Вы находитесь на странице: 1из 25

Basic Networking - Cyber Security - Ethical Hacking

A. Basic Networking
1. What is Computer Networking?
It is the process of creating and using wired or wireless networks for exchanging information, ideas, files and other
electronic communication.

2. Type of computer network

a) Peer to Peer
b) Server Based
c) Hybrid

1. What is backbone network?

A backbone network is a centralized infrastructure that is designed to distribute different routes and data to various
networks. It also handles management of bandwidth and various channels.

2. Difference between Dial-up and broad band network

A dial-up is a connection that is established using a modem. To make the dial-up connection the modem must be
connected to an active phone line that is not in use. When connecting the modem will pick up the phone and dial a
number that is attached to another computer. After the connection has been made the computer can check e-mail,
browse the Internet, and share files.

Alternatively referred to as high-speed Internet or wideband transmission, broadband (bb) is telecommunications

that provide a variety of channels of data over a single communication medium (wire). Today, there are a wide
variety of broadband technologies available in most areas, below is a short listing of some of these services and
companies that provide it. Keep in mind, the examples of carriers all depend on where you are in the world.

3. What is VPN?
VPN means Virtual Private Network, a technology that allows a secure tunnel to be created across a network such as
the Internet. For example, VPNs allow you to establish a secure dial-up connection to a remote server.

4. Ethernet & Types of Ethernet

Ethernet is the most popular physical layer LAN technology in use today. Ethernet is an arrangement of networking
technologies and systems used in local area networks (LAN), where computers are connected within a primary
physical space. Systems using Ethernet communication divide data streams into packets, which are known as frames.
Frames include source and destination address information, as well as mechanisms used to detect errors in
transmitted data and retransmission requests.

Ethernet is popular because it strikes a good balance between speed, cost and ease of installation. These benefits,
combined with wide acceptance in the computer marketplace and the ability to support virtually all popular network
protocols, make Ethernet an ideal networking technology for most computer users today.

5. Collision Domain & Broadcast Domain

collision domain refers to a network scenario wherein one device sends a frame out on a physical network
segment forcing every other device on the same segment to pay attention to it. Think of a collision event as a
situation where each device’s digital signals totally interfere with one another on the wire. The hosts connected to
each hub are in the same collision domain, so if one of them transmits, all the others must take the time to listen for
and read the digital signal. Switch or Hub is the device for the Collision Domain.
broadcast domain refers to a group of devices on a specific network segment that hear all the broadcasts sent out on
that specific network segment. But even though a broadcast domain is usually a boundary delimited by physical
media like switches and routers, it can also refer to a logical division of a network segment, where all hosts can
communicate via a Data Link layer, hardware address broadcast. Switches break up collision domains with each port,
which is awesome, but they’re still only one broadcast domain by default! It’s also one more reason why it’s
extremely important to design our networks very carefully. A router creates broadcast domain boundaries.

Carrier Sense Multiple Access with Collision Detection (CSMA/CD) is the LAN access method used in Ethernet. When
a device wants to gain access to the network, it checks to see if the network is free. If the network is not free, the
device waits a random amount of time before retrying. If the network is free and two devices access the line at
exactly the same time, their signals collide. When the collision is detected, they both back off and wait a random
amount of time before retrying. Only switches and routers can affectively prevent a transmission from propagating
throughout the entire network!

7. Briefly describe NAT.

NAT is Network Address Translation. This is a protocol that provides a way for multiple computers on a common
network to share single connection to the Internet.

8. What does Protocol mean?

Protocol is defined as the rules that connect two or more devices to transfer the information from one device to
another. It helps to know how data is being transferred from one network to another network for communication.

9. What is OSI reference model?

OSI is a reference model that tells how information and data are communicated over a network. It is a conceptual
framework that understands the relationships of transmission.

10. What are the different layers of OSI model?

Basically, there are 7 layers of OSI model. Each layer has its own functionality in the OSI model.
They are:
Layer 1 – Physical
Layer 2 – Data Link Layer
Layer 3 – Network
Layer 4 – Transport
Layer 5 – Session
Layer 6 – Presentation
Layer 7- Application

11. What is a Switch and why we are using Switches?

Switch is used to receive the signal to create a frame. It forwards the packets between various LAN segments. It
supports packet control when the data is sent to Data Link layer or Network layer of the OSI model. While sending
packets, a signal gets enabled and gets accessed by reading the destination address and forwards the frame to
appropriate frame, hence we use switches.

12. What are Routers?

Routing is the process to find the path on which the information or data can pass from the source to its destination.
The device by which routing is done is called Routers.

13. What is the difference between Switch, Routers, and Hub?

Switch is used to receive the signal to create a frame. It forwards the packets between various LAN segments. It is
the platform for packet control when the data is sent at a Data Link layer or Network layer of the OSI model. It
supports single broadcast domain and multiple collision domains.
Routers is a networking gateway device that is used to forward data packets to the computer networks. A router is
connected by at least a single LAN with its IP address or with LAN or WAN. A router supports two broadcast domains.
Hub, if anything comes in its port then it sends it out to the others. It is less expensive and least complicated. It has a
single collision domain and single broadcast domain.

14. What is Half duplex and Full duplex?

 In half-duplex, transmission of information or communication is from one direction only.
Example: Walkie-talkie
 In full duplex, transmission of information or communication is from both the directions.
Example: Talking on the telephone.

15. What is the difference between LAN, MAN, and WAN?

LAN, It is a local area network where computers and network devices are connected with each other, usually within
the same area or building. Connections in LAN must be of high speed.
Example: Ethernet
It is metropolitan area network where the networks are connected widely within several buildings in the same city.
Example: The IUB Network
It is a wide area network where the networks are limited to one enterprise or organization and can be accessed by
the public. It connects several LANs. Connection in WAN is high speed and expensive too.
Example: Internet.

16. Define IPv4 Address?

Internet Protocol (IP Address) is a 32-bits to 128-bits identifier for a device on TCP/IP protocol. IP address of a device
must be uniquely defined for communication.
It has 2 principal functions which include host and location address. And it has two versions which are IPv4 (32-bits)
and IPv6 (128-bits).

