ETHICAL HACKING

ASSIGNMENT 1

In which of the following penetration testing models, no information about the network is given
to the tester?
a. White box model.
b. Black box model.
c. Gray box model.
d. Red box model.

Correct Answer: b

Which of the following statement(s) is/are true for a circuit switched network?
a. A communication link may be shared by more than connection.
b. A communication link is dedicated to a connection and cannot be shared with other
connections.
c. The packet transfer delay between a pair of nodes may depend on the prevailing network
traffic.
d. It is more efficient for bursty traffic.

Correct Answer: b
Which of the following statement(s) is/are false for virtual circuit based packet transfer
approach?
a. It is a connection-oriented approach, where a route is established priori to transfer of
packets.
b. The intermediate node can perform dynamic routing.
c. All the packets reach in order to the destination.
d. It is a true packet switched network.

Correct Answer: b, d

A packet of size 2000 bytes is sent over a 50 kilo-bits-per-second (Kbps) point-to-point link
whose propagation delay is 5 msec. The packet will reach the destination after ________ msec.
(Assume 1K = 1000)
Correct Answer: 323 to 327
Which of the following OSI layers is responsible for end-to-end reliable data transfer?
a. Physical layer
b. Transport layer
c. Network layer
d. Datalink layer

Correct Answer: b

Which of the following statement(s) is/are true for the IP address?

a. It uniquely identifies a network interface of a computer system.
b. It uniquely identifies a host in the network.
c. It indicates how many hardware ports are there in the computer system.
d. None of these.
Correct Answer: b

How many bits are used for IP address (in IPv4) and port number respectively?
a. 32, 8
b. 32, 16
c. 128, 8
d. 128, 16
Correct Answer: b

Which of the following is not a valid port numbers in TCP/IP?

a. 21
b. 80
c. 443
d. 8080
e. 80800
Correct Answer: e

If the IP header is 224 bits long, what will be the value of the “HLEN” field (in decimal) ______?
Correct Answer: 7

The minimum size of IP header required in an IP datagram is ________ bytes.

Correct Answer: 20
ASSIGNMENT 2

Which of the following statement(s) is/are true for transparent fragmentation?

a. The subsequent networks are aware that the fragmentation has occurred.
b. It is required to route all packet to the same exit router in a network.
c. Each fragment is treated as an independent packet.
d. All fragmented packets are reassembled by host system.
e. All fragmented packets are reassembled by the exit router.

Correct Answer: b, e

For reassembling the fragmented packets at the final destination, which of the following header
field(s) is(are) used by IP?
a. Fragment offset.
b. Flags.
c. Header checksum.
d. HLEN.
e. Identification.

Correct Answer: a, b, e

An IP packet arrives at the final destination with the D flag set as 1. Which of the following
statement is true about the packet?
a. The packet has not been fragmented.
b. The packet has been fragmented and it is the first fragment.
c. The packet has been fragmented and it is the last fragment.
d. None of these.

Correct Answer: a

In an IP packet, the value of HLEN is 8, and the total size of IP packet is 1500 bytes. The number
of data bytes in the packet will be ________.
Correct Answer: 1466 to 1470

Which of the following statement(s) is/are false for IP addressing?

a. Each host connected to the Internet is defined by an IP address.
b. IP address consist of two parts: network number and host number.
c. When a packet is routed to the destination network, only the network number is used.
d. None of these.
Correct Answer: d

Which address classes do the IP addresses 10.16.75.12 and 192.10.85.120 belong to?
a. Class A and Class B
b. Class B and Class C
c. Class C and Class D
d. Class A and Class C

Correct Answer: d

Which of the following IP addresses does not represent broadcast address?

a. 10.0.0.255
b. 10.255.255.255
c. 144.16.255.255
d. 173.16.0.255
e. 192.168.5.255
f. 192.168.255.0

Correct Answer: a, d, f

Which of the following statement(s) is/are false for flag bits in TCP header?
a. SYN=1 and ACK=0 represents a connection request message.
b. SYN=1 and ACK=1 represents a connection confirmation message.
c. RST bit is used to reset/reject connection request.
d. None of these.

