Section A: Multiple Choice Questions (2 marks each):

1. What is the main purpose of a vulnerability assessment?

a) To attack a network
b) To test anti-virus performance
c) To identify weaknesses in a system
d) To change network settings
Answer: c) To identify weaknesses in a system

2. Which of the following is a tool used for NetBIOS enumeration in Windows?

a) Nmap
b) nbtstat
c) Wireshark
d) hping3
Answer: b) nbtstat

3. Which TCP flag is used to initiate a connection?

a) ACK
b) SYN
c) FIN
d) RST
Answer: b) SYN

4. What is the main function of a Blue Team in cybersecurity?

a) Perform offensive testing
b) Create new malware
c) Protect and monitor the system
d) Break into networks
Answer: c) Protect and monitor the system

5. Which protocol operates at the transport layer and is connectionless?

a) TCP
b) ICMP
c) HTTP
d) UDP
Answer: d) UDP

6. What does the acronym WEP stand for?

a) Wired Enterprise Privacy

b) Wireless Encryption Protocol
c) Wired Equivalent Privacy
d) Wireless Equipment Protection
Answer: c) Wired Equivalent Privacy

7. Which port is commonly used by the HTTP protocol?

a) 53
b) 21
c) 443
d) 80
Answer: d) 80

8. What tool is used for capturing and analyzing network traffic?

a) Netstat
b) Wireshark
c) Maltego
d) Zenmap
Answer: b) Wireshark
9. Which scanning method sends ICMP Echo Requests to detect live hosts?
a) Port scan
b) Ping sweep
c) SQL injection
d) ARP poisoning
Answer: b) Ping sweep

10. Which tool is primarily used for DNS enumeration?

a) netstat
b) nslookup
c) ping
d) net use
Answer: b) nslookup

11. What does the "ACK" TCP flag represent?

a) Request for synchronization
b) Terminate connection
c) Acknowledge received data
d) Refuse access
Answer: c) Acknowledge received data

12. Which of the following is NOT considered social engineering?

a) Phishing
b) Piggybacking
c) Port scanning
d) Dumpster diving
Answer: c) Port scanning

13. Which class of IPv4 addresses supports the largest number of hosts?
a) Class A
b) Class B
c) Class C
d) Class D
Answer: a) Class A

14. What does ICMP stand for?

a) Internal Communication Management Protocol
b) Internet Connection Message Protocol
c) Internet Control Message Protocol
d) Internal Command Messaging Process
Answer: c) Internet Control Message Protocol

15. What is the primary goal of footprinting?

a) Encrypt user data
b) Patch vulnerable systems
c) Gather information about a target
d) Format a compromised system
Answer: c) Gather information about a target

16. Which type of malware replicates without attaching itself to a host program?
a) Virus
b) Trojan
c) Worm
d) Ransomware
Answer: c) Worm

17. Which of the following is not a phase of the penetration testing process?
a) Information Gathering
b) Exploitation
c) Data Encryption
d) Reporting
Answer: c) Data Encryption
18. What is the main goal of using HTTrack in reconnaissance?
a) Perform social engineering
b) Mirror a website for analysis
c) Encrypt HTTP data
d) Test server ports
Answer: b) Mirror a website for analysis

19. Which enumeration method would you use to discover usernames on a Linux system?
a) nbtstat
b) who
c) net use
d) ipconfig
Answer: b) who

20. What kind of virus hides inside legitimate-looking programs and creates backdoors?
a) Macro virus
b) Logic bomb
c) Worm
d) Trojan horse
Answer: d) Trojan horse

21. What is ethical hacking?

a) Gaining unauthorized access for personal gain
b) Legal testing of systems to improve security
c) Writing malicious code for hackers
d) Spying on organizations secretly
Answer: b) Legal testing of systems to improve security

22. Which of the following is a difference between ethical and malicious hacking?
a) Both are illegal
b) Ethical hacking steals data; malicious hacking protects it
c) Ethical hacking is legal; malicious hacking is illegal
d) Malicious hacking is used in defense systems
Answer: c) Ethical hacking is legal; malicious hacking is illegal

