Network attack and defense and protocol analysis exercises

1.  ( Single-choice question, 5 points) Which of the following is not a malicious code ( )

• A. virus
• B. Trojan horse
• C. System Vulnerabilities
• D. Worms

Correct answer:  C

2.  ( Single-choice question, 5 points) In the netstat command, which parameter is used to display the network connection status by replacing the name with the network IP address? ( )

• A. -n
• B. -s
• C. -r
• D. -t

Correct answer:  A

3.  ( Multiple choice, 5 points) In order to defend against network monitoring, the most common method is ( )

• A. Using physical transmission (not network)
• B. Information encryption
• C.Wireless network
• D. Use dedicated line transmission

Correct Answer:  B

4.  ( Single-choice question, 5 points) Net user student 1234 /add The meaning of this sentence is ( )

• A. View the detailed information of the user student
• B. View the detailed information of user student password 1234
• C. Add an account with user student and password 1234
• D. None of the above is correct

Correct answer:  C

5.  ( Single-choice question, 5 points) Remote login protocol Telnet, email protocol SMTP, and file transfer protocol FTP depend on the protocol ( )

• A. TCP
• B. UDP
• C. ICMP
• D. IGMP

Correct answer:  A

6.  ( Single choice, 5 points) Suppose you send a specific data packet to a remote host, but you do not want the remote host to respond to your data packet. What type of attack did you use at this time? ( )

• A. Buffer overflow
• B. Address Spoofing
• c. Denial of service
• D. violent attack

Correct Answer:  B

7.  ( Single-choice question, 5 points) The MAC address of a certain machine is e0:d5:5e:ac:eb:71. In wireshark, filter according to the MAC address. What is the representation in the filter? ( )

• A. ip.src==e0:d5:5e:ac:eb:71
• B. ip.addr==e0:d5:5e:ac:eb:71
• C. eth.src==e0:d5:5e:ac:eb:71
• D. ip.dst==e0:d5:5e:ac:eb:71

Correct answer:  C

8.  ( Single-choice question, 5 points) The best rule to follow when creating a password is ( )

• A. Use English words
• B. Choose an easy-to-remember password
• C. Use your own and family names
• D. Try to choose a long password

Correct answer:  D

9.  ( Single-choice question, 5 points) What parameters are not included in the ms08_067_netapi module? ( )

• A. ROAST
• B. RPORT
• C. USERNAME
• D. SMBPIPE

Correct answer:  C

10.  ( Single-choice question, 5 points) Taobao seller recommends a product to the user, and its link is exactly the same as Taobao website, but it is not Taobao website. Is this a means of attack? ( )

• A. Buffer overflow attack
• B. Phishing attack
• C. Secret door attack
• D. DDOS attack

Correct Answer:  B

11.  ( Single-choice question, 5 points) Which of the following is destroyed by this form of denial-of-service attack? ( )

• A. Availability of Network Services
• B. Integrity of Network Information
• C. Confidentiality of network information
• D. Non-repudiation of network information

Correct answer:  A

12.  ( Single-choice question, 5 points) The PING command belongs to the ( ) protocol

• A. TCP
• B. HTTP
• C. ICMP
• D. UDP

Correct answer:  C

13.  ( Single-choice question, 5 points) The network server is flooded with a large number of messages requiring responses, which consumes bandwidth and causes the network or system to stop normal service. This is a vulnerability. ( )

• A. Denial of service
• B. File Sharing
• C. BIND vulnerability
• D. Remote procedure call

Correct answer:  A

14.  ( Single-choice question, 5 points) Which of the following is not the data organization structure of iptables ( )

• A. table
• B.chain _
• c. Rules
• D. format

Correct answer:  D

15.  ( Multiple choice, 5 points) The final operation in the process of hacking is generally ( )

• A. Eliminate traces
• B. Carry out the attack
• c. scan
• D. Collect information about the attacked object

Correct answer:  A

16.  ( Single-choice question, 5 points) In iptables, the statement to add a new rule at the end of the specified chain is ( )

• A. iptables –I
• B. iptables -A
• C. iptables -P
• D. iptables -L

Correct Answer:  B

17.  ( Single-choice question, 5 points) What is the parameter used for UDP scanning in Nmap ? ( )

• A. sT
• B. sU
• C. sP
• Mr. Sa

Correct Answer:  B

18.  ( Single-choice question, 5 points) In iptables, what is the statement to set the default rule chain? ( )

• A. iptables –F
• B. iptables –P
• C. iptables –D
• D. iptables –I

Correct Answer:  B

19.  ( Single-choice question, 5 points) The attack method of guessing the system port by trying all possible character combinations that the system may use is called. ( )

• A. Backdoor attack
• B. Brute force attack
• C. Buffer overflow
• D. Man-in-the-middle attack