17. Define IPv6 Address

An Ipv6 address uses 128 bits as opposed to 32 bits in IPv4. IPv6 addresses are written using hexadecimal, as
opposed to dotted decimal in IPv4. Because an hexadecimal number uses 4 bits this means that an IPv6 address
consists of 32 hexadecimal numbers. These numbers are grouped in 4’s giving 8 groups or blocks. The groups are
written with a : (colon) as a separator.

18. What is the difference between static IP addressing and dynamic IP addressing?
Static IP addresses are reserved and they don't change over time while dynamic IP addresses can be changed each
time you connect to the internet. Static IP addresses are given manually while dynamic IP addresses are provided by
DHCP server.

19. In how many ways can data be transferred in CCNA?

Ans: Data can be transferred in 3 ways:
 Simplex
 Half-duplex
 Full-duplex

20. What is the difference between Unicast, Multicast, Broadcast, and Anycast?
Unicast: It is the exchange of messages between a single source and a single destination. In Unicast, while sending
packets from a sender, it contains data address of the receiver so that it can go there directly.
Broadcast: It is the exchange of messages between one sender to possible multiple receivers. It works only on a local
network. Broadcasting of data can’t be done on the public internet due to a massive amount of unrelated and
unnecessary data.
Multicast: It is the exchange of messages between one sender and multiple receivers. In multicast, the network
settings determine your receiving clients and sort of broadcasting.
Anycast: It is the exchange of messages between one host to another host. It uses TCP and UDP protocol. Copy of
each data packet goes to every host that requests it.

21. What is NIC?

NIC is short for Network Interface Card. This is a peripheral card that is attached to a PC in order to connect to a
network. Every NIC has its own MAC address that identifies the PC on the network.

22. What are the different types of network in CCNA?

There are two types of network:
 Server-based network
 Peer-to-Peer network

23. What is a Network subnet?

Ans: It is the subdivision of an IP address which is divided into two parts such as the network prefix and the host

24. Subnetting Chart

10000000 128
11000000 192 64
11100000 224 32
11110000 240 16
11111000 248 8
11111100 252 4
11111110 254 2
11111111 255 1

25. Class -C , CIDR Chart

/24 = 28 =254
/25 = 27 =126
/26 = 26 =62
/27 = 25 =30
/28 = 24 =14
/29 = 23 =6
/30 = 22 =2

26. Can IP address be assigned to Layer 2?

No, IP addresses cannot assign to Layer2.

27. What is PING used for?

PING is packet Internet groper. It is used to test the reachability of a host on an Internet protocol (IP) network. When
any data is sent via the network through the IP addresses, then it will PING the receiver to receive the data from the

28. What are the different class and ranges of IP address?

There are 5 different classes of IP address:
Class Range
A 1-126
B 127-191
C 192-223
D 224-239
E 240-254

29. What is Private IP and Public IP? Range of Private IP address.

Private IP used within the local LAN and Public IP used across the Internet.
 Class-A: IP addresses: –
 Class-B: IP addresses: –
 Class-C: IP addresses: –

30. Define Network Topology.

It is an arrangement of elements in a specific order. The various types of Topology include:
 Bus
 Star
 Mesh
 Ring
 Hybrid
 Tree

31. Define MAC Address.

MAC address is Media Access Control address. It is stored in ROM and is uniquely defined. It is identified as Media
Access Control layer in the network architecture.

32. What does 10Base-T mean?

The 10 refers to the data transfer rate, in this case is 10Mbps. The word Base refers to base band, as oppose to
broad band. T means twisted pair, which is the cable used for that network.

33. What is NOS?

NOS, or Network Operating System, is specialized software whose main task is to provide network connectivity to a
computer in order for it to be able to communicate with other computers and connected devices.

34. What is DoS?

DoS, or Denial-of-Service attack, is an attempt to prevent users from being able to access the internet or any other
network services. Such attacks may come in different forms and are done by a group of perpetuators. One common
method of doing this is to overload the system server so it cannot anymore process legitimate traffic and will be
forced to reset.

35. What are firewalls?

Firewalls serve to protect an internal network from external attacks. These external threats can be hackers who want
to steal data or computer viruses that can wipe out data in an instant. It also prevents other users from external
networks from gaining access to the private network.

36. Why is VLAN used?

It is a Virtual LAN network which is used to make a separate domain in a single switch.

37. What are the different types of passwords that you can use in Cisco routers?
Different types of passwords that are used in Cisco routers are enabled, enable secret, auxiliary (AUX), console and
virtual terminal (VTY).

38. How many types of memories are used in Cisco router?

Given below are the 3 different types of memory that are used:
 Flash memory – Store system IOS. It is electronically erasable and a re-programmable memory chip.
 RAM – Store configuration file which is being executed. It loses its information when a router is restarted or
shut down.
 NVRAM – Store startup configuration file and IOS reads this file when the router boots up.
 ROM – Read Only Memory. It saves the information if the router is shut down or restarted. It maintains the
instructions for POST diagnostics.

39. What is meant ARP and RARP?

 ARP is Address Resolution Protocol which is used to map an IP address to a physical machine.
 RARP is Reverse Address Resolution Protocol which is used to map MAC address to the IP address.

40. What are the different types of cables that are used in routing?
Three different types of cables that are used include:
 Straight cable – (switch-router)
 Cross cable – (PC-PC, switch-switch)
 Rollover cable – (Console port to computer)

41. Define Logical Topology.

Logical Topology is the network from where the data packets are sent from the source to destination, which we can
see as well.

42. What is the difference between static and dynamic IP addresses?

Static IP address won’t change over the time and is reserved statically whereas dynamic IP address changes each
time when you connect to the Internet.

43. Some Common IEEE Standards

Standard Description
802.1 Internetworking
802.2 Logical Link Control (LLC)
802.3 Ethernet (CSMA/CD)
802.4 Token bus LAN
802.5 Token ring LAN
802.6 Metropolitan Area Network (MAN)
802.7 Broadband technical advisory
802.8 Fiber optic
802.9 Integrated voice/data
802.10 Network Security
802.11 Wireless Networks
802.12 Demand Priority (100VG-Any LAN)
802.13 Not used
802.14 Cable modem
802.15 Wireless personal area network
802.16 Broadband wireless access
802.17 Resilient packet ring

44. What do you understand by ‘Protocol’ in networking?

A protocol enables two devices to connect and transmit the information or data to one another.

