NPTEL Ethical Hacking Assignment 5 Answers (Week 5)
Q1.Consider the following statements:
(i) The purpose of vulnerability scanning is to identify weakness of system/network in order to determine how a system can be exploited.
(ii) NMAP script can be useful for automated scanning. However, scripts can have specific requirement.
Answer: C. Both (i) and (ii) are true.
Q2. Which of the following NMAP option runs some of the nmap scripts?
Answer: b. -sc
1000+ students getting help from instant notifications, Join us on telegram.
Q3. Which of the following NMAP scripts is used to preform DoS attack?
Answer: d. http-slowloris-check
Q4. Which of the following tools/software cannot be used for scanning vulnerabilities?
Answer: a. Hypervisor
Q5. Which of the following tool/approach can be used for proxy preparation?
Answer: a. Web based proxy/Proxychains tools
Q6. Which of the following is not a password cracking approach?
Answer: f. None of these.
Q7. Which of the following tools can be used to create a dictionary for dictionary based password attack?
Answer: b. Crunch
Q8. Which of the following statement(s) is/are true for user enumeration?
Answer: a. Enumeration refers to collecting details of users and their privileges.
b. User enumeration refers to collecting username and passwords.
Q9. Which of the following can be used for gaining same level privileges than existing one?
Answer: b. Horizontal privilege escalation.
Q10. Which of the following approaches can be helpful to avoid privilege escalation attack?
Answer: a. Run user level application on least privileges.
b. Keep the software updated.
c. Regularly perform vulnerability scan.
d. Institute a strong password policy.
e. Avoid downloading files from untrusted/malicious websites.
f. Ignore unknown mails.
Q11. Which of the following statement(s) is/are false?
Answer: d. Malwares can alter, corrupt, modify or delete some data/files.
Q12. Which of the following can be used as a countermeasure against malwares?
Answer: f. All of these
Q13. Which of the following statement(s) is/are false for sniffing?
Answer: b. The HTTPS packets are vulnerable to sniffing attack.
c. In passive sniffing ARP packets are used to flood the switch’s CAM table.
Q14. Which of the following commands is used to delete an ARP entry in a system?
Answer: e. None of these
Q15. Which of the following statement(s) is/are true?
Answer: a. ARP spoofing involve construction of large number of forged ARP request/reply packets.
b. Using fake ARP messages, an attacker can divert all communications between two machines so that all traffic is exchanged via his/her PC.
c. In MAC attack, CAM table are flooded with fake MAC address and IP pairs.
e. MAC attack can fill the CAM table of adjacent switches.
Disclaimer: These answers are provided only for the purpose to help students to take references. This website does not claim any surety of 100% correct answers. So, this website urges you to complete your assignment yourself.