Part 3: Network Scanning and Enumeration Techniques (15 Questions)

1. What defines network scanning?

• A) Finding web app vulnerabilities

• B) Mapping a network for active hosts and services

• C) Capturing network packets for analysis

• D) Exploiting open ports on a target

Answer: B) Mapping a network for active hosts and services

Explanation: Network scanning identifies live hosts, services, and vulnerabilities. Tools like Nmap are used.

2. Which tool is best for port scanning?

• A) Wireshark

• B) Nmap

• C) Metasploit

• D) Nessus

Answer: B) Nmap

Explanation: Nmap scans IPs, detects open ports, and identifies services.

3. Which Nmap command performs a SYN scan on 192.168.1.0/24?

• A) nmap -sT 192.168.1.0/24

• B) nmap -sP 192.168.1.0/24

• C) nmap -sV 192.168.1.0/24

• D) nmap -sS 192.168.1.0/24

Answer: D) nmap -sS 192.168.1.0/24

Explanation: The -sS flag performs a SYN scan to detect open ports without a full connection.

4. Which scan type bypasses firewalls and IDS?

• A) TCP Connect Scan

• B) UDP Scan

• C) SYN Scan

• D) ACK Scan

Answer: C) SYN Scan

Explanation: A SYN scan sends a SYN packet but doesn’t complete the handshake, making it stealthier.

5. Which Nmap flag identifies a target’s OS?

• A) -O

• B) -sV

• C) -Pn

• D) -A

Answer: A) -O

Explanation: The -O flag enables OS detection by analyzing packet responses.

6. Which protocol is scanned during UDP scans?

• A) ICMP

• B) HTTP

• C) DNS

• D) SMB

Answer: C) DNS

Explanation: DNS uses UDP for queries, making it a key target in UDP scans.

7. Which Nmap command scans all open ports on a target IP using the default 1000 port range?

• A) nmap -p- [IP]

• B) nmap -p 1-65535 [IP]

• C) nmap -sU [IP]

• D) nmap -T4 [IP]

Answer: A) nmap -p- [IP]

Explanation: The -p- flag scans all 65,535 ports for comprehensive coverage.

8. What scan type sends FIN packets to closed ports?

• A) Xmas Scan

• B) FIN Scan

• C) NULL Scan

• D) ACK Scan

Answer: B) FIN Scan

Explanation: A FIN scan sends a TCP packet with only the FIN flag set. Closed ports typically respond with a RST packet.

9. Which enumeration technique queries a DNS server for subdomains and records?

• A) Zone transfer

• B) Footprinting

• C) DNS poisoning

• D) ARP spoofing

Answer: A) Zone transfer

Explanation: A DNS zone transfer retrieves records like A, MX, and CNAME, revealing insights about the network structure.

10. Which tool enumerates NetBIOS shares and services?

• A) Netcat

• B) Responder

• C) Nbtscan

• D) SQLmap

Answer: C) Nbtscan

Explanation: Nbtscan scans and enumerates NetBIOS services, revealing active systems and shared resources.

11. Which protocol is exploited during SMB enumeration?

• A) ICMP

• B) HTTP

• C) FTP

• D) SMBv1

Answer: D) SMBv1

Explanation: SMBv1 is vulnerable to attacks like EternalBlue, making it a common enumeration target.

12. Which Nmap command enables verbose output?

• A) nmap -v

• B) nmap -A

• C) nmap -sP

• D) nmap -vv

Answer: D) nmap -vv

Explanation: The -vv flag increases verbosity, providing real-time updates and detailed insights during scanning.

13. Which tool is best for brute-force enumeration of usernames?

• A) Hydra

• B) John the Ripper

• C) sqlmap

• D) Hashcat

Answer: A) Hydra

Explanation: Hydra is a login cracker used to brute-force services like SSH, FTP, and SMB to enumerate valid usernames.

⸻

14. Which tool is designed for SNMP enumeration?

• A) SNMPwalk

• B) Aircrack-ng

• C) John the Ripper

• D) Ettercap

Answer: A) SNMPwalk

Explanation: SNMPwalk enumerates SNMP data from network devices.

15. Which Nmap scan bypasses firewall rules blocking SYN packets?

• A) NULL Scan

• B) Xmas Scan

• C) FIN Scan

• D) ACK Scan

Answer: D) ACK Scan

Explanation: An ACK scan identifies firewall rules by sending TCP packets with the ACK flag set, determining filtered ports.