Correct Answer: d

What is the subnet address if the destination IP address is 144.16.34.124 and the subnet mask is
255.255.242.0?
a. 144.16.32.0
b. 144.16.34.0
c. 144.16.34.255
d. 144.16.242.255

Correct Answer: b

An organization is allotted an address block with beginning address as: 144.16.192.24/29 in CIDR
notation. What will be the address range for that block?
a. 144.16.192.0 to 144.16.192.8
b. 144.16.192.8 to 144.16.192.16
c. 144.16.192.16 to 144.16.192.24
d. 144.16.192.24 to 144.16.192.31

Correct Answer: d

ASSIGNMENT 3
Which of the following statement(s) is/are false.
a. IP protocol uses connection-oriented routing.
b. IP protocol uses connection-less routing.
c. In connection-less routing, each packet is treated as an independent packet.
d. None of these.
Correct Answer: a

Which of the following is/are false for direct and indirect packet delivery option?
a. Direct delivery occurs when the destination host and deliverer are present on same network.
b. Indirect delivery occurs when the destination host and deliverer are not present on same
network.
c. In direct delivery, hosts of same network can exchange packets without interference of
router.
d. In an indirect delivery, the packet goes from router to router until it reaches the one
connected to the same physical network as its final destination.
e. None of these.

Correct Answer: e

Which of the following is/are true for dynamic routing?

a. Routes are user defined.
b. Routing table updates periodically depending on the network condition.
c. Routers consume bandwidth for communicating with each other.
d. Failure of the link can be resolved easily (re-routing is easy).
e. None of these.

Correct Answer: b, c, d
Which of the following routing flags can indicate route to a single host (and not to a network) in
the routing table?
a. U
b. G
c. H
d. D
e. M

Correct Answer: c

Which of the following statement (s) is/are false for default route?
a. It is used when no specific address for next hop is available.
b. It is specified by an address 0.0.0.0.
c. It is specified by an address 127.0.0.1.
d. None of these.

Correct Answer: c

Which of the following statement(s) is/are true for Routing Information Protocol (RIP)?
a. RIP is an example of interior routing protocol.
b. RIP maintains timers to detect failed links.
c. RIP suffers from counting to infinity problem.
d. RIP allows faster convergence for larger network.
e. None of these.

Correct Answer: a, b , c

In Open Shortest Path First (OSPF) routing approach, which of the following packets is used to
check if the neighbor router is up or not?
a. Link State Request.
b. Link Request Update.
c. Link State Acknowledgement.
d. TCP 3-way handshake.
e. None of these.

Correct Answer: e

Which of the following is true for IPv6?

a. IPv6 address does not have any defined classes.
b. It uses 128-bit IP addresses.
c. Base header size is 20 byte.
d. IPv6 is connection oriented.
e. All of these.

Correct Answer: a, b

If a packet is to be delivered to all the host in a network, what kind of address should be used to
specify the destination?
a. Unicast address.
b. Broadcast address.
c. Anycast address.
d. None of these.
Correct Answer: b

ASSIGNMENT 4

Which of the following statement(s) is/are true?

a. Hypervisor allows one host system to support multiple virtual machines by sharing the resources.
b. Hypervisor allows one host system to support multiple virtual machines; however, it does not
allow resource sharing.
c. Kali-linux is a Debian-based Linux distribution that has collection of tools that are useful for
penetration testing.
d. Kali-linux is a hack-proof secured operating system.
e. None of these.

Correct Answer: a, c

Which of the following statement(s) is/are true about “Active Reconnaissance”?

a. Information about the target is collected indirectly.
b. Information about the target is collected directly.
c. There is a chance of detection.
d. There is no chance of detection.

