SECTION A - Cybersecurity Questions and Answers

1. State the code that can be used by the hacker to perform this action.

The code a hacker can use to perform this ping of death attack is `ping -l 65858 192.168.0.100` on

Windows or `ping -s 65858 192.168.0.100` on Linux.

2. State the error message that will be returned by the victim's machine.

The victim's machine will return the error message 'Packet needs to be fragmented but DF set' or

'Request Timed Out.'

3. State one responsibility of a professional hacker.

One responsibility of a professional hacker is to identify and fix security vulnerabilities in systems to

prevent unauthorized access.

4. An ethical hacker is?

An ethical hacker is a cybersecurity expert who uses hacking techniques legally to help protect and

secure computer systems.

5. Cyberpunks?

Cyberpunks are individuals who use computers and digital networks to conduct illegal or

unauthorized activities, often challenging authority or institutions.

6. Phishing is a process?

Phishing is a process of tricking users into revealing sensitive information, such as passwords or

credit card numbers, by pretending to be a trustworthy source.

7. State one step that can be used to counter social engineering methods.

One step to counter social engineering methods is to provide regular security awareness training to

users and employees.

8. One method used in Internet foot printing is

One method used in internet foot printing is performing DNS interrogation to gather information

about a target's domain.

9. Search Engines can be used in Web searching to

Search engines can be used in web searching to locate and gather publicly available information

about a target or organization.

10. 'WHOIS' is an Internet tool that

'WHOIS' is an Internet tool that provides registration and ownership details of a domain name.

11. Session hijacking can be accomplished by using

Session hijacking can be accomplished by using packet sniffing or session prediction techniques.

12. Two ways to avoid logging by a proxy server are

Two ways to avoid logging by a proxy server are using a virtual private network (VPN) and

encrypting your web traffic with HTTPS.

13. The command to perform a DNS zone transfer that allows anyone to query a DNS server

for information is

The command to perform a DNS zone transfer is `dig axfr @target-dns-server domain.com`.

14. The command (in Linux or Windows operating System) for a request for a Web page that

resides on a remote server and can track all of the intermediate servers on its way is

The command used to trace the route to a remote web server is `traceroute` in Linux or `tracert` in

Windows.

15. A white hacker?

A white hacker is an ethical hacker who uses their skills to protect systems and networks from

malicious attacks.

16. Sniffers can be used for?

Sniffers can be used for capturing and analyzing network traffic to detect vulnerabilities or monitor

data flow.

17. _____ allows you to capture packets from a live network and save them to a capture file

on disk

Tools like Wireshark or `tcpdump` allow you to capture packets from a live network and save them
to a capture file on disk.

18. Functions of a network monitor includes

Functions of a network monitor include monitoring traffic, detecting issues, and analyzing the

performance of network systems in real-time.

19. In an Address Resolution Protocol (ARP) Attack, the attacker

In an ARP attack, the attacker sends fake ARP messages to trick a device into associating the

attacker's MAC address with the IP address of another device on the network.

20. In a route table modification, If the route table cannot find a match it

If the route table cannot find a match for the destination IP address, it sends the packet to the

default gateway or drops it.

1. The Transmission Control Protocol (TCP)

i) Provides connection-oriented services between a source and destination computer

ii) Guarantees delivery of packets
iii) Packets reach the application layer in the right order
iv) Identifies and assembles packets based on sequence numbers

Options:
A) i, ii only
B) i, iii only
C) i, ii, iii, iv
D) ii, iii, iv only

Answer: C) i, ii, iii, iv

Explanation: TCP is a connection-oriented protocol that ensures reliable delivery (ii), correct ordering
(iii), and uses sequence numbers for reassembly (iv).

2. In a Connection Release process

i) Source computer sends a FIN packet to the destination computer

ii) Destination computer then sends a FIN/ACK packet
iii) Source computer sends an ACK packet
iv) Either computer could send an RST and close the session (reset) immediately

Options:
A) i, ii only
B) i, ii, iii only
C) i, ii, iii, iv
D) ii, iv

Answer: C) i, ii, iii, iv

Explanation: TCP connection termination follows a four-way handshake (i-iii), and an RST can forcibly
close the connection (iv).