Correct Answer:  B

20.  ( Single choice, 5 points) Which module does the Metasploit penetration testing framework not include? ( )

• A. msfconsole
• B. msfupdate
• C. msflogin
• D.msfWeb

Correct answer:  C

21.  ( Single-choice question, 5 points) In the TCP/IP model, what protocol does ARP belong to ( )

• A. Network layer
• B. Transport layer
• C. Data link layer
• D. None of the above

Correct answer:  A

22.  ( Multiple choice, 5 points) What is the port number of ssh ? ( )

• A. 80
• B. 22
• C. 21
• D. 8080

Correct Answer:  B

23.  ( Single-choice question, 5 points) After the server Ubuntu sets up the firewall iptables, Kali scans the server again. What is the port status? ( )

• A. Close
• B. Open
• C. REJECT
• D. Filtered

Correct answer:  D

24.  ( Multiple choice, 5 points) The essence of ARP spoofing is ( )

• A. Provide a virtual MAC and IP address combination
• B. Let other computers know of their existence
• C. Steal data transmitted by users in the network
• D. Disrupt the normal operation of the network

Correct answer:  A

25.  ( Single-choice question, 5 points) In the attack process of the following network attack models, which one does port scanning attack generally belong to? ( )

• A. Information collection
• B. Weakness mining
• C. Attack Implementation
• D. Trace removal

Correct answer:  A

26.  ( Single-choice question, 5 points) Which of the following is not a function of a firewall ( )

• A. Filter packets entering and leaving the network
• B. Protect the security of stored data
• C. Block certain prohibited access behaviors
• D. Log information content and activity through the firewall

Correct Answer:  B

27.  ( Single-choice question, 5 points) The description about the firewall is incorrect. ( )

• A. Use a firewall to filter out unsafe services
• B. The use of a firewall can provide convenience for monitoring Internet security
• C. Use a firewall to restrict access to special sites on the internet
• D. After using the firewall, the internal network host cannot be accessed by the external network

Correct answer:  D

28.  ( Single-choice question, 5 points) Among the three versions of AOPR , which version supports all types of office documents ?

• A.  Home Edition

• B.

standard edition

• C.

Professional Edition

• D.  Enterprise Edition

Correct answer:  C

29.  ( Multiple choice, 5 points) When you find that your computer is being monitored remotely, what should you do first? ( )

• A. Trojan horse detection
• B. cut off the network
• C. Install the patch
• D. Enable the account audit event, then check its source and investigate it

Correct Answer:  B

30.  ( Single choice, 5 points) The principle of port scanning is to send detection packets to the ________ port of the target host and record the response of the target host. ( )

• A. FTP
• B. UDP
• C. TCP/IP
• D. WWW

Correct answer:  C

31.  ( Single-choice question, 5 points) When you feel that your Win2000 is slowing down significantly, when you open the task manager and find that the CPU usage has reached 100%, which one do you most likely think you have suffered? attack. ( )

• A. Trojan horse
• B. Denial of service
• C. cheat
• D. Man-in-the-middle attack

Correct Answer:  B

32.  ( Single-choice question, 5 points) The user receives a short message from Industrial and Commercial Bank of China, saying that your account has been stolen, asking you to log in to http://www.lcbc.com.cn to check, but the real website of Industrial and Commercial Bank of China is For http://www.icbc.com.cn, this attack method is called? ( )

• A. Buffer overflow attack
• B. Phishing attack
• C. Secret door attack
• D. DDOS attack

Correct Answer:  B

33.  ( Single-choice question, 5 points) Which one is correct about the Trojan horse ( )

• A. The propagation of the Trojan horse must be placed manually
• B. Trojan horse is actually a remote control software
• C. Trojan horse is not a virus
• D. The Trojan horse can only work on the windows platform

Correct Answer:  B

34.  ( Single-choice question, 5 points) In the Tcp/IP protocol, which layer is responsible for addressing and routing functions? ( )

• A. Transport layer
• B. Data Link Layer
• C. Application layer
• D. Network layer

Correct answer:  D

35.  ( Single-choice question, 5 points) Which of the following statements about firewall policies is correct ( )

• A. Before creating a firewall policy, there is no need to perform a risk analysis on those applications that are essential to the enterprise
• B. Once the firewall security policy is set, it cannot be changed in any way
• C. The firewall's default policy for handling inbound communications should be to block all packets and connections, except those indicated to allow traffic and connections.
• D. The firewall rule set is independent of the firewall platform architecture

Correct answer:  C

36.  ( Single-choice question, 5 points) Filter the requested data packets in the application layer, the correct way of expression ( )

• A. http.response
• B. http.request
• C. http.request.method==”GET”
• D. tcp.request