45. What do you understand by PoE (Power over Ethernet)?

It is defined by IEEE standard and it passes electric power supply to the network devices over the existing data

46. What is OSPF? Describe it.

OSPF stands for Open Shortest Path First. It uses Dijkstra algorithm and is a link state routing protocol which is used
to connect to a large number of networks without having any limitation on the number of hops.
47. What does Multiple Access mean?
In Multiple Access, it allows more than one devices to transmit the data at the same time. For Example, Star or Mesh

48. Explain the difference between Collision Domain and Broadcast Domain.
In the Broadcast Domain, all the juncture can reach each other by broadcast at the data link layer and every device is
ready to receive their respective data. It can bind to the same LAN segments or the other LAN segment. Broadcast
Domain uses local network for broadcasting the data packets to the receiver. While broadcasting, massive data are
broadcasted, hence the speed of receiving the data is less and it also takes more time to receive the data of their

In the Collision Domain, data collision occurs more due to sending of more frames simultaneously. If more than two
frames are sent simultaneously then the data will collide with each other in between and the information gets lost
due to an occurrence of a collision and the devices will not accept the data and due to this, the communication
between the sender and receiver side will collide. Hence, the sender has to send the data again and like this, it will
take more time to receive the data at the receiver's side.

49. Frame Relay Technology works on which layer of OSI model?

It works on Data Link Layer.

50. What does Round Trip Time mean?

Round-trip time or round-trip delay is defined as the time taken by a signal to send the data plus the time it receives
the acknowledgment from the receiver of that signal.

51. What is MTU and what is its size for transmission?

MTU stands for Maximum Transmission Unit and its size is 1500 bytes.

52. What is the difference between CSMA/CD and CSMA/CA?

Carrier Sense multiple access with Collision detection (CSMA/CD) is a media access control method which is used in
local area networking. It uses early Ethernet technology to overcome collision when it happened. And Carrier sense
multiple access with collision avoidance (CSMA/CA) is used in the wireless network to avoid a collision.

53. Define Autonomous System (AS).

It is either a single network or a group of networks that are managed by a single directive. It is defined by a unique
number or code and is called as an Autonomous system number (ASN). Sometimes, it is also called as a routing
domain. Communication of networks within an AS is done by using Interior Gateway Protocol (IGP).

54. Why do you use ‘Service Password Encryption’?

Service Password Encryption is used to encrypt plaintext password into type 7 password. Security is less and hence it
can be easily decrypted.

55. Explain DHCP scope.

Dynamic Host Configuration Protocol (DHCP) is used to automatically assign IP host with its address to a client.

56. Explain the difference between Tracert and Traceroute.

You would use tracert on a PC while you would use the command traceroute on a router or switch.

57. Why is Distributed Processing useful?

Distributed processing is useful because of its lower cost, improved performance, reliability, and flexibility.

58. What do you understand by Redundancy?

Redundancy is a method which provides backup paths in case of network or path failure.
59. What is Domain Name System (DNS)?
DNS is an internet service that translates domain names into IP addresses. Anything connected to the internet i.e.
mobile phones, laptops, websites etc. has an IP address which is uniquely defined.

60. What is RIP?

RIP, short for Routing Information Protocol is used by routers to send data from one network to another. It
efficiently manages routing data by broadcasting its routing table to all other routers within the network. It
determines the network distance in units of hops.

61. Define Bandwidth.

Bandwidth is defined as the amount of data that can be transmitted or carried in a fixed interval of time.

62. Explain the basic difference between TCP/IP and OSI model.
OSI and TCP/IP protocol are different by their layers. In OSI model, there are 7 layers whereas in TCP/IP there are 4

63. What is the difference between ‘bit rate’ and ‘baud rate’?
A bit rate is defined as the total number of bits transmitted in one second whereas baud rate defines the number of
signal unit per second that is required to represent those bits.
Baud rate=bit rate / N,
where N = no. of bits represented by each signal shift.

64. TCP/IP Ports and Protocols

SL Port Number Description
20 FTP -- Data
21 FTP -- Control
22 SSH Remote Login Protocol
23 Telnet
25 Simple Mail Transfer Protocol (SMTP)
42 Host Name Server (Nameserv)
53 Domain Name System (DNS)
69 Trivial File Transfer Protocol (TFTP)
115 Simple File Transfer Protocol (SFTP)
118 SQL Services
143 Interim Mail Access Protocol (IMAP)
150 NetBIOS Session Service
156 SQL Server
161 SNMP
179 Border Gateway Protocol (BGP)
190 Gateway Access Control Protocol (GACP)
389 Lightweight Directory Access Protocol (LDAP)
444 Simple Network Paging Protocol (SNPP)
546 DHCP Client
547 DHCP Server

65. Abbreviation

TCP/IP protocol suite

Name Meaning Function
TCP Transmission Control Enables two hosts to establish connection and exchange network data;
Protocol connection-oriented; guaranteed delivery of packets
UDP User Datagram Protocol Enables two hosts to establish connection and exchange network data;
connectionless, unreliable, less overhead
FTP File Transfer Protocol Downloads or uploads files between hosts; performs directory operations;
also offers authentication security
SFTP Secure File Transfer Transfer of files with SSH to provide encryption, public key authentication,
Protocol and file compression; similar to FTP
HTTP HyperText Transfer Transfer files or web pages from web server to client web browser; uses
Protocol lesser bandwidth and supports both text and graphics
HTTP HyperText Transfer Allows browsers and servers to authenticate and encrypt network packets
S Protocol Secure using SSL; secure version of HTTP
SMTP Simple Mail Transfer Uses a spooled or queued method to deliver or send emails
POP3 Post Office Protocol Used to retrieve email files from the email server; can be used with or
version 3 without SMTP
Telnet Telephone Network A terminal emulation program that connects remote computers to a server;
execute a commands using command prompt
SSH Secure Shell A suite of protocols used to log into another computer on the network,
execute commands, and secure transfer of files
ICMP Internet Control Message Provides network layer management and control by sending datagrams and
Protocol control messages; works with IP
ARP Address Resolution Resolves network addresses (IP) into hardware addresses (MAC); uses
Protocol address resolution cache table built into every NIC
NTP Network Time Protocol Sets computer clock to a standard time source usually a nuclear clock