Correct Answer: b, c
Which of the following information cannot be retrieved using Whois database lookup?
a. Registration details
b. Name Servers.
c. IP Address
d. History of the website.
e. None of these.

Correct Answer: d

What is the main objective of port scan?

a. Identification of live hosts.
b. Identification of services running in the target system.
c. Identification of the operating system of the target systems.
d. None of these.

Correct Answer: b

Which of the following statement(s) is/are true for host discovery using ICMP ECHO sweep?
a. For ICMP ECHO sweep; -PP option is used.
b. The attacker sends out an ICMP ECHO request packet to the target, and waits for an ICMP ECHO
reply response.
c. If the attacker does not receive an ICMP ECHO reply then the host is considered as down.
d. If the attacker does not receive an ICMP ECHO reply then the host is considered as live.

Correct Answer: b, c

Which of the following options are used for host discovery using TCP and UDP sweep respectively?
a. PE, PA
b. PP, PU
c. PM, PA
d. PA, PU

Correct Answer: d

Which of the following option is used for OS detection?

a. PO
b. Os
c. O
d. sO
e. None of these.
Correct Answer: c
How many ports are scanned in NMAP for a target system if we use –F option ________?
Correct Answer: 100

If we want to disable host discovery in port scanning, then which of the following options
can be used?
a. F
b. p
c. Pn
d. sn
e. We cannot disable host discovery.

Correct Answer: c

Which of the following can be used to reconnaissance countermeasures?

a. Do not release critical info in public.
b. Encrypt password and sensitive information
c. Restrict zone transfer.
d. Examine logs periodically.
e. Use firewalls.
Correct Answer: a, b, c, d, e

Assignment- Week 5

Which of the following NMAP options can be used to run some of the nmap scripts?
a. PE
b. PU
c. A
d. O
e. sC

Correct Answer: c, e

Which of the following NMAP scripts is used to perform DoS attack?

a. ssh-brute
b. smb-os-discovery
c. smb-brute
d. http-dos-attack
e. None of these

Correct Answer: e
Which of the following tools/software can be used for scanning vulnerabilities?
a. Nessus
b. Hydra
c. crunch
d. hascat
e. NMAP

Correct Answer: a, e

Which of the following tools can be used to create a dictionary for dictionary-based
password attack?
a. Hydra
b. Crunch
c. SQLMAP
d. None of these.

Correct Answer: b

Consider the following statements:

(i) User enumeration refers to collecting details of users and their privileges.
(ii) Hydra and Crunch tool can be used for user enumeration.

a. Only (i) is true.

b. Only (ii) is true.
c. Both (i) and (ii) are true.
d. Both (i) and (ii) are false.
Correct Answer: a

Assume that we want to connect to a target system (10.0.0.1) through ssh service, the
username and password are “user” and “pwd” respectively. Which of the following
commands can be used to create a ssh connection?
a. ssh 10.0.0.1 –l user -p pwd
b. ssh 10.0.0.1 -l user
c. ssh 10.0.0.1@user
d. None of these

Correct Answer: b, c

How many words will be generate by crunch tool if we use the crunch command as “crunch
1 2 0123456789” ?
Correct Answer: 110
Which of the following can be used for gaining same level privilege as the existing one?
a. Vertical privilege escalation.
b. Horizontal privilege escalation.
c. Diagonal privilege escalation.
d. Triangular privilege escalation.
e. None of these.

Correct Answer: b

Which of the following tools can be used for user enumeration?

a. Hydra
b. Crunch
c. Enum4linux
d. None of these.

Correct Answer: c

To download any file from the target system that is connected through FTP connection,
which of the following commands can be used?
a. put
b. get
c. upload
d. download
Correct Answer: b

Which of the following statement(s) is/are false?

a. Malware are malicious software that damages or disables computer systems and gives
limited or full control to the malware creator for the purpose of theft or fraud.
b. Malware can get inside systems through file sharing or fake programs.
c. Malwares can alter, corrupt, modify or delete some data/files.
d. None of these.

