NPTEL Online Certification Courses

Indian Institute of Technology Kharagpur

Ethical Hacking
Assignment- Week 4
TYPE OF QUESTION: MCQ/MSQ
Number of questions: 20 Total mark: 20 x 1 = 20
______________________________________________________________________________

QUESTION 1:
Which of the following is not an information source over the internet for target attackers?

a. Whois
b. YouTube
c. Nslookup
d. Archive sites

Correct Answer: b

Detailed Solution:
Information is available for free from some sites and databases residing on the Internet. These services
and sites are – Whois, Nslookup, Archive Sites, open-source software sites, etc.
Whois data base lookup allows us to access information about the target including Registration Detail, IP
address, contact information containing the address, Email ID, phone number. It also displays domain
owner and domain registrar.
Nslookup allows us to obtain IP address(es) corresponding to domain names.
It is very easy to get a complete history of any website using the archive site www.archive.org
YouTube is just a video streaming platform, and not an information source.
The correct option is (b).
______________________________________________________________________________

QUESTION 2:
Which of the following is not a spot from where attackers seek information?

a. Domain name
b. IP address
c. System enumeration
d. Document files
Correct Answer: d
 NPTEL Online Certification Courses
Indian Institute of Technology Kharagpur

Detailed Solution: Internet is a common medium for gathering information through various means
such as from Domain name, IP address of the target user, enumeration of victim’s system, IDEs running,
TCP & UDP services, etc. Document files do not reveal useful information to the attacker.
The correct option is (d).

______________________________________________________________________________

QUESTION 3:
https://archive.org is a popular site where one can enter a domain name in its search box for finding out
how the site was looking at a given date.

a. True
b. False

Correct Answer: a

Detailed Solution: https://archive.org is a popular archive site where one can enter a domain name in
its search box for finding out how the site was looking at a given date. It stores all the details about the
look and working of the site, even when the site got updated. The correct option is (a).

______________________________________________________________________________

QUESTION 4:
Which one of the following Google advanced search operators allows an attacker to restrict the results
to those websites in the given domain?

a. [site:]
b. [cache:]
c. [link:]
d. [inurl:]

Correct Answer: a

Detailed Solution:

The “site” operator is used to limit the results to websites that belong to a given domain. The correct
option is (a).
______________________________________________________________________________

QUESTION 5:
Which results will be returned with the following Google search query?
Site:target.com -site:Marketing.target.com accounting
 NPTEL Online Certification Courses
Indian Institute of Technology Kharagpur

a. Results for matches on the site “Marketing.target.com” that are in the

domain “target.com” but do not include the word “accounting”
b. Results for matches on “target.com” and “Marketing.target.com” that include the word
“accounting”
c. Results matching “accounting” in domain “target.com” but not on the site
“Marketing.target.com”
d. Results matching all words in the query

Correct Answer: c
Detailed Solution:
The “site” operator is used to limit the results for a particular site/domain.
When we use “–site:sitename” it excludes the result from site that has been mentioned with “–site”.
In Google, to search websites that contains a particular word we just need to write related word.
Thus the given search query will result the websites matching “accounting” in domain “target.com” but
not on the site “Marketing.target.com”
The correct option is (c).
____________________________________________________________________________

QUESTION 6:
What command will help you to search files using Google as a search engine?

a. site: target.com filetype:xls username password email

b. inurl: target.com filename:xls username password email
c. domain: target.com archive:xls username password email
d. site: target.com file:xls username password email

Correct Answer: a

Detailed Solution: The “site” operator is used to limit the results for a particular site. “filetype”
parameter match only a specific file type such as PDF, DOC, XLS, PPT, and TXT. We can combine two or
more search operator to narrow down our search results.
The correct option is (a).