Network services and protocols

Nam Meaning Function
DNS Domain Name System Translates and resolves IP addresses into host names or the reverse
DHCP Dynamic Host Allows a client device to request and obtain a unique IP address and other
Configuration Protocol parameters from a server automatically
NAT Network Address Allows a local network to use one set of IP address for internal or in-house
Translation traffic and a different set for external or internet traffic
NFS Network File System Permits network users to access and used shared files; allows different
computer platforms to share files and disk space

Remote access protocols and services

Name Meaning Function
PPP Point-Point Used to establish an internet connection between serial point-to-point links;
Protocol provides for dial-up connnections to networks
SLIP Serial Line Internet Used to connect to the internet via a dial-up modem; older, slower, less reliable
Protocol than PPP
PPPoE PPP over Ethernet Uses PPP over Ethernet to connect an ethernet LAN user to the internet using an
ADSL or cable modem; users share a broadband connection
PPTP Point-Point Tunnel A form of encryption that provides a tunnel for secure connections over the
Protocol internet; used to create VPN
VPN Virtual Private A private, secure, point to point connection from a company LAN to the remote
Network users and wireless nodes using the internet

Security protocols
Nam Meaning Function
IPSec Internet ProtocolProvides authentication and encryption over the internet; works with IPv4 and
Security IPv6; used to secure VPN
L2TP Layer 2 Tunneling Supports non-TCP/IP protocols VPN over the internet; combines the best features
Protocol of PPTP and L2F
SSL Secure Sockets LayerUses a private key to encrypt data that is transferred over the SSL connection;
service independent and can secure different network applications
WEP Wired Equivalent Encrypts and protects data packets over radio frequencies; does not offer end-end
Privacy security
WPA WiFi Protected Offers improved data encryption and user authentication using the wireless
Access devices MAC address; uses TKIP encryption
AES Advanced Encryption A cryptographic cipher that uses Rijndael algorithm

Routing protocols
Nam Meaning Function
RIP Routing Information Finds the quickest route between two computers; offers a maximum of 16
Protocol hops between routers before deciding that a packet is undeliverable
OSPF Open Shortest Path FirstA descendant of RIP that increases its speed and reliability; much used on the
internet; accepts 256 hops between routers
IGRP Interior Gateway A propriety protocol from Cisco that takes bandwidth, latency, reliability, and
Routing Protocol current traffic load into consideration
EGP Exterior Gateway A distance vector protocol that uses polling to retrieve routing information
BGP Border Gateway Used to span autonomous systems in the internet; used at the edge of
Protocol networks; designed to supersede EGP
NLSP Netware Link Services A link state routing protocol that was designed to reduce wasted bandwidth
Protocol associated with RIP
RTMP Routing Table Used by Appletalk to ensure that all routers in the network have consistent
Maintenance Protocol routing information

Name Meaning Function

EUI Extended Unique Identifier An IPv6 device will use the MAC address of its interface to generate
a unique 64-bit interface ID.
OUI Organizationally Unique Identifier (OUI) is a 24-bit number that uniquely identifies a vendor,
manufacturer, or other organization of NIC
B. MCQ-Cyber Security
1. Why would a hacker use a proxy server?
A. To create a stronger connection with the target.
B. To create a ghost server on the network.
C. To obtain a remote access connection.
D. To hide malicious activity on the network.
Correct Answer – D
Explanation – Proxy servers exist to act as an intermediary between the hacker and the target and servces
to keep the hacker anonymous tot he network.

2. What type of symmetric key algorithm using a streaming cipher to encrypt information?
A. RC4
B. Blowfish
D. MD5
Correct Answer – A
Explanation – RC$ uses streaming ciphers.

3. Which of the following is not a factor in securing the environment against an attack on security?
A. The education of the attacker
B. The system configuration
C. The network architecture
D. The business strategy of the company
E. The level of access provided to employees
Correct Answer – D
Explanation – All of the answers are factors supporting the exploitation or prevention of an attack. The
business strategy may provide the motivation for a potential attack, but by itself will not influence the

4. What type of attack uses a fraudulent server with a relay address?

Correct Answer – B
Explanation – MITM (Man in the Middle) attacks create a server with a relay address. It is used in SMB
relay attacks.

5. What port is used to connect to the Active Directory in Windows 2000?

A. 80
B. 445
C. 139
D. 389
Correct Answer – D
Explanation – The Active Directory Administration Tool used for a Windows 2000 LDAP client uses port 389
to connect to the Active Directory service.

6. To hide information inside a picture, what technology is used?

A. Rootkits
B. Bitmapping
C. Steganography
D. Image Rendering
Correct Answer – C
Explanation – Steganography is the right answer and can be used to hide information in pictures, music, or

7. Which phase of hacking performs actual attack on a network or system?

A. Reconnaissance
B. Maintaining Access
C. Scanning
D. Gaining Access
Correct Answer – D
Explanation – In the process of hacking, actual attacks are performed when gaining access, or ownership,
of the network or system. Reconnaissance and Scanning are information gathering steps to identify the
best possible action for staging the attack. Maintaining access attempts to prolong the attack.

8. Attempting to gain access to a network using an employee’s credentials is called the _____________
mode of ethical hacking.
A. Local networking
B. Social engineering
C. Physical entry
D. Remote networking
Correct Answer – A
Explanation – Local networking uses an employee’s credentials, or access rights, to gain access to the
network. Physical entry uses credentials to gain access to the physical IT infrastructure.

9. Which Federal Code applies the consequences of hacking activities that disrupt subway transit
A. Electronic Communications Interception of Oral Communications
B. 18 U.S.C. § 1029
C. Cyber Security Enhancement Act 2002
D. 18 U.S.C. § 1030
Correct Answer – C
Explanation – The Cyber Security Enhancement Act 2002 deals with life sentences for hackers who
recklessly endanger the lives of others, specifically transportation systems.

10. Which of the following is not a typical characteristic of an ethical hacker?

A. Excellent knowledge of Windows.
B. Understands the process of exploiting network vulnerabilities.
C. Patience, persistence and perseverance.
D. Has the highest level of security for the organization.
Correct Answer – D
Explanation – Each answer has validity as a characteristic of an ethical hacker. Though having the highest
security clearance is ideal, it is not always the case in an organization.

