INT 244 UNIT 04 MCQs

Sniffers, Social Engineering & Denial of Service

Sniffers, Social Engineering & Denial of Service

Sniffers :-

1. On a switch, each switchport represents a ____________.

A. VLAN

B. Broadcast domain

C. Host

D. Collision domain ✔️

2. Wireless access points function as a ____________.

A. Hub ✔️

B. Bridge

C. Router

D. Repeater 

3. What mode must be configured to allow an NIC to capture all traffic on the wire?

A. Extended mode

B. 10/100

C. Monitor mode

D. Promiscuous mode ✔️

4. Which of the following prevents ARP poisoning?

A. ARP Ghost

B. IP DHCP Snooping ✔️

C. IP Snoop

D. DNSverf

5. Jennifer is a system administrator who is researching a technology that will secure

network traffic from potential sniffing by unauthorized machines. Jennifer is not

concerned with the future impact on legitimate troubleshooting. What technology can

Jennifer implement?

A. SNMP

B. LDAP

C. SSH ✔️

D. FTP

6. MAC spoofing applies a legitimate MAC address to an unauthenticated host, which

allows the attacker to pose as a valid user. Based on your understanding of ARP, what

would indicate a bogus client?

A. The MAC address doesn’t map to a manufacturer.

B. The MAC address is two digits too long.

C. A reverse ARP request maps to two hosts. ✔️

D. The host is receiving its own traffic.

7. Bob is attempting to sniff a wired network in his first pen test contract. He sees only

traffic from the segment he is connected to. What can Bob do to gather all switch

traffic?

A. MAC flooding ✔️

B. MAC spoofing

C. IP spoofing

D. DOS attack

8. What technique funnels all traffic back to a single client, allowing sniffing from all

connected hosts?

A. ARP redirection

B. ARP poisoning ✔️

C. ARP flooding

D. ARP partitioning

9. Which Wireshark filter displays only traffic from 192.168.1.1?

A. ip.addr =! 192.168.1.1

B. ip.addr ne 192.168.1.1

C. ip.addr == 192.168.1.1 ✔️

D. ip.addr – 192.168.1.1

10. What common tool can be used for launching an ARP poisoning attack?

A. Cain & Abel ✔️

B. Nmap

C. Scooter

D. Tcpdump

11. Which command launches a CLI version of Wireshark?

A. Wireshk

B. dumpcap

C. tshark ✔️

D. editcap

12. Jennifer is using tcpdump to capture traffic on her network. She would like to save the

capture for later review. What command can Jennifer use?

A. tcpdump –r capture.log

B. tcpdump – l capture.log

C. tcpdump –t capture.log

D. tcpdump –w capture.log ✔️

13. What is the generic syntax of a Wireshark filter?

A. protocol.field operator value ✔️

B. field.protocol operator value

C. operator.protocol value field

D. protocol.operator value field

14. Tiffany is analyzing a capture from a client’s network. She is particularly interested in

NetBIOS traffic. What port does Tiffany filter for?

A. 123

B. 139 ✔️

C. 161

D. 110

16. Jennifer is using tcpdump to capture traffic on her network. She would like to review a

capture log gathered previously. What command can Jennifer use?

A. tcpdump –r capture.log ✔️

B. tcpdump – l capture.log

C. tcpdump –t capture.log

D. tcpdump –w capture.log

17. Wireshark requires a network card to be able to enter which mode to sniff all network

traffic?

A. Capture mode

B. Promiscuous mode ✔️

C. Pcap mode

D. Gather mode

18. Which network device can block sniffing to a single network collision domain, create

VLANs, and make use of SPAN ports and port mirroring?

A. Hub

B. Switch ✔️

C. Router

D. Bridge

19. What device will neither limit the flow of traffic nor have an impact on the

effectiveness of sniffing?

A. Hub ✔️

B. Router

C. Switch

D. Gateway

20. The command-line equivalent of WinDump is known as what?

A. Wireshark

B. Tcpdump ✔️

C. WinDump

D. Netstat

Social Engineering :-

1. Phishing takes place using __________.

A. Instant messaging

B. Email ✔️

C. Websites

D. Piggybacking

2. Training and education of end users can be used to prevent __________.

A. Phishing ✔️

B. Tailgating/piggybacking ✔️

C. Session hijacking

D. Wireshark

3. Social engineering can be thwarted using what kinds of controls?

A. Technical ✔️

B. Administrative ✔️

C. Physical ✔️

D. Proactive controls

4. Social engineering preys on many weaknesses, including __________.

A. Technology ✔️

B. People ✔️

C. Human nature ✔️

D. Physical ✔️

5. Social engineering can use all the following except __________.

A. Mobile phones

B. Instant messaging

C. Trojan horses

D. Viruses ✔️

6. Social engineering is designed to __________.

A. Manipulate human behavior ✔️

B. Make people distrustful

C. Infect a system

D. Gain a physical advantage

7. Phishing can be mitigated through the use of __________.

A. Spam filtering ✔️

B. Education

C. Antivirus

D. Anti-malware

8. Which mechanism can be used to influence a targeted individual?

A. Means of dress or appearance ✔️

B. Technological controls

C. Physical controls

D. Training

9. Jennifer receives an email claiming that her bank account information has been lost

and that she needs to click a link to update the bank’s database. However, she doesn’t

recognize the bank, because it is not one she does business with. What type of attack

is she being presented with?