3. An incorrectly configured DNS server may allow any Internet user to perform a zone transfer. The
command to perform a DNS zone transfer is:

A) S-dsniff
B) S-tcpdump
C) nslookup
D) S-t nslookup
Answer: C) nslookup
Explanation: nslookup can be used to perform DNS zone transfers if the server is misconfigured.

4. A sniffer puts a network card into promiscuous mode

i) By using a programmatic interface

ii) The interface can bypass the TCP/IP stack of the operating system
iii) By using a MAC address
iv) By attacking the routers in the transmission path

Options:
A) i, ii, iii
B) i, iv
C) i, ii
D) i, ii, iii, iv

Answer: C) i, ii
Explanation: Sniffers use programmatic interfaces (i) and bypass normal TCP/IP processing (ii). MAC
addresses and router attacks are unrelated to promiscuous mode.

5. A sniffer must work with the type of network interface

A) Supported by your operating system

B) Where the sniffers look only at the traffic passing through the network interface adapter
C) On the machine where the application is resident
D) Where you can read the traffic on the network segment upon which your computer resides

Answer: D) Where you can read the traffic on the network segment upon which your computer resides
Explanation: Sniffers capture traffic on the local network segment.

6. In Connection Hijacking

i) An attacker copies the MAC address of the victim's computer

ii) Deletes the MAC address of the victim's computer
iii) An attacker desynchronizes a series of packets between the source and destination computer
iv) Extra packets sent to one of the victims force the victim to choose which packet to accept

Options:
A) i, ii only
B) ii, iii, iv only
C) iii, iv
D) i, ii, iii, iv
Answer: C) iii, iv
Explanation: Hijacking involves desynchronizing packets (iii) and forcing the victim to accept malicious
packets (iv).

7. IP Security architecture provides

i) Encryption of user data for privacy

ii) Authentication of the integrity of a message
iii) Protection against replay attacks
iv) Authentication for the attacker's machine

Options:
A) i, ii only
B) i, ii, iii only
C) i, ii, iii, iv
D) ii, iii, iv only

Answer: B) i, ii, iii only

Explanation: IPsec provides encryption (i), integrity (ii), and replay protection (iii), but not authentication
for attackers (iv).

8. Methods to decrease vulnerabilities in TCP/IP include

i) Modify default timer values

ii) Increase the number of simultaneous connections that a computer can handle
iii) Install an antivirus on the system
iv) Modify the sequence numbers of the packets

Options:
A) i, ii, iii only
B) ii, iii, iv
C) ii, iii
D) iii, iv only

Answer: A) i, ii, iii only

Explanation: Modifying timers (i), increasing connections (ii), and antivirus (iii) help security. Changing
sequence numbers (iv) is not a valid method.

9. In an ARP test on a network, the Windows driver for the network card

A) Detects all hackers on the network

B) Detects the IP addresses of all computers linked to the network
C) Examines the contents of the hard disk of the main server for the network
D) Examines only the first octet of the MAC address to determine whether it is a broadcast packet

Answer: B) Detects the IP addresses of all computers linked to the network

Explanation: ARP resolves IP addresses to MAC addresses on the local network.

10. To avoid or defend against IP spoofing, users must

i) Avoid trust relationships that rely upon IP address only

ii) Encrypt the IP addresses in use
iii) Change the permissions on the Systemroot hosts file to allow read-only access on Windows systems
iv) Not allow hackers to guess sequence numbers on their systems

Options:
A) i, ii, iii only
B) ii, iii, iv only
C) ii, iv only
D) i, iii only

Answer: D) i, iii only

Explanation: Avoiding IP-based trust (i) and securing the hosts file (iii) are key defenses.