11. What is the proper command to perform an Nmap XMAS scan every 15seconds?
A. nmap -sX -sneaky
B. nmap -sX -paranoid
C. nmap -sX -aggressive
D. nmap -sX -polite
Correct Answer – A
Explanation – SX is used to identify a xmas scan, while sneaky performs scans 15 seconds apart.

12. What type of rootkit will patch, hook, or replace the version of system call in order to hide
A. Library level rootkits
B. Kernel level rootkits
C. System level rootkits
D. Application level rootkits
Correct Answer – A
Explanation – Library leve rootkits is the correct answer. Kerel level focuses on replaceing specific code
while application level will concentrate on modifying the behavior of the application or replacing
application binaries. The type, system level, does not exist for rootkits.

13. What is the purpose of a Denial of Service attack?

A. Exploit a weakness in the TCP/IP stack
B. To execute a Trojan on a system
C. To overload a system so it is no longer operational
D. To shutdown services by turning them off
Correct Answer – C
Explanation – DoS attacks force systems to stop responding by overloading the processing of the system.

14. What are some of the most common vulnerabilities that exist in a network or system?
A. Changing manufacturer, or recommended, settings of a newly installed application.
B. Additional unused features on commercial software packages.
C. Utilizing open source application code
D. Balancing security concerns with functionality and ease of use of a system.
Correct Answer – B
Explanation – Linux is an open source code and considered to have greater security than the commercial
Windows environment. Balancing security. Ease of use and functionality can open vulnerabilities that
already exist. Manufacturer settings, or default settings, may provide basic protection against hacking
threats, but need to change to provide advance support. The unused features of application code provide
an excellent opportunity to attack and cover the attack.

15. What is the sequence of a TCP connection?

Correct Answer – B
Explanation – A three-handed connection of TCP will start with a SYN packet followed by a SYN-ACK packet.
A final ACK packet will complete the connection.

16. What tool can be used to perform SNMP enumeration?

A. DNSlookup
B. Whois
C. Nslookup
D. IP Network Browser
Correct Answer – D
Explanation – SNMPUtil and IP Network Browser is SNMP enumeration tool

17. Which ports should be blocked to prevent null session enumeration?

A. Ports 120 and 445
B. Ports 135 and 136
C. Ports 110 and 137
D. Ports 135 and 139
Correct Answer – D
Explanation – Port 139 is the NetBIOS Session port typically can provide large amounts of information using
APIs to connect to the system. Other ports that can be blocked in 135, 137,138, and 445.

18. The first phase of hacking an IT system is compromise of which foundation of security?
A. Availability
B. Confidentiality
C. Integrity
D. Authentication
Correct Answer – B
Explanation – Reconnaissance is about gathering confidential information, such as usernames and

19. How is IP address spoofing detected?

A. Installing and configuring a IDS that can read the IP header
B. Comparing the TTL values of the actual and spoofed addresses
C. Implementing a firewall to the network
D. Identify all TCP sessions that are initiated but does not complete successfully
Correct Answer – B
Explanation – IP address spoofing is detectable by comparing TTL values of the actual and spoofed IP

20. Why would a ping sweep be used?

A. To identify live systems
B. To locate live systems
C. To identify open ports
D. To locate firewalls
Correct Answer – A
Explanation – A ping sweep is intended to identify live systems. Once an active system is found on the
network, other information may be distinguished, including location. Open ports and firewalls.

21. What are the port states determined by Nmap?

A. Active, inactive, standby
B. Open, half-open, closed
C. Open, filtered, unfiltered
D. Active, closed, unused
Correct Answer – C
Explanation – Nmap determines that ports are open, filtered, or unfiltered.

22. What port does Telnet use?

A. 22
B. 80
C. 20
D. 23
Correct Answer – D
Explanation – Telnet uses port 23.

23. Which of the following will allow footprinting to be conducted without detection?
A. PingSweep
B. Traceroute
C. War Dialers
Correct Answer – D
Explanation – ARIN is a publicly accessible database, which has information that could be valuable. Because
it is public, any attempt to obtain information in the database would go undetected.

24. Performing hacking activities with the intent on gaining visibility for an unfair situation is called
A. Cracking
B. Analysis
C. Hacktivism
D. Exploitation
Correct Answer – C
Explanation – Hacktivism is the act of malicious hacking for a cause or purpose.

25. What is the most important activity in system hacking?

A. Information gathering
B. Cracking passwords
C. Escalating privileges
D. Covering tracks
Correct Answer – B
Explanation – Passwords are a key component to access a system, making cracking the password the most
important part of system hacking.

26. A packet with no flags set is which type of scan?

Correct Answer – D
Explanation – A NULL scan has no flags set.

27. Sniffing is used to perform ______________ fingerprinting.

A. Passive stack
B. Active stack
C. Passive banner grabbing
D. Scanned
Correct Answer – A
Explanation – Passive stack fingerprinting uses sniffing technologies instead of scanning.

28. Phishing is a form of ____________________.

A. Spamming
B. Identify Theft
C. Impersonation
D. Scanning
Correct Answer – C
Explanation – Phishing is typically a potential attacker posing, or impersonating, a financial institution

29. Why would HTTP Tunneling be used?

A. To identify proxy servers
B. Web activity is not scanned
C. To bypass a firewall
D. HTTP is a easy protocol to work with
Correct Answer – C
Explanation – HTTP Tunneling is used to bypass the IDS and firewalls present on a network.

30. Which Nmap scan is does not completely open a TCP connection?
A. SYN stealth scan
B. TCP connect
C. XMAS tree scan
D. ACK scan
Correct Answer – A
Explanation – Also known as a “half-open scanning,” SYN stealth scan will not complete a full TCP

31. What protocol is the Active Directory database based on?

Correct Answer – A
Explanation – Active4 direction in Windows 200 is based on a Lightweight Directory Access Protocol (LDAP).

32. Services running on a system are determined by _____________.

A. The system’s IP address.
B. The Active Directory
C. The system’s network name
D. The port assigned
Correct Answer – D
Explanation – Hackers can identify services running on a system by the open ports that are found.

33. What are the types of scanning?

A. Port, network, and services
B. Network, vulnerability, and port
C. Passive, active, and interactive
D. Server, client, and network
Correct Answer – B
Explanation – The three types of accepted scans are port, network, and vulnerability.

