


















































































Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
This exam is for professionals who develop or work with open-source software focused on network security. It covers topics such as open-source tools, network security protocols, security software development, and patch management. Candidates will demonstrate the ability to create and maintain secure network environments using open-source solutions.
Typology: Exams
1 / 90
This page cannot be seen from the preview
Don't miss anything!



















































































Question 1. Which Python library is most commonly used for establishing SSH connections in security automation scripts? A) urllib B) paramiko C) socket D) subprocess Answer: B Explanation: Paramiko provides a pure‑Python implementation of the SSHv2 protocol, allowing scripts to open SSH sessions, execute commands, and transfer files securely. Question 2. In C, which function is most often associated with a buffer overflow vulnerability when handling user‑supplied input? A) strcpy B) fopen C) malloc D) printf Answer: A Explanation: strcpy copies a source string into a destination buffer without checking length, making it a classic source of buffer overflows. Question 3. Which Bash command combination would you use to extract all lines containing the word “error” from a log file and display only the first field of each matching line? A) grep error logfile | cut - d' ' - f B) awk '/error/ {print $1}' logfile C) sed - n '/error/p' logfile | awk '{print $1}' D) all of the above
Answer: D Explanation: All three pipelines achieve the same result: filtering lines with “error” and printing the first whitespace‑delimited field. Question 4. In the TCP three‑way handshake, which flag is set in the second packet sent from the server to the client? A) SYN B) ACK C) SYN‑ACK D) FIN Answer: C Explanation: The server replies with a packet that has both SYN and ACK flags set, indicating acknowledgment of the client’s SYN and its own SYN. Question 5. Which layer of the OSI model does the ARP protocol operate in? A) Layer 2 – Data Link B) Layer 3 – Network C) Layer 4 – Transport D) Layer 7 – Application Answer: A Explanation: ARP resolves IP addresses to MAC addresses and therefore functions at the Data Link layer. Question 6. Which HTTP header is primarily used to enforce transport‑level security by directing browsers to use HTTPS? A) Content‑Security‑Policy
Question 9. In Nessus NASL, which global variable holds the target’s IP address? A) HOSTNAME B) HOST_IP C) TARGETIP D) IPADDRESS Answer: B Explanation: HOST_IP is the predefined NASL variable that contains the IPv4 address of the scanned host. Question 10. Which NASL function would you use to perform a safe banner grab over TCP without risking a crash on the target? A) safe_tcp_connect() B) banner_service() C) get_service_banner() D) tcp_connect() Answer: A Explanation: safe_tcp_connect() attempts a TCP connection and returns gracefully on failure, avoiding destructive behavior. Question 11. When customizing Nikto, which file typically contains the list of known vulnerable server signatures? A) nikto.conf B) plugins.conf C) nikto.vuln D) server_strings.txt
Answer: D Explanation: server_strings.txt stores patterns of server banners that Nikto matches against to identify outdated software. Question 12. Which option enables Nikto to perform a brute‑force login test against an HTTP basic authentication protected page? A) - h B) - Tuning b C) - C all D) - auth Answer: D Explanation: The -auth switch supplies credentials for authentication testing, allowing brute‑force attempts. Question 13. In libpcap, which function is used to compile a BPF filter string into a program that can be applied to a capture handle? A) pcap_open_live() B) pcap_compile() C) pcap_setfilter() D) pcap_loop() Answer: B Explanation: pcap_compile() translates a human‑readable filter expression into a compiled BPF program. Question 14. Which capture filter would you use to capture only TCP traffic destined for port 443? A) tcp port 443
Question 17. When writing an Ettercap plugin, which hook would you use to modify outgoing HTTP requests? A) hook_packet() B) hook_post() C) hook_http() D) hook_send() Answer: D Explanation: hook_send() is invoked before a packet is transmitted, allowing modification of outbound data such as HTTP requests. Question 18. In the NSE (Nmap Scripting Engine), which Lua library provides functions for handling HTTP requests? A) stdnse B) http C) shortport D) nmap Answer: B Explanation: The http library contains helper functions like http.get and http.post for interacting with web services. Question 19. Which NSE category would you assign to a script that enumerates SMB shares on a target? A) discovery B) exploit C) auth D) brute
Answer: A Explanation: Enumerating resources falls under the “discovery” category, not exploitation or authentication. Question 20. In Hydra, what does the “-t” option control? A) Number of parallel threads B) Timeout for each connection attempt C) Type of protocol to attack D) Output format Answer: A Explanation: -t sets the maximum number of concurrent login attempts, influencing speed and resource usage. Question 21. Which Metasploit module type is primarily used for passive information gathering without exploiting a vulnerability? A) exploit B) auxiliary C) payload D) post Answer: B Explanation: Auxiliary modules perform tasks such as scanning, sniffing, or service enumeration without delivering a payload. Question 22. In Metasploit, which command displays the options that a loaded module accepts? A) show options
Question 25. Which libnet function is used to initialize the library before constructing packets? A) libnet_init() B) libnet_start() C) libnet_create() D) libnet_open() Answer: A Explanation: libnet_init() sets up internal structures and returns a handle used for subsequent packet building. Question 26. When crafting a TCP SYN packet with libnet, which flag must be set in the TCP header? A) FIN B) RST C) SYN D) ACK Answer: C Explanation: A SYN packet initiates a TCP connection and therefore has only the SYN flag set. Question 27. Which checksum calculation is automatically performed by libnet when building an IP packet if the checksum field is set to 0? A) TCP checksum B) UDP checksum C) IP header checksum D) No checksum is calculated automatically