11. The decoy method of detecting sniffers involves

i) Setting up a client and server on either side of the network

ii) Configuring the server with accounts that do not have rights or privileges
iii) Involves configuring firewalls to prevent hackers
iv) Involves backing up all files on the main server within the network

Options:
A) i, ii
B) ii, iii, iv
C) ii, iii
D) i, ii, iii, iv

Answer: A) i, ii
Explanation: The decoy method uses fake accounts (ii) and monitors unauthorized access attempts (i).

12. The command to check if a sniffer is in promiscuous mode is:

A) -/der config-d
B) -/ifconfig -a
C) -/ps aux -a
D) -c /-ipconfig -d

Answer: B) -/ifconfig -a
Explanation: ifconfig -a (Unix/Linux) or ipconfig /all (Windows) can show promiscuous mode status.

13. Motivation for hacking includes

i) Desire for recognition or fame

ii) Desire to spread spam or virus
iii) Revenge
iv) Intent to commit industrial espionage

Options:
A) i, ii
B) i, ii, iii
C) ii, iii, iv
D) i, ii, iii, iv

Answer: D) i, ii, iii, iv

Explanation: Hackers may be motivated by fame (i), malice (ii, iii), or espionage (iv).

14. An ethical hacker is

A) A security professional who applies hacking skills for defensive purposes

B) One who uses hacking skills for teaching others how to hack
C) A hacker who distributes trojans and worms on the World Wide Web
D) A hacker who hacks only attackers of secure networks

Answer: A) A security professional who applies hacking skills for defensive purposes
Explanation: Ethical hackers use skills to improve security.

15. Blackhat hackers hack websites and networks with

A) Display valuable information

B) Display information with a bad intent
C) Hack with good intent
D) Hack sites with insufficient information

Answer: B) Display information with a bad intent

Explanation: Blackhat hackers act maliciously.
16. Sniffers can be implemented from

i) Any computer within a network

ii) At the gateway
iii) At the routers
iv) The central processing unit

Options:
A) i
B) i, ii
C) i, ii, iii
D) i, ii, iii, iv

Answer: C) i, ii, iii

Explanation: Sniffers can operate from any network device (i-iii), but not the CPU (iv).

17. Sniffers look only at the traffic passing through the

A) Network Interface adapter on the machine the application is running on

B) Network adaptor and the RAM on the machine the sniffer is resident on
C) Data passing through the buffer unit of the computer
D) Hard disk in the machine the sniffer is running on

Answer: A) Network Interface adapter on the machine the application is running on

Explanation: Sniffers capture traffic at the network interface level.

18. To spoof a trusted machine relationship, the attacker must

i) Identify the target pair of trusted machines

ii) Anesthetize the host the attacker intends to impersonate
iii) Forge the address of the host the attacker is pretending to be
iv) Accurately guess the correct sequence of all TCP/IP transmissions

Options:
A) i and ii only
B) ii, iii, and iv only
C) iii and iv
D) i, ii, iii, and iv

Answer: D) i, ii, iii, and iv

Explanation: Spoofing requires identifying targets (i), disabling the host (ii), forging addresses (iii), and
guessing sequences (iv).
19. In an IP spoofing attack, a tangible loss may occur when

A) Spam or SYN flooding occurs on the network under attack

B) Valuable data is lost or duplicated
C) The network is slowed down by the attacker
D) The reputation of the victim is compromised

Answer: B) Valuable data is lost or duplicated

Explanation: Spoofing can lead to data theft or corruption.

20. Blind spoofing is where the

A) Hacker is not aware of all network conditions but uses various means to gain access
B) Victim is not aware that he or she is being hacked
C) Victim's firewall cannot detect the attacker
D) Attacker can attack the victim without being detected

Answer: A) Hacker is not aware of all network conditions but uses various means to gain access
Explanation: Blind spoofing occurs when the attacker lacks full network visibility.

21. Damage caused by a Trojan horse includes

i) Erasing or overwriting data

ii) Re-installing itself after being disabled
iii) Copying fake links leading to false websites
iv) Rewriting the URL of the victim's address

Options:
A) i and ii
B) ii, iii, and iv
C) i, ii, iii, and iv
D) i, ii, iii

Answer: C) i, ii, iii, and iv

Explanation: Trojans can cause all these damages.

