Sign up to save your podcasts
Or
Share Part 3 - CEH v12 Practice Questions: Network Scanning and Enumeration Techniques
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Part 3 - CEH v12 Practice Questions: Network Scanning and Enumeration Techniques
Part 3: Network Scanning and Enumeration Techniques (15 Questions)
1. What defines network scanning?
• A) Finding web app vulnerabilities
• B) Mapping a network for active hosts and services
• C) Capturing network packets for analysis
• D) Exploiting open ports on a target
Answer: B) Mapping a network for active hosts and services
Explanation: Network scanning identifies live hosts, services, and vulnerabilities. Tools like Nmap are used.
2. Which tool is best for port scanning?
• A) Wireshark
• B) Nmap
• C) Metasploit
• D) Nessus
Answer: B) Nmap
Explanation: Nmap scans IPs, detects open ports, and identifies services.
3. Which Nmap command performs a SYN scan on 192.168.1.0/24?
• A) nmap -sT 192.168.1.0/24
• B) nmap -sP 192.168.1.0/24
• C) nmap -sV 192.168.1.0/24
• D) nmap -sS 192.168.1.0/24
Answer: D) nmap -sS 192.168.1.0/24
Explanation: The -sS flag performs a SYN scan to detect open ports without a full connection.
4. Which scan type bypasses firewalls and IDS?
• A) TCP Connect Scan
• B) UDP Scan
• C) SYN Scan
• D) ACK Scan
Answer: C) SYN Scan
Explanation: A SYN scan sends a SYN packet but doesn’t complete the handshake, making it stealthier.
5. Which Nmap flag identifies a target’s OS?
• A) -O
• B) -sV
• C) -Pn
• D) -A
Answer: A) -O
Explanation: The -O flag enables OS detection by analyzing packet responses.
6. Which protocol is scanned during UDP scans?
• A) ICMP
• B) HTTP
• C) DNS
• D) SMB
Answer: C) DNS
Explanation: DNS uses UDP for queries, making it a key target in UDP scans.
7. Which Nmap command scans all open ports on a target IP using the default 1000 port range?
• A) nmap -p- [IP]
• B) nmap -p 1-65535 [IP]
• C) nmap -sU [IP]
• D) nmap -T4 [IP]
Answer: A) nmap -p- [IP]
Explanation: The -p- flag scans all 65,535 ports for comprehensive coverage.
8. What scan type sends FIN packets to closed ports?
• A) Xmas Scan
• B) FIN Scan
• C) NULL Scan
• D) ACK Scan
Answer: B) FIN Scan
Explanation: A FIN scan sends a TCP packet with only the FIN flag set. Closed ports typically respond with a RST packet.
9. Which enumeration technique queries a DNS server for subdomains and records?
• A) Zone transfer
• B) Footprinting
• C) DNS poisoning
• D) ARP spoofing
Answer: A) Zone transfer
Explanation: A DNS zone transfer retrieves records like A, MX, and CNAME, revealing insights about the network structure.
10. Which tool enumerates NetBIOS shares and services?
• A) Netcat
• B) Responder
• C) Nbtscan
• D) SQLmap
Answer: C) Nbtscan
Explanation: Nbtscan scans and enumerates NetBIOS services, revealing active systems and shared resources.
11. Which protocol is exploited during SMB enumeration?
• A) ICMP
• B) HTTP
• C) FTP
• D) SMBv1
Answer: D) SMBv1
Explanation: SMBv1 is vulnerable to attacks like EternalBlue, making it a common enumeration target.
12. Which Nmap command enables verbose output?
• A) nmap -v
• B) nmap -A
• C) nmap -sP
• D) nmap -vv
Answer: D) nmap -vv
Explanation: The -vv flag increases verbosity, providing real-time updates and detailed insights during scanning.
13. Which tool is best for brute-force enumeration of usernames?
• A) Hydra
• B) John the Ripper
• C) sqlmap
• D) Hashcat
Answer: A) Hydra
Explanation: Hydra is a login cracker used to brute-force services like SSH, FTP, and SMB to enumerate valid usernames.
⸻
14. Which tool is designed for SNMP enumeration?
• A) SNMPwalk
• B) Aircrack-ng
• C) John the Ripper
• D) Ettercap
Answer: A) SNMPwalk
Explanation: SNMPwalk enumerates SNMP data from network devices.
15. Which Nmap scan bypasses firewall rules blocking SYN packets?
• A) NULL Scan
• B) Xmas Scan
• C) FIN Scan
• D) ACK Scan
Answer: D) ACK Scan
Explanation: An ACK scan identifies firewall rules by sending TCP packets with the ACK flag set, determining filtered ports.