Answer: C Explanation: Setting the IP checksum field to 0 tells libnet to compute and fill in the correct IP header checksum. Question 28. In a combined libpcap/libnet tool, what is the typical sequence of operations to respond to a captured ICMP echo request? A) Capture → parse → build ICMP echo reply → send B) Build reply → capture → send → parse C) Capture → send → parse → build reply D) None of the above Answer: A Explanation: The tool must first capture the request, extract necessary fields, craft a matching reply, and then inject it. Question 29. Which HTTP method is most appropriate for testing a path‑traversal vulnerability? A) GET B) POST C) HEAD D) TRACE Answer: A Explanation: Path traversal is typically exploited by manipulating the URL path in a GET request to access files outside the web root. Question 30. When automating login to a web application in Python, which library provides a session object that automatically handles cookies? A) urllib
Question 33. Which Linux kernel mechanism allows a module to replace an existing system call with a custom implementation? A) /proc/sys B) sys_call_table C) init_module() D) kprobes Answer: B Explanation: The sys_call_table holds pointers to system call functions; a kernel module can overwrite an entry to hook a call. Question 34. What is the primary risk of loading an unsigned LKM (Linux Kernel Module) on a production system? A) Decreased network throughput B) Potential kernel panic or rootkit behavior C) Automatic updates being disabled D) None; unsigned modules are safe Answer: B Explanation: Unsigned modules are not verified, so they may contain malicious code that can crash the kernel or provide privileged access. Question 35. Which system call is commonly intercepted by rootkits to hide files from ls? A) open() B) getdents() C) read() D) fork()
Answer: B Explanation: getdents() retrieves directory entries; modifying its return data allows a rootkit to omit specific filenames. Question 36. In Bash, which construct is used to safely iterate over files that may contain spaces in their names? A) for f in *; do …; done B) while read line; do …; done < <(ls) C) while IFS= read - r - d '' file; do …; done < <(find. - type f - print0) D) for f in "$(ls)"; do …; done Answer: C Explanation: Using find … - print0 with read - d '' correctly handles filenames containing whitespace or newlines. Question 37. Which TCP flag combination indicates a graceful connection termination initiated by the client? A) SYN‑FIN B) FIN‑ACK C) RST‑ACK D) PSH‑ACK Answer: B Explanation: The client sends a FIN, and the server replies with an ACK; later the server also sends its FIN‑ACK. Question 38. Which IPv6 extension header is used to carry routing information for source‑routing? A) Hop‑by‑Hop Options
Question 41. Which command-line option for nmap enables the execution of NSE scripts from the “vuln” category? A) – script=vuln B) – script=vuln* C) – script=vuln.nse D) – script=vuln/ Answer: A Explanation: --script=vuln runs all scripts whose category is “vuln”. Question 42. Which Lua function in an NSE script returns the target’s open ports as a table? A) host.services() B) portlist() C) nmap.get_ports() D) shortport.port() Answer: A Explanation: host.services() provides a table of discovered services (ports) for the scanned host. Question 43. In Hydra, what does the “-L” option specify? A) List of usernames B) List of passwords C) Log file location D) Number of login attempts Answer: A Explanation: -L points to a file containing usernames, while -P is used for password lists.
Question 44. Which Metasploit payload type is designed to provide a command shell over a TCP connection? A) windows/meterpreter/reverse_tcp B) linux/x86/meterpreter_bind_tcp C) cmd/unix/reverse_perl D) generic/shell_reverse_tcp Answer: D Explanation: generic/shell_reverse_tcp creates a basic command shell that connects back to the attacker. Question 45. Which of the following is a characteristic of a “dangerous” Nessus plugin? A) It performs only banner grabbing B) It may cause service disruption or data loss C) It runs in read‑only mode D) It is executed only on non‑production hosts Answer: B Explanation: Dangerous plugins perform actions that could affect the target’s stability, such as exploit attempts. Question 46. In libnet, which function creates a raw IPv4 packet with a custom payload? A) libnet_build_ipv4() B) libnet_build_tcp() C) libnet_build_ipv4_raw() D) libnet_build_packet() Answer: A
C) Test = "GET /path HTTP/1.0" D) add_test("GET", "/path", "200") Answer: D Explanation: add_test registers a request method, target URI, and expected response code for the plugin. Question 50. In a Python script that uses Scapy for packet crafting, which layer must be added first to build an Ethernet frame? A) IP() B) TCP() C) Ether() D) Raw() Answer: C Explanation: Ether() creates the link‑layer header; subsequent layers (IP, TCP, etc.) are stacked on top. Question 51. Which of the following is a common technique to evade IDS detection when using libnet to send forged packets? A) Using a fixed source IP address B) Fragmenting the packet into multiple IP fragments C) Sending packets at maximum bandwidth D) Using only TCP SYN packets Answer: B Explanation: Fragmentation can bypass signature‑based IDS that only inspect complete reassembled packets.
Question 52. Which Linux command can be used to list currently loaded kernel modules? A) lsmod B) modprobe – l C) insmod – list D) cat /proc/modules Answer: A (and D also works, but primary answer is A) Explanation: lsmod reads /proc/modules and displays a formatted list of active modules. Question 53. In a Bash script, which option of read ensures that backslashes are not interpreted as escape characters? A) - r B) - e C) - n D) - s Answer: A Explanation: read - r reads raw input, preserving backslashes. Question 54. Which HTTP header can be used by a server to mitigate reflected XSS attacks? A) X‑Content‑Type‑Options B) X‑XSS‑Protection C) X‑Frame‑Options D) Content‑Security‑Policy Answer: B Explanation: X-XSS-Protection enables the browser’s built‑in reflected XSS filter.