A. Phishing ✔️

B. Spam

C. Whaling

D. Vishing

10. What is the best option for thwarting social-engineering attacks?

A. Technology

B. Training ✔️

C. Policies

D. Physical controls

11. Janet receives an email enticing her to click a link. But when she clicks this link she is

taken to a website for her bank, asking her to reset her account info. However, Janet

noticed that the bank is not hers and the website is not for her bank. What type of

attack is this?

A. Whaling

B. Vishing

C. Phishing ✔️

D. Piggybacking

12. Jason receives notices that he has unauthorized charges on his credit card account.

What type of attack is Jason a victim of?

A. Social engineering

B. Phishing

C. Identity theft ✔️

D. Bad luck

13. A security camera picks up someone who doesn’t work at the company following

closely behind an employee while they enter the building. What type of attack is

taking place?

A. Phishing

B. Walking

C. Gate running

D. Tailgating ✔️

14. What is a vulnerability scan designed to provide to those executing it?

A. A way to find open ports

B. A way to diagram a network

C. A proxy attack

D. A way to reveal vulnerabilities ✔️

15. In social engineering a proxy is used to __________.

A. Assist in scanning

B. Perform a scan

C. Keep an attacker’s origin hidden ✔️

D. Automate the discovery of vulnerabilities

16. Social engineering can be used to carry out email campaigns known as __________.

A. Spamming

B. Phishing ✔️

C. Vishing 

D. Splashing

17. Human beings tend to follow set patterns and behaviors known as __________.

A. Repetition

B. Habits ✔️

C. Primacy

D. Piggybacking

18. When talking to a victim, using __________ can make an attack easier.

A. Eye contact

B. Keywords ✔️

C. Jargon

D. Threats

19. An attacker can use which technique to influence a victim?

A. Tailgating

B. Piggybacking

C. Name-dropping ✔️

D. Acting like tech support

20. Jason notices that he is receiving mail, phone calls, and other requests for

information. He has also noticed some problems with his credit checks such as bad

debts and loans he did not participate in. What type of attack did Jason become a

victim of?

A. Social engineering

B. Phishing

C. Identity theft ✔️

D. Bad luck

Denial of Service :-

1. What is the hexadecimal value of a NOP instruction in an Intel system?

A. 0x99

B. 0x90 ✔️

C. 0x80

D. 99x0

2. Which pointer in a program stack gets shifted or overwritten during a successful

overflow attack?

A. ESP

B. ECP

C. EIP ✔️

D. EBP

3. Groups and individuals who hack systems based on principle or personal beliefs are

known as ___________.

A. White hats

B. Black hats

C. Script kiddies

D. Hacktivists ✔️

4. Jason is the local network administrator who has been tasked with securing the

network from possible DoS attacks. Within the last few weeks, some traffic logs

appear to have internal clients making requests from outside the internal LAN. Based

on the traffic Jason has been seeing, what action should he take?

A. Throttle network traffic.

B. Update antivirus definitions.

C. Implement egress filtering.

D. Implement ingress filtering. ✔️

5. Which DoS attack sends traffic to the target with a spoofed IP of the target itself?

A. Land ✔️

B. Smurf

C. Teardrop

D. SYN flood

6. Adding to and removing from a program stack are known as what?

A. Pop and lock

B. Push and pop ✔️

C. Stack and pull

D. Plus and minus

7. Zombies Inc. is looking for ways to better protect their web servers from potential DoS

attacks. Their web admin proposes the use of a network appliance that receives all

incoming web requests and forwards them to the web server. He says it will prevent

direct customer contact with the server and reduce the risk of DoS attacks. What

appliance is he proposing?

A. Web proxy

B. IDS

C. Reverse proxy ✔️

D. Firewall

8. In a DDoS attack, what communications channel is commonly used to orchestrate the

attack?

A. Internet Relay Chat (IRC) ✔️

B. MSN Messenger

C. ICMP 

D. Google Talk

9. What is the name for the dynamic memory space that, unlike the stack, doesn’t rely on

sequential ordering or organization?

A. Pointer

B. Heap ✔️

C. Pile

D. Load

10. Which function(s) are considered dangerous because they don’t check memory

bounds? (Choose all that apply.)

A. gets() ✔️

B. strcpy() ✔️

C. scanf() ✔️

D. strcat() ✔️

11. The stack operates on _______ a basis.

A. FIFO

B. LIFO ✔️

C. FILO

D. LILO

13. What is a single-button DDoS tool suspected to be used by groups such as

Anonymous?

A. Trinoo

B. Crazy Pinger

C. LOIC ✔️

D. DoSHTTP

14. What is an eight-in-one DoS tool that can launch such attacks as land and teardrop?

A. Jolt

B. Targa ✔️

C. TFN2K

D. Trinoo

15. What command-line utility can you use to craft custom packets with specific flags set?

A. Nmap

B. Zenmap

C. Ping

D. hping3 ✔️

16. What protocol is used to carry out a fraggle attack?

A. IPX

B. TCP

C. UDP ✔️

D. ICMP

17. What is the key difference between a smurf and a fraggle attack?

A. TCP vs. UDP ✔️

B. TCP vs. ICP

C. UDP vs. ICMP

D. TCP vs. ICMP

18. What is the main difference between DoS and DDoS?

A. Scale of attack

B. Number of attackers ✔️

C. Goal of the attack

D. Protocols in use

19. What is the most common sign of a DoS attack?

A. Weird messages

B. Rebooting of a system

C. Slow performance ✔️

D. Stolen credentials

20. What response is missing in a SYN flood attack?

A. ACK ✔️

B. SYN

C. SYN-ACK

D. URG