View all episodes
By Edward HenriquezPart 3: Network Scanning and Enumeration Techniques (15 Questions)
1. What defines network scanning?
• A) Finding web app vulnerabilities
• B) Mapping a network for active hosts and services
• C) Capturing network packets for analysis
• D) Exploiting open ports on a target
Answer: B) Mapping a network for active hosts and services
Explanation: Network scanning identifies live hosts, services, and vulnerabilities. Tools like Nmap are used.
2. Which tool is best for port scanning?
• A) Wireshark
• B) Nmap
• C) Metasploit
• D) Nessus
Answer: B) Nmap
Explanation: Nmap scans IPs, detects open ports, and identifies services.
3. Which Nmap command performs a SYN scan on 192.168.1.0/24?
• A) nmap -sT 192.168.1.0/24
• B) nmap -sP 192.168.1.0/24
• C) nmap -sV 192.168.1.0/24
• D) nmap -sS 192.168.1.0/24
Answer: D) nmap -sS 192.168.1.0/24
Explanation: The -sS flag performs a SYN scan to detect open ports without a full connection.
4. Which scan type bypasses firewalls and IDS?
• A) TCP Connect Scan
• B) UDP Scan
• C) SYN Scan
• D) ACK Scan
Answer: C) SYN Scan
Explanation: A SYN scan sends a SYN packet but doesn’t complete the handshake, making it stealthier.
5. Which Nmap flag identifies a target’s OS?
• A) -O
• B) -sV
• C) -Pn
• D) -A
Answer: A) -O
Explanation: The -O flag enables OS detection by analyzing packet responses.
6. Which protocol is scanned during UDP scans?
• A) ICMP
• B) HTTP
• C) DNS
• D) SMB
Answer: C) DNS
Explanation: DNS uses UDP for queries, making it a key target in UDP scans.
7. Which Nmap command scans all open ports on a target IP using the default 1000 port range?
• A) nmap -p- [IP]
• B) nmap -p 1-65535 [IP]
• C) nmap -sU [IP]
• D) nmap -T4 [IP]
Answer: A) nmap -p- [IP]
Explanation: The -p- flag scans all 65,535 ports for comprehensive coverage.
8. What scan type sends FIN packets to closed ports?
• A) Xmas Scan
• B) FIN Scan
• C) NULL Scan
• D) ACK Scan
Answer: B) FIN Scan
Explanation: A FIN scan sends a TCP packet with only the FIN flag set. Closed ports typically respond with a RST packet.
9. Which enumeration technique queries a DNS server for subdomains and records?
• A) Zone transfer
• B) Footprinting
• C) DNS poisoning
• D) ARP spoofing
Answer: A) Zone transfer
Explanation: A DNS zone transfer retrieves records like A, MX, and CNAME, revealing insights about the network structure.
10. Which tool enumerates NetBIOS shares and services?
• A) Netcat
• B) Responder
• C) Nbtscan
• D) SQLmap
Answer: C) Nbtscan
Explanation: Nbtscan scans and enumerates NetBIOS services, revealing active systems and shared resources.
11. Which protocol is exploited during SMB enumeration?
• A) ICMP
• B) HTTP
• C) FTP
• D) SMBv1
Answer: D) SMBv1
Explanation: SMBv1 is vulnerable to attacks like EternalBlue, making it a common enumeration target.
12. Which Nmap command enables verbose output?
• A) nmap -v
• B) nmap -A
• C) nmap -sP
• D) nmap -vv
Answer: D) nmap -vv
Explanation: The -vv flag increases verbosity, providing real-time updates and detailed insights during scanning.
13. Which tool is best for brute-force enumeration of usernames?
• A) Hydra
• B) John the Ripper
• C) sqlmap
• D) Hashcat
Answer: A) Hydra
Explanation: Hydra is a login cracker used to brute-force services like SSH, FTP, and SMB to enumerate valid usernames.
⸻
14. Which tool is designed for SNMP enumeration?
• A) SNMPwalk
• B) Aircrack-ng
• C) John the Ripper
• D) Ettercap
Answer: A) SNMPwalk
Explanation: SNMPwalk enumerates SNMP data from network devices.
15. Which Nmap scan bypasses firewall rules blocking SYN packets?
• A) NULL Scan
• B) Xmas Scan
• C) FIN Scan
• D) ACK Scan
Answer: D) ACK Scan
Explanation: An ACK scan identifies firewall rules by sending TCP packets with the ACK flag set, determining filtered ports.