Correct Answer:  B

37.  ( Single-choice question, 5 points) Which configuration file is the Linux system user information stored in? ( )

• A. /etc/passwd
• B. /etc/shadow
• C. /etc/group
• D. /etc/gshadow

Correct answer:  A

38.  ( Single-choice question, 5 points) Which of the following options is not a common security detection mechanism for the upload function? ( )

• A. Server-side MIME check verification
• B. Client check mechanism javascript verification
• C. Does the URL contain some special tags <, >, script, alert
• D. Server-side file extension check verification mechanism

Correct answer:  C

39.  ( Multiple choice, 5 points) One of the pair of keys is used for encryption and the other is used for decryption. The transformation performed by the encryption algorithm depends on the . ( )

• A. Plaintext, ciphertext
• B. Public key, private key
• C. Encryption algorithm
• D. Decryption algorithm

Correct Answer:  B

40.  ( Single-choice question, 5 points) To check the metaspliot target operating system type, what command should be used? ( )

• A. show targets
• B. show options
• C. search targets
• D. use options

Correct answer:  A

41.  ( Single-choice question, 5 points) Which of the following descriptions about malicious code prevention is correct ( )

• A. Update the system in time to fix security holes
• B. Set security policies to restrict scripts
• C. Enable the firewall to filter unnecessary services
• D. All of the above are correct

Correct answer:  D

42.  ( Single-choice question, 5 points) When purchasing firewall software, what should not be considered: ( )

• A. A good firewall should be the protector of the whole network
• B. A good firewall should provide the only platform for users
• C. A good firewall must make up for the deficiencies of other operating systems
• D. A good firewall should be able to provide users with perfect after-sales service

Correct Answer:  B

43.  ( Single-choice question, 5 points) In iptables, the statement to view the established rule chain is ( )

• A. iptables –L
• B. iptables –A
• C. iptables –F
• D. iptables –D

Correct answer:  A

44.  ( Single-choice question, 5 points) Generally speaking, Internet firewalls are built on the ( ) of a network

• A. Intersection of internal network and external network
• B. Internal to each subnet
• C. Part of the combination of internal network and external network
• D. The hub for transmitting information between internal subnets

Correct answer:  A

45.  ( Multiple choice, 5 points) Which of the following is not a means of preventing network monitoring. ( )

• A. Network Segmentation
• B. Using a switch
• C. Encryption
• D. Authentication

Correct answer:  A

46.  ​​( Single-choice question, 5 points) Which of the following attack methods does not belong to attack trace removal? ( )

• A. Tampering with audit information in log files
• B. Modify the integrity detection label
• C. Replace the shared library file of the system
• D. Changing the system time causes log file data disorder

Correct answer:  C

47.  ( Single-choice question, 5 points) The description about the firewall is incorrect ( )

• A. Use a firewall to filter out unsafe services
• B. The use of a firewall can provide convenience for monitoring Internet security
• C. Use a firewall to restrict access to special sites on the internet
• D. After using the firewall, the internal network host cannot be accessed by the external network

Correct answer:  D

48.  ( Single-choice question, 5 points) The Linux2.6 kernel stores the encrypted password of the system user in the ( ) file

• A. /etc/passwd
• B. /etc/shadow
• C. /etc/group
• D. /etc/hosts

Correct Answer:  B

49.  ( Single-choice question, 5 points) Which of the following statements about user passwords is wrong ( )

• A. The password cannot be set to empty
• B. The longer the password length, the higher the security
• C. Complex password security is high enough and does not need to be modified regularly
• D. Password authentication is the most common authentication mechanism

Correct answer:  C

50.  ( Single-choice question, 5 points) Nowadays, there is an increasing trend of combining network attacks with viruses and worm programs. The replication and propagation characteristics of viruses and worms make attack programs even more powerful. This reflects which of the following development trends of network attacks ? ( ​​)

• A. The democratization of the cyber-attack crowd
• B. The brutalization of cyberattacks
• C. Intelligentization of cyber attacks
• D. Coordination of Cyber ​​Attacks

Correct answer:  D

51.  ( Single-choice question, 5 points) The purpose of information detection based on whois database is ____. ( )

• A. Detect the open ports and services of the target host
• B. Network topology of detection target
• C. Detect the network registration information of the target host
• D. Detect the security holes of the target network and host

Correct answer:  C

52.  ( Single-choice question, 5 points) Which of the following functions cannot be achieved by the famous Nmap software tool? ( )

• A. Port scanning
• B. Advanced port scanning
• C. Security Vulnerability Scanning
• D. Operating system type detection

Correct answer:  C

53.  ( Single-choice question, 5 points) Nmap universal switch parameter is ( )

• OH
• B. P
• C. sP
• D. A

Correct answer:  D

54.  ( Single choice, 5 points) The ______ protocol can be used to map the physical address of the computer and the temporarily designated network address. ( )