34. Enumeration is part of what phase of ethical hacking?

A. Reconnaissance
B. Maintaining Access
C. Gaining Access
D. Scanning
Correct Answer – C
Explanation – Enumeration is a process of gaining access to the network by obtaining information on a user
or system to be used during an attack.

35. Keyloggers are a form of ______________.

A. Spyware
B. Shoulder surfing
C. Trojan
D. Social engineering
Correct Answer – A
Explanation – Keyloggers are a form of hardware or software spyware installed between the keyboard and
operating system.

36. What are hybrid attacks?

A. An attempt to crack passwords using words that can be found in dictionary.
B. An attempt to crack passwords by replacing characters of a dictionary word with numbers and symbols.
C. An attempt to crack passwords using a combination of characters, numbers, and symbols.
D. An attempt to crack passwords by replacing characters with numbers and symbols.
Correct Answer – B
Explanation – Hybrid attacks do crack passwords that are created with replaced characters of dictionary
type words.

37. Which form of encryption does WPA use?

A. Shared key
Correct Answer – C
Explanation – TKIP is used by WPA

38. What is the best statement for taking advantage of a weakness in the security of an IT system?
A. Threat
B. Attack
C. Exploit
D. Vulnerability
Correct Answer – C
Explanation – A weakness in security is exploited. An attack does the exploitation. A weakness is
vulnerability. A threat is a potential vulnerability.

39. Which database is queried by Whois?

Correct Answer – A
Explanation – Who utilizes the Internet Corporation for Assigned Names and Numbers.

40. Having individuals provide personal information to obtain a free offer provided through the Internet
is considered what type of social engineering?
A. Web-based
B. Human-based
C. User-based
D. Computer-based
Correct Answer – D
Explanation – Whether using email, a fake website, or popup to entice the used, obtaining information
from an individual over the Internet is a computer-based type of social engineering
C. Ethical Hacking
Q1. What are the types of hackers?
 Black Hat: These hackers are responsible to create malware; they gain unauthorized access in a
system or network and harm its operations and steal sensitive information.
 White Hat: These hackers are also known as ethical hackers; they’re often employed by companies
or government agencies to find out the vulnerabilities. They never intend to harm the system
instead find out the weaknesses in the network/system as part of penetration testing and
vulnerability assessments.
 Grey Hat: These hackers are a blend of both white hat and black hat hackers; they find out the
vulnerabilities in a system without the owner’s permission or knowledge. Their intention is to bring
the weaknesses in the system to the owner's attention and demand some compensation or
incentive from the owner.
Apart from the above well-known hackers, there are miscellaneous hackers based on what they hack
and how they do it:
 Hacktivist: The person who utilizes technology for announcing social, religious, or political message.
Mostly hacktivism includes website defacement or denial-of-service attacks.
 Script Kiddie: The one who enters into the computer system using the automation tools written by
others and have less knowledge of the underlying concept, hence the term kiddie.
 Elite Hackers: This is a social message among hackers that describes the most skilled ones. Recently
identified exploits will circulate among these hackers.
 Neophyte: They are also known as green hat hacker or newbie who has no knowledge about the
workings of technology and hacking.
 Blue Hat: The one who is outside of computer security consulting firms tries to attempt a bug-test
to a system before its launch to find out the weaknesses and close the gaps.
 Red hat: They are a blend of both black hat and white hat hackers, usually employed by top security
agencies, government agencies, etc., that fall under the category of sensitive information.

Q.2 Hacking Terminology

 Adware − Adware is software designed to force pre-chosen ads to display on the system.
 Attack − An attack is an action that is done on a system in order to get the access of a system and
extract sensitive data.
 Back door − A back door, also known as trap door, is a entry which is hidden, to a computer or a
software that bypasses security measures, such as logins and password protections.
 Bot − A bot is a program that automates an action so that the action is repeated much faster for a
more sustained period than a human operator. For instance, sending HTTP, FTP or Telnet at a
higher rate or calling script to create objects at a higher rate.
 Botnet − A botnet, also known as zombie army, is a group of computers which are controlled
without the knowledge of the owner. Botnets are usually used to send spam or make service
attacks denial.
 Brute force attack − A brute force attack is an simplest automated method to get access to a
computer system or computer network. Different combinations of usernames and passwords are
tried until it gets.
 Buffer Overflow − Buffer Overflow is a flow that occurs when more data is written to a block of
memory, or buffer, than the buffer is allocated to hold.
 Clone phishing − Clone phishing is the modification of an existing, legitimate email with link which is
false, trying to trick the recipient to provide personal information.
 Cracker − A cracker first modifies the software to access the features which are not desirable for
the hacking person.
 Denial of service attack (DoS) − A denial of service (DoS) attack is a malicious attempt by which a
server or a network resource is made unavailable to the user by interruption or suspending the
services of the host temporarily to the internet.
 DDoS − Distributed denial of service attack.
 Exploit Kit − An exploit kit is software system designed to run on web servers, to identify the
software vulnerabilities in the client machines, communication with it, exploiting the vulnerabilities
and execute malicious code on the client.
 Exploit − Exploit is a piece of software, a chunk of data, or a sequence of commands that takes
advantage of a bug or vulnerability to compromise the security of a computer or network system.
 Firewall − A firewall is a filter designed such that the unwanted intrudes are kept outside a
computer system or computer network and allow the safe communication between systems and
users on the inside of the firewall.
 Keystroke logging − Keystroke logging is the process by which computer is tracked by the keys
which are pressed on it and by the usage of the touchscreen points. It is the map of a
computer/human interface. It is used for recording IDs and passwords by gray and black hat
hackers. Keyloggers are usually secreted onto a device using a Trojan delivered by a phishing email.
 Logic bomb − A virus secreted into a system that triggers a malicious action when certain conditions
are met. The most common version is the time bomb.
 Malware − Malware is a term used to refer to a variety of forms of hostile or intrusive software,
including computer viruses, worms, Trojan horses, ransomware, spyware, adware, scareware, and
other malicious programs.
 Master Program − A master program is the program used to transmit the commands to the infected
zombie drones remotely in order to carry out spam attacks or Denial of Service attacks.
 Phishing − Phishing is an e-mail fraud method in which the perpetrator sends out legitimate-looking
emails, in order to obtain personal and financial information from recipients.
 Phreaker − Phreakers are the computer hackers who illegally break into the telephone network to
tap phone lines or make free longdistance phone calls.
 Rootkit − Rootkit is a stealthy type of software, typically malicious, which hides certain programs or
processes existing in a computer from the normal detection methods and enable a privilege access
to a computer on a continuous basis.
 Shrink Wrap code − A Shrink Wrap code attack is an act of exploiting holes in unpatched or poorly
configured software.
 Social engineering − Social engineering means someone is deceived with an intention of getting
sensitive and personal information like credit card details or user names and passwords.
 Spam − A Spam is simply an unsolicited email, also known as junk email, sent to a large number of
recipients without their consent.
 Spoofing − Spoofing is a technique used to get the unauthorized access to computer by sending
messages to a computer with an IP address, to indicate that the message is from a trusted source.
 Spyware − Spyware is software meant for gathering person’s or organization’s information without
their knowledge and sent the information to any other entity without the consent and knowledge
of the customer.
 SQL Injection − SQL injection is an SQL code injection technique, used to attack data-driven
applications, in which malicious SQL statements are inserted into an entry field for execution (e.g.
to dump the database contents to the attacker).
 Threat − A threat is a danger which can exploit the existing bug or vulnerability to compromise the
security of a computer or network system.
 Trojan − A Trojan, or Trojan Horse, is a nasty program appears like a valid program and thus make it
difficult to differentiate from the programs designed with an intention to destroy files, alter
information, steal passwords or other information.
 Virus − A virus is a wicked program or a piece of code which is capable of copying itself and typically
has a detrimental effect, such as corrupting the system or destroying data.
 Vulnerability − A vulnerability is a weakness allowing a hacker to compromise the security of a
computer system or a network system.
 Worms − A worm is a self-replicating virus that does not alter files but resides in active memory and
duplicates itself.
 Cross-site Scripting − Cross-site scripting (XSS) is a type of computer security vulnerability found in
web applications. XSS enables attackers to inject client-side script into web pages viewed by other
 Zombie Drone − A Zombie Drone is defined as a hi-jacked computer that is used anonymously as a
soldier or 'drone' for malicious activity, for instance, distributing unwanted spam e-mails.

