Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CEH v11 Revision > Scanning and Enumeration > Flashcards

Scanning and Enumeration Flashcards

1
Q

What type an attack is DNS Bruteforcing? (Active or Passive)

A

Passive.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

TCP Flag

What is SYN (Synchronize) flag used for?

A

Set during initial communication. Negotiating of parameters and sequence numbers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

TCP Flag

What is ACK (Acknowledgment) flag used for?

A

Set as an acknowledgement to the SYN flag. Always set after initial SYN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

TCP Flag

What is RST (Reset) flag used for?

A

Forces the termination of a connection (in both directions)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

TCP Flag

What is FIN (Finish) flag used for?

A

Ordered close to communications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

TCP Flag

What is PSH (Push) flag used for?

A

Forces the delivery of data without concern for buffering

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

TCP Flag

What is URG (Urgent) flag used for?

A

Data inside is being sent out of band. Example is cancelling a message

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the 3 step TCP handshake?

A
  1. SYN
  2. SYN-ACK
  3. ACK
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What does ICMP stand for?

A

Internet Control Message Protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What ICMP message type is 0?

A

0: Echo Reply

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What ICMP message type is 3?

A

3: Destination Unreachable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What ICMP message type is 4?

A

4: Source Quench

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What ICMP message type is 5?

A

5: Redirect

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What ICMP message type is 8?

A

8: Echo Request

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What ICMP message type is 11?

A

11: Time Exceeded

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Nmap

How do you initiate Full Connect Scan?

A

nmap -sT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Nmap

How do you initiate Stealth (SYN )Scan?

A

nmap -sS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Nmap

How do you initiate ACK Scan?

A

nmap -sA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Nmap

How do you initiate FIN scan?

A

nmap -sF

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Nmap

How do you initiate IDLE (Zombie) Scan

A

nmap -sI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Nmap

How do you initiate DNS List Scan?

A

nmap -sL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Nmap

How do you initiate NULL Scan?

A

nmap -sN

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Nmap

How do you initiate Protocol Scan?

A

nmap -sO

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Nmap

How do you initiate Ping Scan?

A

nmap -sP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Nmap

How do you initiate RPC scan?

A

nmap -sR

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Nmap

How do you initiate Window scan?

A

nmap -sW

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Nmap

How do you initiate Xmas scan?

A

nmap -sX

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Nmap

How do you initiate ICMP ping?

A

nmap -PI

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Nmap

How do you initiate No ping?

A

nmap -Pn

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Nmap

How do you initiate SYN ping?

A

nmap -PS

31
Q

Nmap

How do you initiate TCP ping?

A

nmap -PT

32
Q

Nmap

How do you set packet fragmentation flag?

A

nmap -f

33
Q

Nmap

How do you set Decoy flag?

A

nmap -D

34
Q

Hping

How do you initiate ICMP mode?

A

hping3 -1

35
Q

Hping

How do you initiate UDP mode?

A

hping3 -2

36
Q

Hping

How do you initiate Scan mode?

A

hping3 -8

37
Q

Hping

How do you initiate Listen mode?

A

hping3 -9

38
Q

Hping

How do you initiate Flood mode?

A

hping3 –flood

39
Q

Hping

How do you collect sequence numbers?

A

hping -Q

40
Q

Hping

How do you set port number?

A

hping3 -p

41
Q

Hping

How do you set FIN flag?

A

hping3 -F

42
Q

Hping

How do you set SYN flag?

A

hping3 -S

43
Q

Hping

How do you set RST flag?

A

hping3 -R

44
Q

Hping

How do you set PSH flag?

A

hping3 -P

45
Q

Hping

How do you set ACK flag?

A

hping3 -A

46
Q

Hping

How do you set URG flag?

A

hping3 -U

47
Q

Hping

How do you set Xmas flag?

A

hping3 -X

48
Q

SNMP: What is the read-only string?

A

public

49
Q

SNMP: What is the read-write string?

A

private

50
Q

What is meant by the following command?

ping -t 1.1.1.1

A

Continuos ping until manually stopeed

51
Q

What is meant by the following command?

ping -a 1.1.1.1

A

Resolve hostname to IP

52
Q

What is meant by the following command?

ping -n 6 1.1.1.1

A

Ping specified amount of times (6).

53
Q

What is mean by the following command?

ping -i 12 1.1.1.1

A

-i specified Time to Live

54
Q

What records does a zone file contain?

A

SOA
NS
A
MX

55
Q

What tool would you use to fingerprint VPN firewalls?

A

ike-scan

56
Q

What is ping of death?

A

Sending packets that exceeds the byte limit (65,535)

57
Q

What is the proper response for a NULL scan if the port is closed?

A

RST

58
Q

What is a Smurf Attack?

A

DDoS attack, floods the target network with infinite ICMP request packets with spoofed address of the networks broadcast address.

59
Q

What is the pattern to identify LM hashes that are below 8 characters long?

A

The hashes will end with AAD3B435B51404EE

60
Q

What are the 3 Access Vector Metrics used in Nessus reports?

A
  1. Local (L)
  2. Adjacent Network (A)
  3. Network (N)
61
Q

What is a Fraggle attack?

A

DoS attack that uses UDP protocol

62
Q

What is a Tear Drop attack?

A

DoS attack that exploits a packet fragment bug

63
Q

What is a SYN Flood attack?

A

Sending a SYN request to host ports and leaving incomplete TCP handshakes so other users are unable to connect.

64
Q

What is a SYN Attack?

A

Floods SYN packets to the target with spoofed source IP

65
Q

What is a ICMP Flood attack?

A

ICMP Echo requests with spoofed source IP

66
Q

What is a Peer-to-peer attack?

A

Redirect peer-to-peer connections to the target host

67
Q

What is a LAND attack?

A

Sending SYN packet to the target host with same source IP as the target, crashing the system if Vulnerable.

68
Q

What is purpose of Low Ordbit Ion Cannon (LOIC) tools?

A

TCP, UDP, HTTP DDoS tool

69
Q

What type of tools is Trinity on Linux?

A

DDoS Tool

70
Q

What is a Tribe Flood Network?

A

Voluntary hosts of a botnet, used for DDoS.

71
Q

Which service is NBTSTAT used against?

A

To discover information from NetBios, ports 137, 138, 139

72
Q

What is Blind/Anonymous FTP?

A

Allows users to go directly to a specific directory as long as they use the correct path and file name.

73
Q

Nmap

How do you initiate default script engine scan?

A

nmap -sC
or
nmap –script=default

74
Q

nmap script options

A

nmap –script=default
nmap –script-args= : provides arguments to script
nmap –script-args-file= : provides nse script args in a file
nmap –script-trace : shows all data sent and received
nmap –script-updatedb : updates script database
nmap –script-help : shows help

CEH v11 Revision (15 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions