NPTEL Online Certification Courses

Indian Institute of Technology Kharagpur

Course Name: ETHICAL HACKING

Assignment- Week 5
TYPE OF QUESTION: MCQ/MSQ/SA
Number of questions: 10 Total mark: 10 x 1 = 10
______________________________________________________________________________

QUESTION 1:
Which of the following Linux distributions are suited for penetration testing?
A. Backtrack
B. Trapdoor
C. Kali
D. All of these
Correct Answer: A, C

Detail Solution: Both Backtrack and Kali are Linux distributions, containing a set of tools using which,
one can test networks, devices and systems for vulnerability. Backtrack is an old distribution, based on
Ubuntu; whereas Kali is an updated version mostly based on Debian.
Trapdoor is not a Linux distribution. The correct options are (A) and (C).
______________________________________________________________________________

QUESTION 2:
Which of the following takes advantage of some security flaw in software to penetrate into a
network or system?
A. Malware
B. Exploits
C. Botnet
D. All of these
Correct Answer: B
Detail Solution: An exploit is a program or piece of code that takes advantage of some security flaw in
an application or system so that hackers can use it for their benefit. Exploits are not malware
themselves, but rather methods for delivering the malware.
Vulnerability scanners such as Nexpose and Nessus can be used for finding such vulnerabilities, and then
they are exploited using such programs and scripts.

______________________________________________________________________________
 NPTEL Online Certification Courses
Indian Institute of Technology Kharagpur

QUESTION 3:
Which of the following provides a comprehensive archive of public exploits associated with specific
vulnerabilities?
A. Google
B. Bing
C. Exploit-db
D. Hacker-site

Correct Answer: C
Detail Solution: The Exploit Database is a not-profit project that is provided as a public service by
Offensive Security. It contains an archive of public exploits and corresponding vulnerable software,
developed for use by penetration testers and vulnerability researchers. The web site is:
https://www.exploit-db.com.
______________________________________________________________________________

QUESTION 4:
Which of the following is/are example(s) of privilege escalation attack?

A. An attacker with a privilege set of “read only” permissions somehow elevates the set to
include “read and “write”.
B. An attacker prevents higher priority processes from running.
C. An attacker prevents access to resources by legitimate clients.
D. None of these.

Correct Answer: A
Detail Solution: Privilege escalation means a user receives privileges they are not entitled to. Option (A)
is such an example.

_____________________________________________________________________________

QUESTION 5:
Which of the following constitute active fingerprinting?
A. Use a sniffer to capture and analyze traffic, but never send any packet to the target.
B. It is the process of transmitting packets to a remote host and analyzing corresponding
response.
C. Identify a device from the packets it is sending
D. None of these

Correct Answer: B
 NPTEL Online Certification Courses
Indian Institute of Technology Kharagpur

Detail Solution: The difference between active fingerprinting and passive fingerprinting is that active
fingerprinting will send queries to the target and analyze the response. Passive fingerprinting only uses a
sniffer to capture and analyze traffic, but never sends traffic to the target. The correct option is (B).
______________________________________________________________________________

QUESTION 6:
Which of the following provide complete set of tools for vulnerability assessment?
A. Nexpose
B. Nessus
C. Pentest
D. All of these

Correct Answer: A, B

Detail Solution: Nexpose is a popular vulnerability assessment tool that aims to support the entire
vulnerability management lifecycle, including discovery, detection, verification, risk classification, impact
analysis, reporting and mitigation.
Nessus is an open-source vulnerability scanner that uses the Common Vulnerabilities and Exposures
architecture for easy cross-linking between compliant security tools. Nessus employs the Nessus Attack
Scripting Language (NASL), a simple language that describes individual threats and potential attacks.
______________________________________________________________________________

QUESTION 7:
Which of the following can be performed using the NMAP tool?

A. Identify open ports on a target system

B. Identify the operating system that is running on a target system
C. Identify the hosts available in a network
D. All of these

Correct Answer: D

Detail Solution: Nmap uses raw IP packets to determine what hosts are available on the network, what
services (application name and version) those hosts are offering, what operating systems (and OS
versions) they are running, what type of packet filters/firewalls are in use, and dozens of other
characteristics.
____________________________________________________________________________

QUESTION 8:
Which of the following can be used to bypass firewalls and router security restrictions?
A. Reverse TCP Connection
B. Bind TCP Connection
 NPTEL Online Certification Courses
Indian Institute of Technology Kharagpur

C. Gaining Elevated Access

D. None of these

Correct Answer: A

Detail Solution: In a normal forward TCP connection, a client connects to a server through the server's
open port, but in the case of a reverse connection, the client opens the port that the server connects to.
The most common way a reverse connection is used is to bypass firewall and router security restrictions.
The correct option is (A).
______________________________________________________________________________

QUESTION 9:
What is the purpose of the MSFcli tool available in Metasploit?
A. It provides a command line interface for Metasploit
B. It is used to create the encrypted backdoor which helps to bypass antivirus software
C. It is used to generate all of the various types of shellcodes available in Metasploit
D. None of these

Correct Answer: A
Detail Solution: It provides a command line interface for Metasploit.
______________________________________________________________________________

QUESTION 10:
An ethical hacker is using the Metasploit tool to exploit an FTP server and pivot to a LAN. Which of the
following is a feasible approach?

A. Issue the pivot exploit and set the meterpreter.

B. Reconfigure the network settings in the meterpreter.
C. Set the payload to propagate through the meterpreter.
D. Create a route statement in the meterpreter.

Correct Answer: D

Detail Solution: Pivoting is the unique technique of using an instance to be able to move around inside a
network. It first compromise to allow and even aid in the compromise of other inaccessible systems. In
this scenario we will be using it for routing traffic from a normally non-routable network.

______________________________________________________________________________

************END*******