detect open ports.
B. It is always faster.
C. It requires authentication.
D. It is incredibly slow because open ports often don't respond and closed ports send ICMP errors which are rate-limited.

35 A vulnerability report shows 'Apache 2.4.49' is running. This information was likely gathered via:

A. Source Code Review
B. Social Engineering
C. Service Banner Grabbing
D. Heuristic Analysis

36 Which of the following is a technique to evade Network Access Control (NAC) by impersonating a printer or VoIP phone?

A. IP Fragmentation
B. Null Scan
C. Cross-Site Scripting
D. MAC Spoofing

37 What is the purpose of a Proxy Chain in the context of scanning and evasion?

A. To decrypt SSL traffic.
B. To chain multiple exploits together.
C. To route traffic through multiple intermediate servers to hide the attacker's true IP.
D. To speed up the connection.

38 Which logical vulnerability occurs when an application checks for a condition (like balance > 0) but the state changes before the action is completed?

A. Path Traversal
B. Race Condition
C. XSS
D. SQL Injection

39 In a vulnerability scan report, 'Severity' is usually a combination of:

A. Cost and Time
B. TCP and UDP
C. Source and Destination
D. Impact and Likelihood

40 Which type of scan focuses solely on identifying live hosts on a network range without checking for open ports?

A. Compliance Scan
B. Ping Sweep / Discovery Scan
C. Port Scan
D. Vulnerability Scan

41 What is the function of the command rm ~/.bash_history?

A. It deletes the user's command history file to hide executed commands.
B. It deletes the Linux kernel.
C. It removes the bash shell.
D. It updates the system.

42 Which tool would be best suited for analyzing the results of a vulnerability scan and prioritizing remediation based on asset value?

A. A Vulnerability Management Platform (e.g., Tenable.sc)
B. Nmap
C. Metasploit
D. Netcat

43 If an attacker wants to scan a target behind a firewall that drops all incoming SYN packets, which scan might succeed by sending ACK packets to map firewall rules?

A. TCP Connect Scan
B. Version Scan
C. TCP ACK Scan (-sA)
D. Stealth Scan

44 What is a compliance scan?

A. A scan that is legally required every day.
B. A scan that checks for malware.
C. A scan run by the government.
D. A scan that checks if the system meets specific configuration standards (like PCI-DSS or CIS Benchmarks).

45 Which vulnerability arises from trusting user input without validation, allowing script execution in the victim's browser?

A. SQL Injection
B. Buffer Overflow
C. Cross-Site Scripting (XSS)
D. Man-in-the-Middle

46 When covering tracks, why might an attacker use a Rootkit?

A. To scan the network faster.
B. To maintain persistent, privileged access while hiding processes and files from the OS.
C. To crack passwords faster.
D. To encrypt the data for ransom.

47 Which of the following describes Parameter Manipulation?

A. Flooding the network with packets.
B. Changing the URL query string values (e.g., price=100 to price=1) to exploit logic.
C. Scanning for open ports.
D. Guessing passwords.

48 In Nmap, what does the flag -p- denote?

A. Scan all 65,535 ports.
B. Scan no ports (Ping only).
C. Scan only popular ports.
D. Scan ports 1-1024.

49 Which tool is primarily a framework for developing and executing exploit code against a remote target machine?

A. Nessus
B. John the Ripper
C. Wireshark
D. Metasploit Framework

50 During scanning, what is the 'Christmas Tree' scan (-sX)?

A. A scan with the FIN, URG, and PSH flags set to 'on'.
B. A scan that uses red and green packets.
C. A scan that logs all data.
D. A scan sent only on holidays.