Correct Answer: d

Which of the following commands is used to delete an ARP entry?

a. arp -l
b. arp -s
c. arp -i
d. arp –e
e. None of these

Correct Answer: e
 Assignment- Week 6

Which of the following statements is true for Masquerade attack?

a. In this attack, some portion of message is altered on its way.
b. In this attack, an attacker prevents access of resource to its legitimate users.
c. In this attack, the attacker pretends as a legitimate entity.
d. In this attack, the attacker analyzes the network traffic.

Correct Answer: c

Which of the following is an example of passive security attack?

a. Traffic analysis
b. Replay
c. Modification
d. Denial of Service
e. None of these

Correct Answer: a

Which of the following statement(s) is/are true?

a. In symmetric key cryptography, separate keys are used by sender and receiver.
b. In symmetric key cryptography, a single key is used by sender and receiver.
c. In asymmetric key cryptography, separate keys are used by sender and receiver.
d. In asymmetric key cryptography, a single key is used by sender and receiver.

Correct Answer: b, c

Consider the following statement:

(i) In symmetric key cryptography, the security depends on secrecy of the key.
(ii) In symmetric key cryptography, the security depends on the secrecy of the
encryption/decryption algorithm.
a. Only (i) is true
b. Only (ii) is true
c. Both (i) and (ii) are true.
d. Both (i) and (ii) are false.

Correct Answer: a

25 parties want to exchange messages securely using a private key encryption algorithm. The
number of distinct key values required will be _________.
Correct Answer: 300

Consider a cipher text “GVCTXSKVETLC” encrypted using a substitution cipher approach,

where each letter is replaced by the k-th next letter.
Assumption:
(i) The alphabets are wrapped around, i.e. Z is followed by A.
(ii) Each alphabet (A to Z) is assigned a number (1 to 26).
(iii) The value of secret key k is 4.
What will be the plain text?
a. HAPPYNEWYEAR
b. CRYPTOGRAPHY
c. SECURENETWOR
d. CRYPTOGRAPHIC
e. None of these.

Correct Answer: b

Consider a mono-alphabetic cipher with the following key value:

(A B W X E F S T I J O P M N K L Q R G H U V C D Y Z)
What will be the encrypted form of the message “ALPHABETIC” ?
a. APLTABEHIW
b. ALPHABETIC
c. WXLTABEHIC
d. None of these.

Correct Answer: a

If a sender A wants to carry out encryption on a message and send it to receiver B using
public-key cryptography. Which of the following key will be used for decryption at receiver
end B?
a. A’s public key
b. A’s private key
c. B’s public key
d. B’s private key

Correct Answer: d

The effective key length use in AES encryption algorithm can be:
a. 64 bit
b. 128 bit
c. 192 bit
d. 256 bit
e. 513 bit.
Correct Answer: b, c, d

50 parties want to exchange messages securely using some public key encryption technique
like RSA. The number of distinct key values required will be __________.
Correct Answer: 100
Assignment- Week 7

Consider a hash function H that generates hash values h1 and h2, when fed with messages
m1 and m2 respectively. Which of the following options can never be true?
a. h1 and h2 are equal, but m1 and m2 are unequal.
b. m1 and m2 are equal, but h1 and h2 are unequal.
c. None of these.

Correct Answer: b

What is meant by collision in the context of hashing?

a. More than one different messages can generate the same hash value.
b. After encryption, the ciphertexts corresponding to two or more plaintexts are the same.
c. The hash function generates the all zero string as the hash value.
d. None of these.

Correct Answer: a

Which of the following does not correspond to the first preimage resistance in the context of
hash functions?
a. It is difficult to find a message M such that HASH(M) = H, except for a few hash values H.
b. Given a message M1, it is difficult to find another message M2 such that HASH(M1) =
HASH(M2).
c. It is difficult to find two messages M1 and M2 such that HASH(M1) and HASH(M2) and
unequal.
d. None of these.