22. A Trojan horse attack can be cleared by using

i) Antivirus software
ii) Booting from a live CD and then using antivirus
iii) Resetting jumpers on the motherboard
iv) Updating the firewall
Options:
A) i, ii
B) ii, iii
C) i, ii, iii
D) i, ii, iv

Answer: A) i, ii
Explanation: Antivirus (i) and live CD cleaning (ii) are effective.

23. The best way to clean a heavily infected computer is to

A) Reformat the hard disk and reinstall the OS

B) Clean the computer with an antivirus
C) Prevent other users from using the affected files
D) Delete all unfamiliar files on the hard disk

Answer: A) Reformat the hard disk and reinstall the OS

Explanation: A full wipe ensures complete removal of malware.

24. Defenses against man-in-the-middle attacks include

i) Public key and secret key infrastructure

ii) Avoiding unsecured wireless
iii) Use of strong passwords
iv) Off-channel verification

Options:
A) i, ii
B) ii, iii
C) i, ii, iv
D) i, ii, iii, iv

Answer: C) i, ii, iv
Explanation: Encryption (i), secure networks (ii), and off-channel checks (iv) help prevent MITM.

25. A closed-form solution to security works well when:

A) Breaking the system into smaller components

B) Zipping files
C) Using a powerful firewall
D) Using intelligent switches and routers
Answer: A) Breaking the system into smaller components
Explanation: Modular security improves manageability.

26. Computers left intentionally vulnerable to attack are called:

A) Secure systems
B) Operating Systems
C) Honeypots
D) Proxies

Answer: C) Honeypots
Explanation: Honeypots lure attackers for analysis.

27. In an active spoofing attack, the hacker can

i) See all computers on the victim's network

ii) Hack an unsecured document
iii) Guess all TCP/IP sequence numbers
iv) See source/destination nodes and alter packets

Options:
A) i, ii
B) ii, iii
C) i, iv
D) ii, iii, iv

Answer: C) i, iv
Explanation: Active spoofing involves network visibility (i) and packet manipulation (iv).

28. ARP spoofing involves

i) Detecting broadcasts, faking IP, and responding with the hacker's MAC
ii) Deleting the victim's address
iii) Replacing the victim's IP with their host address
iv) Copying the victim's password

Options:
A) i, ii
B) ii, iii, iv
C) i only
D) i, iv
Answer: C) i only
Explanation: ARP spoofing fakes IP-to-MAC mappings (i).

29. In web spoofing, a hacker spoofs

i) The host's router and gateway

ii) Redirects information to a virtual server
iii) Spoofs an IP and acquires a certificate
iv) Freezes the victim's website

Options:
A) i, ii
B) ii, iii
C) i, ii, iii
D) i, ii, iv

Answer: B) ii, iii

Explanation: Web spoofing involves redirection (ii) and fake certificates (iii).

30. In DNS spoofing, the hacker changes the website's IP to:

A) The hacker's computer

B) The victim's computer
C) The victim's MAC address
D) The victim's network proxy server

Answer: A) The hacker's computer

Explanation: DNS spoofing redirects traffic to the attacker's IP.

31. Apsend (a spoofing tool) can perform:

i) SYN flood
ii) UDP flood
iii) Ping attack
iv) Time-to-Live attack

Options:
A) i, ii
B) ii, iii
C) i, ii, iii
D) i, ii, iii, iv
Answer: C) i, ii, iii
Explanation: Apsend can execute SYN, UDP, and ping attacks.

32. Baiting relies mainly on:

A) The skill of the attacker

B) The intensity of spam
C) The curiosity or greed of the victim
D) The effectiveness of the victim's firewall

Answer: C) The curiosity or greed of the victim

Explanation: Baiting exploits human psychology.