Q.3 Key Elements of an Information Security

 Confidentiality: Data and information assets should be confine to individuals license to access and
not be disclose to others; I Confidentiality assurance that the information is accessible those who
are authorize to have access.
 Integrity: Keeping the information intact, complete and correct, and IT systems operational;
Integrity is the trustworthiness of data or resources in the prevention of improper and unauthoriz
changes the assurance that information is sufficiently accurate for its purpose.
 Availability: An objective indicating that data or system is at disposal of license users once require.
Availability is the assurance that the systems responsible for delivering, storing, and processing
information are accessible when required by authorized users. Availability means data is accessible
by licensed users.
 Authenticity: A security policy includes a hierarchical pattern. It means inferior workers is typically
certain to not share the small quantity of data they need unless explicitly approved. Conversely, a
senior manager might have enough authority to create a choice what information is shared and
with whom, which implies that they’re not tied down by an equivalent data security policy terms.
 Non-Repudiation: It is the assurance that somebody cannot deny the validity of one thing. It may be
a legal thought that’s widely used in data security and refers to a service that provides proof of the
origin of information and also the integrity of the information.

Q.3 Threat Categories

 Network Threats: Sniffing & eavesdropping, Spoofing, DNS & ARP, DoS, Firewall & IDS, Insiders
 Host Threats: Malware attacks, Foot printing, Password attacks, Backdoor attacks, Physical threats.
 Application Threats: SQL injection, Phising, Hidden file manipulation.

Q4. What are the tools used for ethical hacking?

 John the Ripper
 Metasploit
 Nmap
 Acunetix
 Wireshark
 SQLMap
 OpenVAS
 IronWASP
 Nikto
 Netsparker

Q5. What are the various stages of hacking?

 Reconnaissance: This is the primary phase of hacking, also known as footprinting or information
gathering phase, where hacker collects as much information as possible about the target. It involves
host, network, DNS records, and more.
 Scanning: It takes the data discovered during reconnaissance and uses to examine the network.
 Gaining access: The phase where attackers enter into a system/network using various tools and
 Maintaining access: Once hackers gain access, they want to maintain access for future exploitation
and attacks. This can be done using trojans, rootkits, and other malicious files.
 Covering tracks: Once the hackers are able to gain and maintain access, they cover tracks to avoid
detection. It involves the modifying/deleting/corrupting value of logs, removing all traces of work,
uninstalling applications, deleting folders, and more.
Q6. What is a firewall?
Ans. A firewall is a network security system that allows or blocks network traffic as per predetermined
security rules. These are placed on the boundary of trusted and untrusted networks.

Q7. What is the difference between encryption and hashing?

Ans. Hashing is used to validate the integrity of the content, while encryption ensures data confidentiality
and security. Encryption is a two-way function that includes encryption and decryption, while hashing is a
one-way function that changes a plain text to a unique digest that is irreversible.

Q8. What do you mean by exploitation?

Ans. Exploitation is a part of programmed software or script that allows hackers to gain control over the
targeted system/network and exploit its vulnerabilities. Mostly hackers use scanners like OpenVAS, Nessus,
etc., to find these vulnerabilities.

Q9. What is footprinting?

Ans. Footprinting is a technique used for collecting as much information as possible about the targeted
network/system/victim to execute a successful cyber attack. It also finds out the security posture of the
target. During this phase, a hacker can collect the data about a domain name, IP address, namespace,
employee information, phone numbers, emails, and job information.
 Passive footprinting: It collects data of the target system located at a remote distance from the
 Active footprinting: It is performed directly by getting in touch with the target machine.

Q10. What do you mean by fingerprinting in ethical hacking?

Ans. Fingerprinting is a technique used for determining which operating system is running on a remote

Q11. What is sniffing and what are its types?