• A. ARP
• B. SNMP
• C. DHCP
• D. FTP

Correct answer:  A

55.  ( Single-choice question, 5 points) What is a program that can reside in the other party's server system. ( )

• A. the back door
• B. Springboard
• C. Terminal Services
• D. Trojan horse

Correct answer:  A

56.  ( Single-choice question, 5 points) Are there any methods for hackers to use IP addresses to attack? ( )

• A. IP spoofing
• BB decryption
• C. Steal password
• D. Send a virus

Correct answer:  A

57.  ( Single-choice question, 5 points) In Ethernet, in what way does the source host send an ARP request packet containing the IP address of the destination host to the network ( )

• A. Unicast
• B. Multicast
• c. broadcasting
• D. Arbitrary

Correct answer:  C

58.  ( Single-choice question, 5 points) is a program that can reside in the other party's server system. ( )

• A. the back door
• B. Springboard
• C. Terminal Services
• D. Trojan horse

Correct answer:  A

59.  ( Single-choice question, 5 points) Which of the following network information cannot be deceived or embezzled when conducting network attack identity concealment? ( )

• A. MAC address
• B.IP address
• C. Mail account
• D. None of the above

Correct answer:  D

60.  ( Single-choice question, 5 points) The MAC address of a certain machine is e0:d5:5e:ac:eb:71. In wireshark, filter according to the MAC address. The expression in the filter is ( )

• A. ip.src==e0:d5:5e:ac:eb:71
• B. ip.addr==e0:d5:5e:ac:eb:71
• C. eth.src==e0:d5:5e:ac:eb:71
• D. ip.dst==e0:d5:5e:ac:eb:71

Correct answer:  C

61.  ( Single-choice question, 5 points) Among the measures to resist email intrusion, which one is incorrect. ( )

• A. Do not use birthday as password
• B. Do not use passwords with less than 5 characters
• C. Don't use pure numbers
• D. Make your own server

Correct answer:  D

62.  ( Single-choice question, 5 points) Which of the following options does not belong to the hazard of XSS cross-site scripting vulnerability ( )

• A. Phishing and deception
• B. SQL Data Leakage
• C. Identity theft
• D. Website hanging horse

Correct Answer:  B

63.  ( Single-choice question, 5 points) Hackers use IP addresses to attack: ( )

• A. IP spoofing
• B. Decryption
• C. Steal password
• D. Send a virus

Correct answer:  A

64.  ( Single-choice question, 5 points) Which of the following is destroyed by this attack form of network monitoring (sniffing)? ( )

• A. Non-repudiation of network information
• B. Confidentiality of network information
• C. Availability of Web Services
• D. Integrity of network information

Correct Answer:  B

65.  ( Single-choice question, 5 points) Which of the following vulnerabilities is the most popular SQL injection attack today? ( )

• A. Domain name service spoofing vulnerability
• B. Programming Vulnerabilities in Mail Servers
• C. Programming Vulnerabilities of WWW Services
• D. Programming vulnerability of FTP service

Correct answer:  C

66.  ( Multiple choice, 5 points) What is the port number of FTP ? ( )

• A. 80
• B. 22
• C. 21
• D. 8080

Correct answer:  C

67.  ( Single-choice question, 5 points) The user receives a short message from ICBC saying that your account has been stolen and asks you to log in to http://www.lcbc.com.cn to check, but the real website of ICBC For http://www.icbc.com.cn, this attack method is called? ( )

• A. Buffer overflow attack
• B. Phishing attack
• C. Secret door attack
• D. DDOS attack

Correct Answer:  B

68.  ( Single-choice question, 5 points) Which of the following technical means does not belong to the operating system type detection based on TCP/IP protocol stack fingerprint technology? ( )

• A. TCP checksum difference
• B. FIN detection
• C. TCP ISN sampling
• D. TCP initialization window value difference

Correct answer:  A

69.  ( Single-choice question, 5 points) Which layer of the ISO model is the packet filtering technology in? ( )

• A. Application layer
• B. Presentation layer
• C. Network layer and transport layer
• D. Session layer

Correct answer:  C

70.  ( Single-choice question, 5 points) Which of the following descriptions of cross-site scripting attacks (XSS) is correct ( )

• A. XSS attack refers to a malicious attacker inserting malicious code into a web page. When the user browses the page, the code embedded in the web will be executed, so as to achieve the special purpose of maliciously attacking the user.
• B. XSS attack is a variant of DDOS attack
• C. XSS attack is CC attack
• D. XSS attack is to use the controlled and continuously send access requests to the attacked website, forcing the number of IIS connections to exceed the limit. When the CPU resources or bandwidth resources are exhausted, the website will be attacked, so as to achieve the purpose of the attack .

