Module 2 Scanning Networks

Question 1

What is network scanning?

Answer 1

The process of discovering live hosts, open ports, services, and vulnerabilities on a network.

Question 2

What is the main goal of network scanning in CEH?

Answer 2

To gather detailed information about target systems for attack planning or security assessment.

Question 3

Which phase of ethical hacking does network scanning belong to?

Answer 3

Scanning and Enumeration phase.

Question 4

What is host discovery?

Answer 4

The process of identifying live hosts on a network.

Question 5

What is port scanning?

Answer 5

The technique used to identify open, closed, or filtered ports on a target system.

Question 6

What is service version detection?

Answer 6

Identifying the application and version running on an open port.

Question 7

What is OS fingerprinting?

Answer 7

The technique used to determine the operating system of a target host.

Question 8

What is vulnerability scanning?

Answer 8

The process of identifying known weaknesses in systems or networks.

Question 9

What is TCP connect scan?

Answer 9

A full TCP handshake scan that completes the connection to the target port.

Question 10

What is SYN scan?

Answer 10

A half-open scan that sends SYN packets without completing the TCP handshake.

Question 11

Why is SYN scan stealthier than TCP connect scan?

Answer 11

Because it does not complete the full TCP handshake.

Question 12

What is UDP scanning?

Answer 12

The process of identifying open UDP ports on a target system.

Question 13

Why is UDP scanning slower than TCP scanning?

Answer 13

Because UDP does not provide responses for closed ports.

Question 14

What is FIN scan?

Answer 14

A stealth scan that sends FIN packets to evade firewalls and logging.

Question 15

What is NULL scan?

Answer 15

A scan that sends packets with no flags set.

Question 16

What is Xmas scan?

Answer 16

A scan that sends packets with FIN, PSH, and URG flags set.

Question 17

Which RFC defines TCP/IP behavior used in stealth scans?

Answer 17

RFC 793.

Question 18

What does an open port indicate?

Answer 18

A service is actively listening on the port.

Question 19

What does a filtered port indicate?

Answer 19

A firewall or security device is blocking the port.

Question 20

What tool is most commonly used for network scanning in CEH?

Answer 20

Nmap.

Question 21

What does Nmap stand for?

Answer 21

Network Mapper.

Question 22

Which Nmap option is used for SYN scan?

Answer 22

-sS

Question 23

Which Nmap option is used for OS detection?

Answer 23

-O

Question 24

Which Nmap option enables service version detection?

Answer 24

-sV

Question 25

Which Nmap option scans all 65535 ports?

Answer 25

-p-

Question 26

What Nmap option performs aggressive scanning?

Answer 26

-A

Question 27

What is Nmap scripting engine (NSE)?

Answer 27

A framework that allows execution of scripts for advanced scanning tasks.

Question 28

What is banner grabbing?

Answer 28

The process of retrieving service information from open ports.

Question 29

Which protocol is commonly used for banner grabbing?

Answer 29

TCP.

Question 30

What tool besides Nmap can perform banner grabbing?

Answer 30

Netcat.

Question 31

What is Netcat used for in scanning?

Answer 31

Reading and writing data across network connections.

Question 32

What is Hping?

Answer 32

A packet crafting and analysis tool used for firewall testing and scanning.

Question 33

What is ICMP echo request used for?

Answer 33

Checking whether a host is alive.

Question 34

What is an ICMP sweep?

Answer 34

Scanning multiple hosts to identify live systems.

Question 35

Why might ICMP be blocked?

Answer 35

To prevent network reconnaissance and DoS attacks.

Question 36

What is firewall evasion?

Answer 36

Techniques used to bypass firewalls during scanning.

Question 37

Name one firewall evasion technique.

Answer 37

Fragmentation of packets.

Question 38

What is packet fragmentation?

Answer 38

Splitting packets into smaller pieces to bypass filtering rules.

Question 39

What is decoy scanning?

Answer 39

Using fake source IPs to hide the real scanner.

Question 40

Which Nmap option enables decoy scanning?

Answer 40

-D

Question 41

What is source port manipulation?

Answer 41

Changing the source port to bypass firewall rules.

Question 42

Which Nmap option sets a specific source port?

Answer 42

--source-port

Question 43

What is IDS evasion?

Answer 43

Techniques used to avoid detection by intrusion detection systems.

Question 44

Why is timing important in scanning?

Answer 44

Slow scans reduce the chance of detection.

Question 45

Which Nmap option controls scan timing?

Answer 45

-T

Question 46

What is a vulnerability scanner example used after scanning?

Answer 46

Nessus.

Question 47

What is the risk of aggressive scanning?

Answer 47

It can be detected and disrupt target systems.

Question 48

What is a legal requirement before scanning?

Answer 48

Written authorization from the system owner.

Question 49

Why is network scanning critical for defenders?

Answer 49

It helps identify exposed services and misconfigurations.