23. Which of the following is an example of passive footprinting?

a) Port scanning using Nmap
b) WHOIS lookup
c) DNS zone transfer
d) Sending ICMP ping requests
Answer: b) WHOIS lookup

24. Which tool is primarily used for scanning ports and hosts?
a) Microsoft Word
b) Nmap
c) Wireshark
d) Firefox
Answer: b) Nmap

25. What is the main purpose of fping or nping?

a) Capturing video streams
b) ICMP ping sweeps
c) File transfer
d) Malware detection
Answer: b) ICMP ping sweeps

26. What does Hping3 primarily do?

a) Manage cloud accounts
b) Generate phishing emails
c) Craft and send custom packets for testing
d) Analyze SQL queries. Answer: c) Craft and send custom packets for testing
27. What does enumeration in ethical hacking refer to?
A) Blocking unauthorized traffic
B) Hiding system vulnerabilities
C) Extracting detailed system information
D) Encrypting network traffic
Answer: C) Extracting detailed system information

28. Which of the following services can be targeted during enumeration?

A) HTTPS and TLS
B) FTP and SSH
C) NetBIOS and SNMP
D) Excel and PowerPoint
Answer: C) NetBIOS and SNMP

29. What type of hacker works with authorization to test systems?

A) Black Hat
B) Red Hat
C) White Hat
D) Gray Hat
Answer: C) White Hat

30. What does DNS footprinting involve?

A) Checking software versions
B) Gathering information from DNS servers
C) Installing antivirus software
D) Creating new domain names
Answer: B) Gathering information from DNS servers

31. How can attackers use DNS zone transfers?

A) To block DNS requests
B) To hide IP addresses
C) To obtain detailed internal DNS records
D) To encrypt traffic
Answer: C) To obtain detailed internal DNS records

32. What role does ICMP play in host discovery?

A) Detecting software licenses
B) Sending echo requests to locate live hosts
C) Encrypting user passwords
D) Spoofing IP addresses
Answer: B) Sending echo requests to locate live hosts

33. What information can be extracted via a Null session?

A) Antivirus settings
B) Encrypted passwords
C) Usernames and shared folders
D) Installed software licenses
Answer: C) Usernames and shared folders

34. How can NetBIOS enumeration risks be mitigated?

A) Enable anonymous access
B) Disable NetBIOS and use firewall rules
C) Turn off DHCP
D) Use unencrypted protocols
Answer: B) Disable NetBIOS and use firewall rules

35. What is the first step in a vulnerability scan?

A) Exploit the target
B) Identify target systems
C) Bypass authentication
D) Reboot the network
Answer: B) Identify target systems
36. How does a WHOIS lookup support reconnaissance?
A) Returns encrypted data
B) Lists domain registration and contact info
C) Hides DNS entries
D) Launches attacks on the server
Answer: B) Lists domain registration and contact info

37. Which of the following is part of passive footprinting?

A) WHOIS lookup
B) Port scanning
C) DNS zone transfer
D) Banner grabbing
Answer: A) WHOIS lookup

38. What tool would be used to enumerate shared folders and users on a Windows system?
A) Nessus
B) enum4linux
C) Wireshark
D) Nmap
Answer: B) enum4linux

39. What distinguishes a white hat hacker from a black hat hacker?
A. White hat hackers aim to break the law organizations
B. White hat hackers work for criminal
C. White hat hackers operate with legal permission to improve security
D. White hat hackers use phishing only
Answer: C) White hat hackers operate with legal permission to improve security

40. Which of the following best defines footprinting?

A. Scanning ports on a server
B. Performing a brute-force attack
C. Gathering information about a target system or organization
D. Exploiting a known vulnerability
Answer: C) Gathering information about a target system or organization

41. What is the purpose of port scanning?

A. To delete system files
B. To determine open ports and running services
C. To install malware
D. To monitor bandwidth
Answer: B) To determine open ports and running services