Correct answer:  A

71.  ( Single-choice question, 5 points) The administrator sets the system login password to a simple "123456". Which of the following security vulnerabilities does this belong to? ( )

• A. System Vulnerabilities
• B. Application Service Vulnerabilities
• C. Information Leakage Vulnerabilities
• D. Weak Configuration Vulnerabilities

Correct answer:  D

72.  ( Single-choice question, 5 points) What is the parameter used to describe the scanning results in detail in Nmap ?

• A.  vv
• B. O
• C. Sp
• D. P

Correct answer:  A

73.  ( Single-choice question, 5 points) Which of the following network information cannot be deceived or embezzled during network attack identity hiding? ( )

• A. MAC address
• B.IP address
• C. Mail account
• D. None of the above

Correct answer:  A

74.  ( Single-choice question, 5 points) When you receive an email from someone you know and find that there is an unexpected attachment in it, you should ( )

• A. Open the attachment, then save it to the hard disk
• B. Open the attachment, but if it has a virus, close it immediately
• C. Open the attachment after scanning with anti-virus software
• D. Delete the email directly

Correct answer:  C

75.  ( Single-choice question, 5 points) Today, network attacks and viruses and worms tend to be combined more and more. The replication and spread of viruses and worms makes attack programs even more powerful. Which of the following developments of network attacks is reflected? trend.( )

• A. Generalization of cyber attack populations
• B. The brutalization of cyberattacks
• C. Intelligentization of cyber attacks
• D. Mutualization of Cyber ​​Attacks

Correct answer:  C

76.  ( Single-choice question, 5 points) Which of the following network deception techniques is the prerequisite for implementing switched (switch-based network environment) sniffing attacks? ( )

• A. IP spoofing
• B. DNS spoofing
• C. ARP spoofing
• D. Routing spoofing

Correct answer:  C

77.  ( Single-choice question, 5 points) Among the three versions of AOPR , which version supports all types of office documents? ( )

• A. Home Edition
• B. Standard Edition
• C. Professional Edition
• D. Enterprise Edition

Correct answer:  C

78.  ( Single-choice question, 5 points) The hacker intends to obtain the operating system type of the remote host, which tool can be selected ( )?

• A. nmap
• B. whisker
• C. net
• D. nbstat

Correct answer:  A

79.  ( Single-choice question, 5 points) Which of the following does not belong to the Trojan horse function: ( )

• A. Collect passwords or password files
• B. A program that achieves self-replication
• C. Remote file
• D. Collect system key information

Correct Answer:  B

80.  ( Single-choice question, 5 points) In order to avoid the situation of impersonating sending data or not recognizing it after sending, the method that can be adopted is ( )

• A. Digital watermarking
• B. Digital signature
• c. Access control
• D. Email confirmation

Correct Answer:  B

81.  ( Single-choice question, 5 points) Which of the following protocols is not a dedicated security protocol ( )

• A. ICMP
• B. SSL
• C. VPN
• D. HTTPS

Correct answer:  A

82.  ( Single-choice question, 5 points) Which of the following is destroyed by this attack form of session hijacking? ( )

• A. Non-repudiation of network information
• B. Confidentiality of network information
• C. Availability of Web Services
• D. Integrity of network information

Correct answer:  D

83.  ( Single-choice question, 5 points) You are a network administrator of a company, and you often manage your network remotely in different places (such as your home). Your company uses the win2000 operating system. For the convenience of remote management, you Terminal Services is installed and enabled on the server. Recently, you found that your server showed signs of being controlled. After your inspection, you found that there was an unfamiliar account on your server. You deleted it, but the same thing always happened the next day. How should you solve this problem? ( )

• A. Disable Terminal Services
• B. Add firewall rules, except your own home IP address, deny all 3389 port connections
• C. Apply security patch sp4
• D. Enable the account audit event, then check its source and investigate it

Correct answer:  C

84.  ( Single-choice question, 5 points) What is the maximum number of digits in the superdic password ( )

• A. 9
• B. 8
• C. 3
• D. 10

Correct Answer:  B

85.  ( Single-choice question, 5 points) In Nmap, the scanning results are described in detail. What is the parameter used? ( )

• A. vv
• B. O
• C. Sp
• D. P

Correct answer:  A

86.  ( Single-choice question, 5 points) The ARP protocol is a protocol that converts __ addresses into __ ( )

• A. IP、MAC
• B. MAC , port
• C. IP , port
• D. MAC、IP

Correct answer:  A

87.  ( Single-choice question, 5 points) Which of the following vulnerabilities is the most popular SQL (database language) injection attack? ( )

• A. Domain name service spoofing vulnerability
• B. Programming Vulnerabilities in Mail Servers
• C. Programming Vulnerabilities of WWW Services
• D. Programming vulnerability of FTP service