Correct Answer: b, c

Which of the following is/are false for Unkeyed hash function (Modification Detection
Code)?
a. Unkeyed hash function is used to preserve integrity of message.
b. Unkeyed hash function is used to authenticate source of message.
c. Unkeyed hash function produces an output that depends only on the input data.
d. None of these.

Correct Answer: b

Which of the following statement(s) is/are true?

a. Hashing realizes a one-to-one mapping.

b. Encryption realizes a one-to-one mapping.
c. Hashing realizes a many-to-one mapping.
d. Encryption realizes a many-to-one mapping.
Correct Answer: b, c
Which of the following are hash functions?
a. MD5
b. Triple-DES
c. SHA-1
d. AES
Correct Answer: a, c

Hash functions are slower as compared to symmetric and public key encryption.
a. True
b. False
Correct Answer: b

What are the block size and key size of the DES algorithm?
a. 64 bits, 56 bits
b. 56 bits, 64 bits
c. 64 bits, 64 bits
d. 64 bits, 128 bits
Correct Answer: a

Which of the following is/are true for digital signature?

a. Digital signature is legally equivalent to hand-written signature.
b. In digital signature, signer uses his public key to sign.
c. Anybody having access to the signer’s public key can verify the signature.
d. None of these.

Correct Answer: a, c

The SSL record protocol is responsible for

a. High-speed data transmission
b. Data authentication
c. Non repudiation
d. None of these

Correct Answer: d
Assignment- Week 8

Which of the following is/are examples of steganography?

a. Hiding some text information within an image file.
b. Hiding some text information within an audio clip.
c. Hiding some secret information within an executable file.
d. Encrypting an image file so that only the intended recipient can view it.

Correct Answer: a, b, c

Consider a gray-level image of size 100 x 100, where each pixel is stored in 8-bits
(representing a gray scale). The number of bytes of information can be hidden in the image
by using LSB steganography technique is _________.
Correct Answer: 1240 to 1260

Which of the following correspond to behavioral biometrics?

a. Biometrics that relate to human behavior.
b. Biometrics that relate to human body.
c. Biometrics that rely on the use of a powerful computer system.
d. None of these
Correct Answer: a

Which of the following is/are example(s) of physiological feature?

a. Retina
b. Fingerprint
c. Signature
d. Typing speed
e. None of these
Correct Answer: a, b

Which of the following attacks refer to the situation where an attacker gains entry into the
victim machine (or spoofs the IP address) and then sends a ping request to a broadcast
address?
a. SYN flooding attack.
b. Smurf denial-of-service attack.
c. DNS spoofing attack.
d. None of these.
Correct Answer: b

Which of the following is not an example of denial-of-service attacks?

a. SYN flooding attack.
b. Smurf attack.
c. Ping-of-death.
d. None of these.
Correct Answer: d
Which of the following is true for iterative name resolution?
a. A host may have to send multiple DNS requests to several DNS servers.
b. A host sends a single DNS request to its next higher-level DNS server.
c. Name resolution happens recursively within the host itself.
d. None of these.

Correct Answer: a

Which of the following statement(s) is/are false for HTTP Flood attack?
a. It is exclusively a type of Distributed-Denial-of-Service (DDoS) attack.
b. It overwhelms a target server using oversized ping packets.
c. It overwhelms a target server with HTTP request.
d. None of these.

Correct Answer: b

What is the full form of PGP?

a. Packet Group Protocol
b. Port Group Protocol
c. Pretty Good Privacy
d. None of these.

Correct Answer: c

Which of the following services are provided by PGP?

a. It provides authentication.
b. It provides confidentiality.
c. It ensures availability.
d. None of these.
Correct Answer: a, b
Assignment Solution- Week 9

Which of the following protocols is/are vulnerable to sniffing attack?

a. HTTP
b. Telnet
c. HTTPS
d. SSL
e. None of these.

