4_1_1 Section 4 – Operations and Incident Response - 4.1 – Security Tools - Reconnaissance Tools – Part 1

Questions and Answers

What is the main purpose of the traceroute command?

• To map the entire path between two devices (correct)
• To troubleshoot firewall issues
• To test network connectivity
• To configure router settings

Which command is used in Windows to achieve the same functionality as the traceroute command?

• tracert (correct)
• netstat
• nslookup
• ping

What type of error messages are used by the traceroute command to build the route?

• ICMP Redirect
• ICMP Time to Live Exceeded (correct)
• ICMP Echo Request
• ICMP Destination Unreachable

What is the purpose of the TTL parameter in IP packets?

To prevent loops on the network (D)

Why may there be gaps in the output of the traceroute command?

Due to firewalls or routers filtering out ICMP messages (D)

What is the mechanism by which packets are sent out to the network using the traceroute command?

IP packets with incremental TTL (A)

What protocol does Windows use for the traceroute command?

ICMP (D)

What type of messages are sent back to the original station when the Time To Live is exceeded?

ICMP Time Exceeded (D)

What is the main reason why the traceroute command may not work as well in Windows as in Linux or Mac OS?

ICMP is blocked by firewalls (B)

What is the purpose of the Time To Live (TTL) in a traceroute command?

To prevent packets from circulating indefinitely (B)

What is the default protocol used for the traceroute command in iOS?

UDP (B)

What happens when a packet's TTL reaches 0?

It is dropped by the router (C)

What is the purpose of the traceroute command?

To determine the route to the destination (C)

What is the difference between the ICMP Echo Request and ICMP Echo Reply?

ICMP Echo Request is sent to the destination, while ICMP Echo Reply is sent back (C)

What is the advantage of using different protocols for the traceroute command?

It allows for more flexibility in network diagnostics (C)

What is the outcome when the TTL is finally exceeded at the destination IP address?

An ICMP Echo Reply is sent back (A)

What is the purpose of running a traceroute?

To identify the hop where a network problem is occurring (A)

What does an exclamation mark 'Z' indicate in a traceroute result?

Connection to the IP address is administratively prohibited (C)

What is the purpose of the nslookup command?

To query a DNS server for information about a domain (B)

What is the dig command used for?

To query a DNS server for information about a domain (B)

What is the difference between the nslookup and dig commands?

Nslookup provides less information than dig (D)

What is the purpose of the ipconfig command in Windows?

To determine the IP address of a device (D)

What is the equivalent command to ipconfig in Linux and Mac OS?

ifconfig (C)

Why would you run a traceroute with multiple hops?

To identify the path data takes to reach a destination (B)

What is the purpose of the -n option when using the netstat command?

To display only IP addresses and not resolve names (A)

What is the purpose of running a DNS query using nslookup or dig?

To gather information about a domain (B)

What is the purpose of the ping command?

To check if a device is communicating on the network (D)

Why would you use the /all option with the ipconfig command?

To get more detailed information about the IP configuration (D)

What is the name of the command that combines the functionality of ping and traceroute in Windows?

Pathping (B)

What is the command used to view the ARP cache in Windows?

arp -a (D)

What is the purpose of the netstat command?

To show network statistics and active connections (B)

What is the purpose of the netstat command with the -a option?

To display all active connections and the programs they are associated with (A)

What is the purpose of the route command in Windows?

To view the routing table (D)

What is the IP address of the Google DNS server mentioned in the text?

8.8.8.8 (A)

What is the default route designated by?

0.0.0.0 with a netmask of 0.0.0.0 (D)

What is the name of the creator of the ping command?

Mike Muuss (A)

What does the ping command do when you run it?

Checks if a device is communicating on the network (C)

What is the command used to view the routing table in Linux and Mac OS?

netstat -r (B)

What does the pathping command do?

Runs a traceroute to a destination IP address and measures the round-trip time (D)

What is the purpose of using the netstat command with the -b option?

To associate the Windows binary with the IP address conversation (B)

What is the purpose of the netstat-b command in Windows?

To show all active connections on the device (C)

What is displayed when using the netstat command with the -a and -b options?

All active connections and the programs they are associated with (A)

What is the purpose of using the ARP command with the -a option?

To view the ARP cache (A)

What is the result of the pathping command to the IP address 8.8.8.8?

100% packet loss on a particular hop (A)

What is the purpose of the IPv6 address?

To provide a unique identifier for a device on the network (A)

What is the metric value of the default route in the given example?

25 (C)