_____________________________________________________________________________
 NPTEL Online Certification Courses
Indian Institute of Technology Kharagpur

QUESTION 7:
What type of OS fingerprinting technique sends specially crafted packets to the remote OS and analyzes
the received response?

a. Passive
b. Distributive
c. Reflective
d. Active

Correct Answer: d

Detailed Solution:

In active information gathering we gather information by directly communicating with the victim. The
correct option is (d).

______________________________________________________________________________

QUESTION 8:
NMAP -sn 192.168.11.200-215
The NMAP command above performs which of the following?

a. A ping scan
b. A trace sweep
c. An operating system detect
d. A port scan

Correct Answer: a

Detailed Solution:
-sn option tells nmap not to do a port scan after host discovery, and only print out the available hosts
that responded to the scan. Thus, the above command will perform ping scan. The correct option is (a).

______________________________________________________________________________

QUESTION 9:
If you want to only scan fewer ports than the default scan using nmap tool, which option would you use

a. -r
b. -F
c. -sP
 NPTEL Online Certification Courses
Indian Institute of Technology Kharagpur

d. -p

Correct Answer: d

Detailed Solution:
The -p option specifies customized port scan but you need to provide specific port number or port
range. The correct option is (d).

____________________________________________________________________________

QUESTION 10:
Port scanning can be used as part of a technical assessment to determine network vulnerabilities. The
TCP XMAS scan is used to identify listening ports on the targeted system. While doing a technical
assessment to determine network vulnerabilities, you use the TCP XMAS scan. What would be the
response of all open ports?

a. The port will send an ACK

b. The port will send a SYN
c. The port will ignore the packets
d. The port will send an RST

Correct Answer: c

Detailed Solution:

The TCP XMAS scan is used to identify listening ports on the targeted system. The open ports ignore the
data packets. The correct option is (c).

______________________________________________________________________

QUESTION 11:
Which of the following open source tools would be the best choice to scan a network for potential
targets?

a. NMAP
b. NIKTO
c. CAIN
d. John the Ripper

Correct Answer: a
 NPTEL Online Certification Courses
Indian Institute of Technology Kharagpur

Detailed Solution: NMAP is a port scanning tool and can be used to scan a network for potential
targets. NIKTO is a web site vulnerability scanner that carries out multiple tests on web servers. CAIN is a
password recovery tool. John the Ripper is a password cracking tool. The correct option is (a).

______________________________________________________________________________

QUESTION 12:
Which Nmap option would you use if you were not concerned about being detected and wanted to
perform a very fast scan?

a. -A
b. -O
c. -T5
d. -T0

Correct Answer: c

Detailed Solution: -T0 to -T5 time templates can be used for this purpose, where the scan time can
vary from slow and stealthy to fast and detectable. The correct option is (c).

______________________________________________________________________________

QUESTION 13:
A hacker is attempting to see which IP addresses are currently active on a network. Which NMAP switch
would the hacker use?

a. –sO
b. –sP
c. –sS
d. –sU

Correct Answer: b

Detailed Solution:

–sO option is used for IP Protocol Scan

–sP option is used for Ping scan
–sS option is used for Stealth scan
–sU option is used for UDP scan
The currently active IP addresses can be found out using ping scan. The correct option is (b).

______________________________________________________________________________
 NPTEL Online Certification Courses
Indian Institute of Technology Kharagpur

QUESTION 14:
You are attempting to run an NMAP port scan on a web server. Which of the following commands would
result in a scan of common ports with the least amount of noise in order to evade IDS?
a. Nmap -sT -O -T0
b. Nmap –sU –O –T5
c. Nmap –sP –O –T5
d. Nmap –sT –O –T4

Correct Answer: a

Detailed Solution:
T0 create least noise and sT means TCP connect scan. The correct option is (a).

QUESTION 15:
What would you enter if you wanted to perform a stealth scan using Nmap?

a. Nmap -sU
b. Nmap –sS
c. Nmap –sT
d. Nmap -sA

Correct Answer: b

Detailed Solution:

The -sS option is used for stealth scan. The correct option is (b).

