Assignment: Scanning and Enumeration | Ethical Hacking using Kali Linux (in English) - Software Development PDF Download

Multiple Choice Questions (MCQs)

Q1: Which tool is commonly used for network scanning?
(a) john
(b) nmap
(c) wireshark
(d) metasploit
Ans: (b) nmap

Q2: What does the -sS flag in nmap indicate?
(a) UDP scan
(b) Full TCP connect scan
(c) Stealth SYN scan
(d) OS fingerprinting
Ans: (c) Stealth SYN scan

Q3: Which command would you use to enumerate shared resources on a Windows machine?
(a) net use
(b) enum4linux
(c) nbtscan
(d) smbclient -L
Ans: (d) smbclient -L

Q4: Which protocol is typically used for banner grabbing?
(a) ICMP
(b) HTTP
(c) FTP
(d) TCP
Ans: (d) TCP

Q5: What is the purpose of the snmpwalk command?
(a) Scan for open ports
(b) Enumerate SNMP-enabled devices
(c) Extract metadata from images
(d) Conduct password cracking
Ans: (b) Enumerate SNMP-enabled devices

Q6: What does an open port indicate?
(a) The service is offline
(b) The firewall is blocking the connection
(c) The service is listening and accessible
(d) The server is in stealth mode
Ans: (c) The service is listening and accessible

Q7: Which command helps in detecting live hosts on a network?
(a) ping -s
(b) arp -a
(c) nmap -sn
(d) netstat -r
Ans: (c) nmap -sn

Q8: What is the function of the rpcinfo command?
(a) Check running RPC services
(b) Identify open SMB shares
(c) Extract email addresses
(d) Perform SQL injection
Ans: (a) Check running RPC services

Q9: Which of the following tools is used for DNS enumeration?
(a) dnsenum
(b) john
(c) tcpdump
(d) dirb
Ans: (a) dnsenum

Q10: What is the purpose of nbtscan?
(a) Scan NetBIOS names on a network
(b) Capture network traffic
(c) Enumerate email addresses
(d) Brute-force SSH logins
Ans: (a) Scan NetBIOS names on a network

Clear all your Software Development doubts with EduRev Join for Free

Join for Free

Fill in the Blanks

Q1: The ________ tool is used to scan open ports and services on a target system.
Ans: nmap

Q2: The ________ command can list shared resources on an SMB-enabled system.
Ans: smbclient -L

Q3: ________ is used to enumerate DNS records of a target domain.
Ans: dnsenum

Q4: ________ is a command-line tool for detecting live hosts in a network without scanning ports.
Ans: nmap -sn

Q5: ________ is used to query information about remote procedure call (RPC) services.
Ans: rpcinfo

True/False

1. nmap can be used for OS fingerprinting.
Ans: True

2. snmpwalk is used to brute-force login credentials.
Ans: False

3. rpcinfo provides information about running RPC services on a system.
Ans: True

4. DNS enumeration is only useful for ethical hackers and has no real-world applications.
Ans: False

5. nbtscan is used to scan NetBIOS names on a network.
Ans: True

Download the notes Assignment: Scanning and Enumeration

Download as PDF

Download as PDF

HOTS (Higher Order Thinking Skills) Questions

Q1: You are hired to perform a network security assessment. The client wants to know which ports are open and what services are running. What tool and command would you use?
Ans: Use nmap -sV target.com to detect open ports and running services.

Q2: A company suspects that an attacker is gathering information about their internal network. How can you check if SNMP enumeration is being exploited?
Ans: Monitor SNMP queries using snmpwalk -v2c -c public target-ip and check logs.

Q3: You need to identify all shared network resources on a target Windows system. What command would you use, and what risks could be involved?
Ans: Use smbclient -L //target-ip. Risks include exposure of sensitive files if misconfigured.

Q4: While scanning a network, you discover an open TCP port 445. What does this indicate, and how would you further investigate?
Ans: Port 445 indicates an SMB service. Use smbclient, enum4linux, or nmap --script smb-enum-shares to gather more information.

Q5: Your team needs to find all subdomains of a company to check for security risks. What tool would you recommend, and why?
Ans: Use dnsenum or sublist3r to enumerate subdomains and identify potential security weaknesses.

Take a Practice Test Test yourself on topics from Software Development exam

Practice Now

Practice Now

Hands-on Coding Questions

Q1: Write a Python script that scans a target IP for open ports in a given range.
Ans:
import socket
target = "192.168.1.1"
ports = [21, 22, 80, 443, 445, 3389]
for port in ports:
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    sock.settimeout(1)
    result = sock.connect_ex((target, port))
    if result == 0:
        print(f"Port {port} is open")
    sock.close()

Q2: Create a Bash script that checks for live hosts in a subnet using ping.
Ans:
 #!/bin/bash
subnet="192.168.1"
for i in {1..254}; do
    ping -c 1 -W 1 $subnet.$i &> /dev/null && echo "Host $subnet.$i is up"
done