Correct answer:  C

88.  ( Single-choice question, 5 points) Many hacker attacks exploit buffer overflow vulnerabilities in software implementations. What is the most reliable solution to this threat? ( )

• A. Install antivirus software
• B. Install the latest patches to the system
• C. Install a firewall
• D. Install an intrusion detection system

Correct Answer:  B

89.  ( Single-choice question, 5 points) Which of the following data is encrypted by the SSH (Secure Shell) protocol and its software tools? ( )

• A. Network communication
• B. Voice call
• C. Hard disk data
• D.email _

Correct answer:  A

90.  ( Single-choice question, 5 points) The MAC address of a certain machine is e0:d5:5e:ac:eb:71, filter according to the MAC address in wireshark , and the expression in the filter is ( )

• A. ip.src==e0:d5:5e:ac:eb:71
• B. ip.addr==e0:d5:5e:ac:eb:71

• C.

eth.src==e0:d5:5e:ac:eb:71

• D. ip.dst==e0:d5:5e:ac:eb:71

Correct answer:  C

2. Multiple choice questions (20 questions in total, 10)

91.  ( Multiple choice, 5 points) The iptables firewall can realize the ( ) function

• A. Packet filtering
• B. Status detection
• C. NIGHT
• D. Application Proxy

Correct answer:  ABC

92.  ( Multiple choice, 5 points) What are the parameters of the ssh_login module? ( )

• A. ROAST
• B. PASS_FILE
• C. USERNAME
• D. STOP_ON_SUCESS

Correct Answer:  ABCD

93.  ( Multiple choice, 5 points) By default, the filter table of Linux iptables is composed of ( ) rule chains.

• A. INPUT
• B. OUTPUT
• C. NIGHT
• D. FORWARD

Correct Answer:  ABD

94.  ( Multiple choice, 5 points) There are 4 labels in the main interface of AORP software, the following ones belong to the main interface labels are ( )

• A. to restore
• b. option
• C. Password caching
• D. Log window

Correct answer:  ABC

95.  ( Multiple choice, 5 points) Which of the following statements about honeypots is wrong ( )

• A. A honeypot is a security resource with no product value at all
• B. Any activity sent to the honeypot should be suspect
• C. Honeypots provide a defense mechanism
• D. The honeypot has a fixed form of expression

Correct Answer:  CD

96.  ( Multiple choice, 5 points) What characteristics must a secure network have ( )

• A. Confidentiality
• B. Integrity
• c. Availability
• D. Controllability

Correct Answer:  ABCD

97.  ( Multiple choice, 5 points) The functional modules of the Metasloit penetration testing framework include ( )

• A. Msfconsole
• B. Msfweb
• C. msfupdate
• D. Metasloi tip

Correct answer:  ABC

98.  ( Multiple choice, 5 points) The functions of Nmap are ( )

• A. Host detection
• B. Version detection
• C. System detection
• D. Support detection script writing

Correct Answer:  ABCD

99.  ( Multiple choice, 5 points) Which of the following are the functions of malicious code in web pages? ( )

• A. consume system resources
• B. Illegally write files to the user's hard disk
• C. IE leakage
• D. Use email to illegally install Trojan horses

Correct Answer:  ABCD

100.  ( Multiple choice, 5 points) Which of the following belongs to the method of SQl injection ( )

• A. Insert the code directly into the SQL command
• B. Inject malicious code into strings to be stored in tables or as source data
• C. Execute all queries through stored procedures
• D. Input Validation

Correct answer:  AB

101.  ( Multiple choice, 5 points) What are the methods to defend against Trojan horses and backdoors? ( )

• A. Never browse unknown websites
• B. Periodic port scanning
• C. Install firewall and antivirus software
• D. Frequently apply system upgrade patches

Correct Answer:  BCD

102.  ( Multiple choice, 5 points) What are the related modules of search ms12_020 ? ( )

• A. ms12_020_netapi
• B. ms12_020_maxchannelids
• C. ms12_020_check
• D. ms12_020_login

Correct Answer:  BC

103.  ( Multiple choice, 5 points) The iptables firewall works at layer ( ) of the ISO seven-layer model

• A. two
• B. three
• c. four
• D. five

Correct answer:  ABC

104.  ( Multiple choice, 5 points) According to the type of technology, there are ( ) several types of NAT

• A. Universal NAT
• B. Static NAT
• C. Dynamic NAT
• D. Network Address Port Translation NAPT

Correct Answer:  BCD

105.  ( Multiple choice, 5 points) Common script types include ( )

• A. HTML
• B. JavaScript
• C. VBScript
• D. ActiveX

Correct Answer:  ABCD

106.  ( Multiple choice, 5 points) To prevent remote login to the Ubuntu Linux16.04 server, the method to obtain the MySQL server password is ( )