34. In a man-in-the-middle attack, the attacker:

A) Attacks centrally placed computers

B) Attacks the victim's hard disk and NIC
C) Eavesdrops, relays, and alters transmitted data
D) Disables all network computers

Answer: C) Eavesdrops, relays, and alters transmitted data

Explanation: MITM involves intercepting and modifying communications.

35. A form of malware that appears legitimate but performs malicious functions is:

A) Eavesdropping
B) Flooding
C) Spamming
D) Trojan horse

Answer: D) Trojan horse

Explanation: Trojans disguise malicious actions as legitimate software.

36. Types of Trojan payloads include:

i) Remote access
ii) Data destruction and security disabler
iii) Downloader
iv) Denial-of-service
Options:
A) i, ii
B) ii, iii
C) i, ii, iii
D) i, ii, iii, iv

Answer: D) i, ii, iii, iv

Explanation: Trojans can perform all these actions.

40. A limitation of network intrusion detection is:

A) Operating the network at high speed

B) Operating the network at slow speed
C) Having too many clients
D) Installing a firewall and antivirus

Answer: A) Operating the network at high speed

Explanation: High-speed networks challenge real-time intrusion detection.

41. Security policy considerations for a website include:

A) Limiting visitor use

B) Administering from the web host console
C) Installing spyware at the admin end
D) Using a reliable network topology

Answer: D) Using a reliable network topology

Explanation: A secure network design is fundamental.

42. Router exploits by hackers include:

i) Port scans to discover open ports

ii) Determining the victim's OS and CPU speed
iii) Modifying TTL and firewall settings
iv) Changing the baud rate of the medium

Options:
A) i, ii
B) ii, iii
C) i, ii, iii
D) i, ii, iii, iv
Answer: C) i, ii, iii
Explanation: Hackers exploit ports (i), OS info (ii), and TTL/firewall changes (iii).

43. A Windows post-installation security method is:

A) Apply all patches and never use blank passwords

B) Disable unused desktop icons
C) Restrict domain server access
D) Disable clients with excessive logon attempts

Answer: A) Apply all patches and never use blank passwords

Explanation: Patching and strong passwords are critical.

44. A DoS attack can be prevented by:

A) Filtering frequent patterns and implementing security policies

B) Sending destructive JavaScript to the attacker
C) Rewriting the computer's URL
D) Using software subversion

Answer: A) Filtering frequent patterns and implementing security policies

Explanation: Proactive filtering and policies mitigate DoS.

46. In connection hijacking:

A) An attacker desynchronizes packets between source and destination

B) An attacker prevents the victim from connecting
C) An attacker destroys the victim's server
D) An attacker forces a shutdown

Answer: A) An attacker desynchronizes packets between source and destination

Explanation: Hijacking disrupts packet flow.

47. In RIP attacks:

A) Attacks destroy the victim's router

B) Attacks change data destinations
C) Attacks disorganize packet sequences
D) Attacks delete routing tables
Answer: D) Attacks delete routing tables
Explanation: RIP attacks corrupt routing information.

48. Important TCP/IP timers for security are:

A) Connection Establishment, WAIT, KEEP ALIVE, FIN, ACK

B) Connection Establishment, ACK, KEEP ALIVE, WAIT, FIN
C) Connection Establishment, KEEP ALIVE, ACK, WAIT, FIN
D) Connection Establishment, FIN WAIT, TIME_WAIT, KEEP ALIVE

Answer: D) Connection Establishment, FIN WAIT, TIME_WAIT, KEEP ALIVE

Explanation: These timers manage connection states securely.

49. TCP/IP vulnerabilities include:

A) RIP routing table attacks

B) UDP header attacks
C) TCP SYN attacks and IP spoofing
D) Trojan and worm attacks

Answer: C) TCP SYN attacks and IP spoofing

Explanation: SYN floods and spoofing exploit TCP/IP weaknesses.

50. IP Security provides:

A) Authentic addresses to MITM victims

B) Virus-free packets to attackers
C) Authentication of message integrity
D) Prevents password decryption

Answer: C) Authentication of message integrity

Explanation: IPsec ensures data integrity and authenticity.