4_1_2 Section 4 – Operations and Incident Response - 4.1 – Security Tools - Reconnaissance Tools – Part 2

Questions and Answers

What is the primary function of the curl tool?

• To perform FTP functions only
• To retrieve emails from a website
• To display graphical views of web pages
• To grab raw data from websites and display it in a terminal screen (correct)

What is the meaning of the 'curl' acronym?

• Cross-platform URL Reader
• Common Utility for Resource Linking
• Command URL Locator
• Client URL or Uniform Resource Locator (correct)

What is the advantage of using curl to view a website?

• It allows users to search through the website's source code (correct)
• It is only available on Linux or Mac OS systems
• It only works with secure websites using HTTPS
• It provides a more graphical view of the website

What is the result of running the curl command on www.professormesser.com?

It shows a 301 moved permanently message and redirects to a secure website (B)

What is an advantage of using a pre-configured Linux version like callie?

It has a number of pre-configured reconnaissance tools ready to run (B)

What is the primary difference between viewing a website in a browser and using curl?

The graphical view versus raw HTML data (B)

What is the primary function of the Nmap scripting engine?

To run vulnerability scans and other tests on a device (A)

What is the term used to describe the information gathered from public websites?

OSINT (Open Source Intelligence) (B)

What is the primary function of the Harvester tool?

To gather open source intelligence from public websites (B)

What is the purpose of running a Nmap scan with the verbose option?

To gather more information about the scan process (D)

What is the role of the Sniper tool in reconnaissance?

To combine the results of multiple reconnaissance tools (A)

What type of scans can be run using the Nmap tool?

Vulnerability scans and service scans (D)

What is the benefit of using the Harvester tool?

It reduces the time and effort required to gather information (C)

What is the purpose of the Sniper tool's stealth mode?

To avoid detection by the target device (A)

What type of information can be gathered using the Harvester tool?

A variety of information from public websites and sources (D)

What is the risk of using reconnaissance tools like Sniper?

They may cause denial of service situations (B)

What is the purpose of the curl command?

To view the source code of a website as HTML (C)

What is the primary difference between the ping command and the hping command?

The hping command can modify almost everything about the packet (A)

What is the potential risk of using IP scanning tools?

Denial of service to other devices on the network (B)

What is the purpose of the sudo command in the hping command?

To run the command with elevated rights and permissions (B)

What is the function of the Nmap tool?

To identify open ports on a device and the operating system (B)

What is the result of running the hping command with the scan option and specifying ports 80 through 443?

Ports 80 and 443 are open on the device (B)

What is the advantage of using hping over the ping command?

Hping can modify almost everything about the packet (A)

What is the purpose of the ARP technique in IP scanning?

To find devices on a local subnet (A)

What is the difference between hping and Nmap?

Hping is used for port scanning, while Nmap is used for identifying open ports and operating systems (A)

What is the purpose of the ICMP timestamp request technique in IP scanning?

To identify devices on a network (B)

What is a potential issue when performing a port scan?

The device performing the scan may be easily identified as the source. (D)

What is the purpose of the scanless utility?

To perform a port scan through a proxy. (B)

What is the dnsenum command used for?

To enumerate DNS information from a DNS server. (B)

What is the purpose of the sniper query?

To gather information about a target domain using multiple tools. (A)

What is the spider IP service used for?

To provide a proxy for port scanning. (C)

What is the result of running a sniper query on example.com?

A set of information gathered from multiple tools and sources. (B)

What is the purpose of the Nmap tool?

To perform a port scan on a target host. (B)

What is the advantage of using a proxy service like scanless?

It hides the source of the scan. (A)

What is the result of running a dnsenum query on example.com?

A set of DNS information gathered from the DNS server and other sources. (A)

What is the purpose of the brute force feature in dnsenum?

To identify subdomains and hosts on a target domain. (C)

What is the purpose of the Nessus scanner?

To scan a remote IP address for vulnerabilities (B)

What was the result of running the Nessus scanner against a single IP address?

It found 71 informational vulnerabilities and some high and critical vulnerabilities (A)

What is the purpose of the Cuckoo sandbox?

To run programs in a virtualized environment to identify malware (D)

Why is it not recommended to run an executable on a production machine to test it?

It may contain malware or be malicious (D)

What is the benefit of using Nessus to scan many different IP addresses or ranges of IP addresses?

It can create a database of vulnerabilities to identify safer systems (A)

What was the critical vulnerability identified by Nessus regarding the Unix operating system?

Unsupported version detection (D)

What type of analysis can Cuckoo perform on an executable?

API calls and memory analysis (C)

What is the advantage of using Cuckoo to evaluate executables?

It can run executables safely without risking the production environment (C)

What is the benefit of Nessus's extensive reporting and information?

It helps identify vulnerabilities and provides solutions to resolve them (B)

What is the limitation of the Unix operating system vulnerability identified by Nessus?

It is no longer supported by the vendor (C)