• A. Specify the IP address to prohibit access
• B. Prohibit remote connection to MYSQL
• C. Modify the MySQL configuration file and comment out the line bind-address = 127.0.0.1
• D. Prohibit TCP/IP connection

Correct answer:  AB

107.  ( Multiple choice, 5 points) Which of the following belongs to the application layer protocol ( )

• A. FTP
• B. SMTP
• C. ARP
• D. Telnet

Correct Answer:  ABD

108.  ( Multiple choice, 5 points) VPN uses ( ) technology to ensure the security of data transmission

• A. Tunnel technology
• B. Encryption and decryption technology
• C. Key management technology
• D. Identity authentication technology

Correct Answer:  ABCD

109.  ( Multiple choice, 5 points) What are the files that need to be configured for Tcp_Wrappers defense? ( )

• A. /etc/passwd
• B. /etc/shadow
• C. /etc/hosts.deny
• D. /etc/hosts.allow

Correct Answer:  CD

110.  ( Multiple choice, 5 points) The types of access provided by the backdoor to the attacker include ( )

• A. Escalation of local privileges
• B. Remote execution of individual commands
• C. Remote Command Interpreter Access
• D. Remote Control GUI

Correct Answer:  ABCD

3. True or false questions (50 questions in total, 25)

111.  ( True or false, 5 points) Weevely is a Webshell tool written in Python and adopts the B/S mode. ( )

• A. yes
• B. Wrong

Correct answer:  wrong

112.  ( True or false, 5 points) Each IPtables table contains pairs of links. ( )

• A. yes
• B. Wrong

Correct answer:  yes

113.  ( True or false, 5 points) Since the data packet is sent in clear text and is easy to be captured, but the source IP address segment cannot be directly modified to the IP address of other hosts; therefore, it is difficult for intruders to modify the source IP address segment to fake services and sessions. ( )

• A. yes
• B. Wrong

Correct answer:  wrong

114.  ( True or false, 5 points) Kali 's packages and sources are GPG signed. ( )

• A. yes
• B. Wrong

Correct answer:  yes

115.  ( True or false, 5 points) Using dynamic assembled SQL can effectively prevent SQL injection. ( )

• A. yes
• B. Wrong

Correct answer:  wrong

116.  ( True or false, 5 points) Trojan horses are generally divided into two parts: the client and the server, and the client is usually placed on the controlled side. ( )

• A. yes
• B. Wrong

Correct answer:  yes

117.  ( True or false, 5 points) As long as the current TCP packet is intercepted, the sequence number of the next packet can be forged. ( )

• A. yes
• B. Wrong

Correct answer:  yes

118.  ( True or false, 5 points) If the firewall is set to DROP, the data packet will be discarded directly without any response information. ( )

• A. yes
• B. Wrong

Correct answer:  yes

119.  ( True or false, 5 points) The ARP protocol can be used to discover hosts across network segments. ( )

• A. yes
• B. Wrong

Correct answer:  wrong

120.  ( True or false, 5 points) The default port of Windows system vulnerability ms12-020 is 445. ( )

• A. yes
• B. Wrong

Correct answer:  wrong

121.  ( True or false, 5 points) A typical hacking process has many rules, but an intrusion based on authentication, loopholes, and third-party programs (Trojan horses) is called an intrusion. ( )

• A. yes
• B. Wrong

Correct answer:  yes

122.  ( True or false, 5 points) Select Intercept is on in BurpSuite to indicate that the request and response are intercepted. ( )

• A. yes
• B. Wrong

Correct answer:  yes

123.  ( True question, 5 points) A reliable network should have the 4 characteristics of confidentiality, integrity, availability and ease of use. ( )

• A. yes
• B. Wrong

Correct answer:  wrong

124.  ( True or false, 5 points) Daily tasks such as upgrading the operating system and patching the operating system or server software have improved the safety factor of the system, but it still cannot prevent hackers from intruding through related loopholes. ( )

• A. yes
• B. Wrong

Correct answer:  wrong

125.  ( True or false, 5 points) Brazilian barbecue churrasco tool is used for system privilege escalation ( )

• A. yes
• B. Wrong

Correct answer:  yes

126.  ( True or false, 5 points) The application layer gateway is located at the data link layer of the TCP/IP protocol. ( )

• A. yes
• B. Wrong

Correct answer:  wrong

127.  ( True or false, 5 points) SQL injection can generally be entered directly through a web form. ( )

• A. yes
• B. Wrong

Correct answer:  yes

128.  ( True or false, 5 points) msfWeb is the Web component of Metasploit, supports single user, and is a graphical interface of Metasploit. ( )