Correct Answer: a, b

In Wireshark, which filter will show only packets for the IP address of 192.168.1.100?
a. ip == 192.168.1.100
b. ip.addr == 192.168.1.100
c. ip.address = 192.168.1.100
d. src == 192.168.1.100.
e. None of these.

Correct Answer: b

Consider the following statements.

(i) Burp suite can be used for sniffing.
(ii) Using Burp suite we can perform password attack on web applications.
a. Only (i) is true.
b. Only (ii) is true.
c. Both (i) and (ii) are true.
d. Both (i) and (ii) are false.

Correct Answer: c

What is the purpose of repeater module available in burp suite?

a. It is used to mount password attack.
b. It is used for manipulating and reissuing packets and to analyze their response.
c. It is used for creating dictionary.
d. It is used for auto crawling web applications.
e. None of these.

Correct Answer: b

In Burp suite which of the following modules is used for auto crawling of webpages.
a. Spider
b. Scanner
c. Intruder
d. Proxy
e. None of these.
Correct Answer: a
Which of the following approach(es) can protect against sniffing?
a. Permanently add the MAC address of gateway to ARP cache.
b. Use unencrypted session such as telnet, ftp.
c. Restrict physical access to the network media.
d. Use static IP addresses and static ARP tables.
e. None of these.

Correct Answer: a, c, d

Which of the following tools can be used for social engineering attack?
a. Dnsenum
b. Hydra
c. Crunch
d. SEToolkit
e. Arpspoof

Correct Answer: d

Which of the following is/are example(s) of human-based social engineering attack?

a. Impersonation
b. Piggybacking
c. Shoulder surfing
d. Chain letters
e. Phishing
f. Pop-up Windows

Correct Answer: a, b, c

How does Slowloris attack work?

a. It sends a single large ping packet to victim system.
b. It sends large number ARP packet to the victim system
c. It sends large number of ICMP packets.
d. None of these.
Correct Answer: d

For mounting DoS attack using hping3 tool how many packets will be send per second if we
use --faster option?
a. 10
b. 100
c. 1000
d. 10000

Correct Answer: b
Assignment- Week 10

Which of the following can be used as countermeasures to prevent hardware-based attacks?

a. Encrypt data stored in register and buses.
b. Add dummy circuit to generate random noise.
c. Provide authentication using PUF.
d. Use secure cryptographic algorithm

Correct Answer: a, b, c

Which of the following statement(s) is/are false for side channel attacks?
a. They exploit some weakness in the algorithm.
b. They exploit some weakness in the implementation of the algorithm.
c. They require physical access to the device.
d. They only require the set of inputs/outputs to the algorithm.

Correct Answer: a, d

Which of the following is/are typically exploited in side-channel attacks?

a. Electromagnetic emissions.
b. Timing analysis of an operation.
c. Space complexity of an algorithm.
d. Power consumed during computation.
e. All of these.

Correct Answer: a, b, d

For modular exponentiation computation of x13, how many squaring and multiplication
operations would be required?
a. 3 and 2.
b. 3 and 3.
c. 3 and 4.
d. 4 and 2.

Correct Answer: a
What does power analysis do?
a. It measures variation in power consumption during a computation.
b. It attacks the power supply and feeds new power supply to the circuit.
c. It relies on the use of a hardware Trojan in the circuit.
d. All of these.

Correct Answer: a

Which of the following statements describes the unclonable property of PUF?

a. Given a PUF, it is hard to construct a procedure PUF’, where PUF ≠ PUF’, and PUF’(x) = PUF(x)
for all x.
b. Given only y and corresponding PUF instance, it is hard to find x such that PUF(x) = y.
c. Given PUF and x, it should be easy to evaluate y = PUF(x).
d. None of these.