42. What is the goal of vulnerability analysis?

A. Block all incoming traffic
B. Increase bandwidth
C. Identify and prioritize system weaknesses
D. Format the hard disk
Answer: C) Identify and prioritize system weaknesses

43. How is web mirroring used in reconnaissance?

A. It floods a server with traffic
B. It copies an entire website for offline analysis
C. It encrypts traffic
D. It brute-forces user accounts
Answer: B) It copies an entire website for offline analysis

44. What makes UDP scanning more challenging than TCP scanning?
A. It uses less bandwidth
B. UDP is easier to detect
C. Many UDP services do not respond, making detection harder
D. UDP scanning is not legal. Answer: C) Many UDP services do not respond, making detection harder
45. Which protocol is primarily used in NetBIOS enumeration?
A. FTP
B. HTTP
C. Port 139
D. Port 443
Answer: C) Port 139

46. Which command is used to list shared resources on a Windows target?

A. ipconfig
B. net view \target
C. nslookup
D. whoami
Answer: B) net view \target

47. Why is it important to use updated vulnerability scanners?

A. They use more colorful interfaces
B. They help detect current known vulnerabilities
C. They are cheaper than old scanners
D. They avoid all network traffic
Answer: B) They help detect current known vulnerabilities

48. How does a ping sweep differ from a regular ping?

A. It pings a single host only
B. It scans multiple IPs to identify live hosts
C. It checks for malware
D. It monitors open ports
Answer: B) It scans multiple IPs to identify live hosts

49. How might an attacker use company websites during footprinting?

A. To crash them
B. To gain access to databases
C. To gather employee info, emails, and structure
D. To bypass firewalls
Answer: C) To gather employee info, emails, and structure

50. During a full penetration test, which of the following sequences correctly reflects the standard methodology?
A. Enumeration → Vulnerability Scanning → Footprinting
B. Exploitation → Scanning → Reporting
C. Legal Planning → Port Scanning → Reporting
D. Legal Planning → Footprinting → Scanning → Enumeration → Vulnerability Analysis
Answer: D) Legal Planning → Footprinting → Scanning → Enumeration → Vulnerability Analysis

51. Which hacker type often breaks into systems to expose vulnerabilities publicly but without authorization?
A. Script Kiddie
B. White Hat
C. Gray Hat
D. Red Hat
Answer: C) Gray Hat

52. Which SMB enumeration technique is still effective even after disabling NetBIOS over TCP/IP?
A. Using nbtstat
B. Parsing NetBIOS broadcast traffic
C. Windows RPC dump
D. Connecting via SMBv2 to exploit anonymous access policies
Answer: D. Connecting via SMBv2 to exploit anonymous access policies
53. A password strength estimator evaluates a password with the following characteristics: "password123" Which of the
following techniques would most improve the password's strength, according to best practices?
a) Increasing the password length to 16 characters and using a dictionary word
b) Using only uppercase letters and adding digits in random positions
c) Replacing dictionary words with similar-looking symbols and adding spaces
d) Adding special characters, mixing case sensitivity, and using random words
Answer: d) Adding special characters, mixing case sensitivity, and using random words

54. When implementing password policies for strong passwords in an enterprise environment, which of the following is the most
important consideration when determining a password length?
a) Longer passwords reduce the impact of rainbow table attacks
b) Passwords longer than 16 characters do not significantly improve security
c) Password length should be balanced with user convenience to avoid fatigue
d) Users will always create strong passwords if they are at least 12 characters long
Answer: a) Longer passwords reduce the impact of rainbow table attacks

55. Which of the following is the most effective method to test the strength of user passwords in an enterprise system while
ensuring compliance with security policies and reducing the chances of password guessing attacks?
a) Deploying a dictionary-based attack on encrypted password hashes
b) Allowing users to create their own passwords with no minimum length requirement
c) Using a password strength meter that assesses the complexity of passwords during creation and suggests improvements
d) Enforcing periodic password changes every 30 days
Answer: c) Using a password strength meter that assesses the complexity of passwords during creation and suggests
improvements