Ans. Sniffing is referred to as a process of monitoring and capturing the data packets passing through a
given network. It is mostly used by system/network administrator to monitor and troubleshoot the
network traffic. Sniffing allows you to see all sorts of traffic, both protected and unprotected. Attackers use
this to capture data packets having sensitive information such as email traffic, FTP password, web traffic,
router configuration, DNS traffic, and more.
 Active sniffing: In this, traffic is not only locked and monitored, but it may be altered in some way
determined by the attack. It is used to sniff a switch-based network. It involves injecting the address
resolution packets into a target network to switch on the content addressable memory table.
 Passive sniffing: In this, traffic is locked but not at all altered in any way. It works with hub devices,
and traffic is sent to all the ports. Any traffic that is passing through the unbridged or non-switched
network segment can be seen by all the machines on the segment.
The best sniffing tools are listed below:
 Tcpdump
 Wireshark
 Fiddler
 EtherApe
 Packet Capture
 NetworkMiner
 WinDump
 EtterCap
 dSniff

Q12. What is ARP poisoning?

Ans. ARP (Address Resolution Protocol) poisoning is also known as ARP spoofing or ARP Poison routing. It is
a form of attack where the attacker changes the MAC (Media Access Control) address and attacks the
ethernet LAN network by changing the target computer’s ARP cache with forged requests and reply

Q13. What is DNS Cache Poisoning?

Ans. DNS cache poisoning is a technique that exploits vulnerabilities in the DNS (domain name system) to
divert internet traffic away from legitimate servers and towards false ones. It is also known as DNS

Q14. What is SQL injection and how to prevent it?

Ans. The SQL injection is a type of injection attack that executes malicious SQL statements and controls the
database server behind a web application.
 To execute the different queries that are not allowed on the application.
 To change the content of the database
 To dump the entire database of the system.
The only way to prevent the SQL injection attack is input validation and parameterized queries including
prepared statements. The application code should never use the input directly.

Q15. What is Cross-Site scripting and how can you fix it?
Ans. Cross-Site Scripting (XSS) is also referred to as a client-side code injection attack. In this, the attacker
intends to execute malicious scripts on the victim’s web browser by including malicious code in a legitimate
page or web application. The actual attack occurs when the victim visits the page and executes malicious
code, and this web application actually becomes a vehicle to deliver the malicious script to the user’s
browser. Forums, web pages, and message boards that allow comments support cross-site scripting

Q16. What is a DDoS attack and how does it work?

Ans. DDoS (Distributed Denial of Service) attack is a type of DoS attack, where several compromised
systems are often infected with a trojan and are used to target a single system causing a DoS (Denial of
Service) attack.

It is an attempt to make a webpage or online service inaccessible by overloading it with huge floods of
traffic from various sources.

Q17. What are the types of DDoS attacks?

Ans. DDoS attacks are categorized into three types:
 Volume-based Attacks: These are also known as Layer3 & 4 attacks. In this, the attacker tries to
saturate the bandwidth of the target site.
 Protocol Attacks: These attacks include actual server resources and others like load balancers and
firewalls, and they are measured in Packets per Second.
 Application Layer Attacks: It includes the zero-day DDoS attacks, Slowloris, etc., that attack the
Windows, Apache, or OpenBSD vulnerabilities and more. This is measured in Requests per Second.

Q18. What is a Pharming attack and how to prevent it?

Ans. Pharming attack is one of the various cyber-attacks practiced by the attackers. It is a fraudulent
practice in which legitimate website traffic is manipulated to direct users to the fake look alikes that will
steal personal data such as passwords or financial details or installs malicious software on the visitor

Q19. What is a phishing attack?

Ans. Phishing is an attempt to steal sensitive information such as user data, credit card numbers, etc. These
attacks occur mostly while using personal email accounts or social networking sites, online transactions,
and more.

Q20. What is Spoofing?

Ans. Spoofing is a fraudulent practice in which communication is sent from an unauthorized source and
disguised as a known source to the receiver. It is used to gain access to targets personal information and
spread malware and redistribute traffic to execute a denial-of-service attack.
 Email spoofing
 Website spoofing
 Caller ID spoofing
 ARP spoofing
 DNS server spoofing

Q21. What are the different types of penetration testing?

 Black Box: In this, the hacker attempts to detect information by own means.
 External Penetration Testing: In this case, the ethical hacker attempts to hack using public networks
through the Internet.
 Internal Penetration Testing: The ethical hacker is inside the network of the company and conducts
his tests from there.
 White Box: In this, an ethical hacker is provided with all the necessary information about the
infrastructure and the network of the organization that needs to penetrate.
 Grey Box: It this, the hacker has partial knowledge of the infrastructure, like its domain name
Q22. What are the types of password cracking techniques?
 Dictionary attack: This attack uses the common kind of words and short passwords that many
people use. The hacker uses a simple file containing words that can be found in the dictionary and
tries them frequently with numbers before or after the words against the user accounts.
 Brute force attack: These are similar to dictionary attacks, but instead of using simple words,
hackers detect the non-dictionary words by using all possible alphanumeric combinations from
aaa1 to zzz10.
 Man in the middle attack: In this, the attacker's program actively monitors the information being
passed and inserts itself in the middle of the interaction usually by impersonating an application or
website. These attacks steal sensitive information such as social security numbers, account
numbers, etc.
 Traffic interception: In this, the hacker uses packet sniffers to monitor network traffic and capture
 Keylogger attack: The hacker manages to install software to track the user keystrokes and enable
them not only to collect the user's account information and passwords but also to check which
website or app the user was logging into with the credentials.

Q23. What is a social engineering attack?

Ans. Social engineering is referred to like a broad range of methods majorly intended by the people who
want to hack other people’s data or make them do a specific task to benefit the hacker.

The attacker first collects the victim’s information like security protocols required to proceed with the
attack, and gains the victim's trust and breaks security practices, such as granting access to critical
resources or stealing sensitive information.
Different types of social engineering attacks include:
 Phishing
 Vishing
 Pretexting
 Quid pro quo
 Tailgating
 Spear phishing
 Baiting

Q24. What is a rogue DHCP server?

Ans. A rogue DHCP server is a DHCP server set up on a network by an attacker which is not under the
control of network administrators. It can be either a modem or a router.

Rogue DHCP servers are primarily used by hackers for the purpose of network attacks such as Sniffing,
Reconnaissance, and Man in the Middle attacks.

Q25. What is Burp Suite?

Ans. Burp Suite is an integrated platform used for executing a security test of web applications. It consists
of various tools that work seamlessly together to manage the entire testing process from initial mapping to
security vulnerabilities.

In case you have attended any ethical hacking interview in the recent past and unable to find out the best
answers for it, do mention those interview questions in the comments section below and we’ll answer
them ASAP.