Correct Answer: a

Which of the following is/are applications of PUF?

a. Identification.
b. Key generation.
c. Side channel analysis.
d. Power analysis.
e. None of these.
Correct Answer: a, b

Consider the following statements:

(i) Hardware Trojans are small modifications in the circuit.
(ii) Hardware Trojans can be used for defensive purpose.
a. Only (i) is true.
b. Only (ii) is true.
c. Both (i) and (ii) are true.
d. Both (i) and (ii) are false.
Correct Answer: c

In which of the following lifecycle stage(s) of an IC, insertion of the Hardware Trojan is not
possible?
a. Specification.
b. Deployment.
c. Fabrication.
d. None of these.
Correct Answer: a, b
Which of the following statement(s) is/are true about Hardware Trojan?
a. It cannot replicate itself.
b. It is difficult to detect.
c. It does nothing harmful to the user’s computer system.
d. None of these.

Correct Answer: a, b

Assignment Solution- Week 11

Which of the following command is used to launch Metasploit framework?

a. msfconsole
b. msfvenum
c. Metasploit
d. None of these.

Correct Answer: a

In Metasploit to check the compatible target (OS) for any exploit, which of the following
command (option) is used?
a. Show targets
b. Set payloads
c. Set targets
d. Show payloads
e. None of these.

Correct Answer: a

We can execute basic commands and tools inside Metasploit console.

a. True
b. False

Correct Answer: a
Which of the following commands can be used to get an administrative privilege in Metasploit
framework?
a. getsystem
b. hashdump
c. getuser
d. msfvenum

Correct Answer: a

Which of the following tools uses brute-force attack to extract existing and hidden pages of a
webserver?
a. DIRB
b. SQL MAP
c. Hydra
d. Crunch
e. None of these
Correct Answer: a

If a web page is vulnerable to blind sql injection attack, then which of the following is true?
a. It will print error message for an incorrect user input.
b. It will not print anything for an incorrect user input.

Correct Answer: b

Which of the following SQLMAP options is used to list all users along with hashed password?
a. - - users
b. - - passwords
c. - - user-pass
d. - - user-privileges

Correct Answer: b

Which of the following statement(s) is/are true for stored XXS?

a. It is stored in the database of web application.
b. It affects all users of that web application.
c. It affects only a single client of the web application.
d. None of these.

Correct Answer: a, b
Assignment- Week 12

Which of the following can be done with the help of NMAP tool?
a. Determine the live host.
b. Determine the services running on any target system.
c. Determine the OS of the target systems.
d. Identify the vulnerabilities of the target system.
Correct Answer: a, b, c, d

Which of the following options cannot be used for host discovery using NMAP?
a. –PE
b. –PC
c. –PM
d. –PP
Correct Answer: b

In ICMP (ECHO) sweep scan, a scanner sends an ICMP type-8 packet and receives an ICMP type-
0 packet from target. What does it indicate?
a. Target is alive/up.
b. Target is down.
Correct Answer: a

Which of the following NMAP options can be used for TCP sweep scan?
a. –PE
b. –PP
c. –PM
d. None of these.
Correct Answer: d

To see why NMAP is reporting any port as open or close (or a host as up or down) which of the
following options is used?
a. --disable-arp-ping
b. --packet-trace
c. --show-reason
d. None of these.

Correct Answer: d
Which of the following sweep scans are automatically done when we use –sn option.
a. ICMP Echo
b. ICMP Non-Echo
c. TCP Sweep
d. UDP Sweep
Correct Answer: a, b, c

The number of host (IP) scanned by NMAP command “nmap –sL 192.168.62.40-50” will be
_________.
Correct Answer: 11

In NMAP by default, _________ number of ports are scanned.

Correct Answer: 1000

Which of the following NMAP options treats all hosts as online (skip host discovery)?
a. –sP
b. –PO
c. –sU
d. –Pn
Correct Answer: d

Which of the following NMAP options is used for Service and Version detection?
a. –sL
b. –sP
c. –PO
d. –sU
e. None of these.
Correct Answer: e