_________________________________________________________________________

QUESTION 16:
What results will the following command yield: ‘nmap -sS -O -p 123-153 192.168.100.3’?

a. A stealth scan, opening port 123 and 153

b. A stealth scan, checking open ports 123 to 153
c. A stealth scan, checking all open ports excluding ports 123 to 153
d. A stealth scan, determine operating system, and scanning ports 123 to 153

Correct Answer: d

Detailed Solution:
 NPTEL Online Certification Courses
Indian Institute of Technology Kharagpur

The -sS option is used for stealth scan. The -O option used for operating system scan and –p option used
for port scan followed by the port range 123 to 153. The correct option is (d).

___________________________________________________________________________

QUESTION 17:
Which NMAP command combination would let a tester scan every TCP port from a class C network that
is blocking ICMP with fingerprinting and service detection?

a. nmap -Pn -O -sS -p 1-1024 192.168.0/8

b. nmap -Pn -A -sS -p 1-65535 192.168.2.0/24
c. nmap -sI -Pn -p 0-65535 192.168.2.0/16
d. nmap -P0 -A -O -p 1-65535 192.168.2.0/24

Correct Answer: b

Detailed Solution:

The -p 1-65535 option indicates scanning of all ports. The -A option is used to fingerprint the OS on the
host as well as the services being used. NMAP automatically pings which will result in a failed attempt to
probe a system that is in a network that is blocking ICMP.
The option "-Pn" (treat hosts as online, skipping host discovery) is used for a network that is blocking
ICMP.

______________________________________________________________________________

QUESTION 18:
Which of the following tools will scan a network to perform vulnerability checks and compliance
auditing?

a. NMAP
b. Metasploit
c. Nessus
d. BeEF

Correct Answer: c

Detailed Solution:
NMAP is used for port scanning and sometimes for vulnerability assessment.
Metasploit is mainly used for penetration testing.
Nessus perform vulnerability checks and compliance auditing.
 NPTEL Online Certification Courses
Indian Institute of Technology Kharagpur

BeEF is used to compromise system using cross site scripting attack.

The correct option is (c).
___________________________________________________________________

QUESTION 19:
The network administrator contacts you and tells you that she noticed the temperature on the internal
wireless router increases by more than 20% during weekend hours when the office was closed. She asks
you to investigate the issue because she is busy dealing with a big conference and she doesn’t have time
to perform the task.
What tool can you use to view the network traffic being sent and received by the wireless router?

a. Wireshark
b. Nessus
c. Netcat
d. Netstat
Correct Answer: a

Detailed Solution:
Wireshark is a Free and open source packet analyzer. It can be used to capture and analyze all the
packets.
Nessus is an open-source network vulnerability scanner that uses the common vulnerabilities and
exposures architecture for easy cross-linking between compliant security tools.
Netcat (often abbreviated to nc) is a computer networking utility for reading from and writing to
network connections using TCP or UDP.
Netstat provides network statistics.
The correct option is (a).
______________________________________________________________________________

QUESTION 20:
The establishment of a TCP connection involves a negotiation called 3-way handshake. What type of
message the client sends to the server in order to begin this negotiation?

a. RST
b. ACK
c. SYN-ACK
d. SYN

Correct Answer: d
 NPTEL Online Certification Courses
Indian Institute of Technology Kharagpur

Detailed Solution:
Step 1 (SYN): In the first step, client wants to establish a connection with server, so it sends a segment
with SYN that informs server that client is likely to start communication and with what sequence
number it starts the segments with.
Step 2 (SYN + ACK): Server responds to the client request with SYN-ACK signal bits set.
Acknowledgement (ACK) signifies the response of segment it received and SYN signifies with what
sequence number it is likely to start the segments with.
Step 3 (ACK): In the final part client acknowledges the response of server and they both establish a
reliable connection with which they will start actual data transfer.

SYN

TCP Client SYN + ACK TCP Server

ACK

______________________________________________________________________________

************END*******