• A. yes
• B. Wrong

Correct answer:  wrong

129.  ( True or false, 5 points) Soft links can point to files or directories, but hard links only point to files and not to directories. ( )

• A. yes
• B. Wrong

Correct answer:  yes

130.  ( True or false, 5 points) Nmap is a tool based on the command line, which can define scanning rules through different parameters, among which -Ss scans the sliding window. ( )

• A. yes
• B. Wrong

Correct answer:  wrong

131.  ( True or false, 5 points) The UDP port scanning method sends a UDP protocol group to the target. If the target port is closed, a UDP port unreachable message is returned. ( )

• A. yes
• B. Wrong

Correct answer:  wrong

132.  ( False question, 5 points) Access control is the main strategy for network prevention and protection. ( )

• A. yes
• B. Wrong

Correct answer:  yes

133.  ( True or false, 5 points) The task of the scanning phase refers to the analysis of the list of accessible network services, Internet Protocol (IP) stack fingerprints and known network architecture to determine the network infrastructure based on the information collected during the "discovery" process. The role played by each device and the process of trust relationship, etc. ( )

• A. yes
• B. Wrong

Correct answer:  wrong

134.  ( True or false, 5 points) Set the brute force cracking to stop immediately after the password is cracked, and the value of STOP-ON-SUCCESS should be set to true. ( )

• A. yes
• B. Wrong

Correct answer:  yes

135.  ( True or false, 5 points) XSS attacks are passive attacks. ( )

• A. yes
• B. Wrong

Correct answer:  yes

136.  ( True or false, 5 points) /etc/hosts.deny is used to define denial of access. ( )

• A. yes
• B. Wrong

Correct answer:  yes

137.  ( True or false, 5 points) XSS cross-site scripting vulnerabilities mainly affect client browsing users ( )

• A. yes
• B. Wrong

Correct answer:  yes

138.  ( True or false, 5 points) Bundling the Trojan horse behind the EXE file is a way to hide the Trojan horse. ( )

• A. yes
• B. Wrong

Correct answer:  yes

139.  ( True or false, 5 points) Openness is a major feature of the Linux system. ( )

• A. yes
• B. Wrong

Correct answer:  yes

140.  ( True or false, 5 points) Nmap can be used in both Linux and Windows environments. ( )

• A. yes
• B. Wrong

Correct answer:  yes

141.  ( Judgement question, 5 points) The disadvantage of the ARP protocol is that there is no authentication mechanism ( )

• A. yes
• B. Wrong

Correct answer:  yes

142.  ( False question, 5 points) The network is a layered topological structure, so the security protection of the network also needs to adopt layered prevention and protection measures. ( )

• A. yes
• B. Wrong

Correct answer:  yes

143.  ( True or false, 5 points) In the Windows2003 system, the default location of the WWW service log is C:\WINDOWS\system32\LogFiles\w3svc1. ( )

• A. yes
• B. Wrong

Correct answer:  yes

144.  ( True or false, 5 points) Untrusted data can be inserted in <script>...</script> command ( )

• A. yes
• B. Wrong

Correct answer:  wrong

145.  ( True or false, 5 points) A vulnerability is a flaw that can be exploited by threats to gain unauthorized access to information or destroy critical data. ( )

• A. yes
• B. Wrong

Correct answer:  wrong

146.  ( False question, 5 points) The network is a layered topological structure, so the security protection of the network also needs to adopt layered prevention and protection measures.

• A. yes
• B. Wrong

Correct answer:  yes

147.  ( False question, 5 points) DDOS refers to centralized denial of service attack ( )

• A. yes
• B. Wrong

Correct answer:  wrong

148.  ( True or false, 5 points) In the Linux system, user information is stored in the configuration file /etc/gshadow. ( )

• A. yes
• B. Wrong

Correct answer:  wrong

149.  ( True or false, 5 points) Safety measures need to be completed artificially, so in order to ensure safety, it is necessary to set up as complicated safety measures as possible to ensure safety. ( )

• A. yes
• B. Wrong

Correct answer:  wrong

150.  ( True or false, 5 points) ms08-067 can cause the blue screen of the attacked computer. ( )

• A. yes
• B. Wrong

Correct answer:  wrong

151.  ( True or false, 5 points) Nmap is an excellent port scanning tool. ( )

• A. yes
• B. Wrong

Correct answer:  yes

152.  ( True or false, 5 points) Only by means of attack can the backdoor program be implanted into the target host. ( )

• A. yes
• B. Wrong

Correct answer:  wrong

153.  ( True or false, 5 points) Using parameterized SQL statements can prevent SQL injection. ( )

• A. yes
• B. Wrong

Correct answer:  yes

154.  ( True or false, 5 points) After the Mysql installation is complete, add bind-address=127.0.0.1 to the database configuration file so that other hosts can access the database. ( )

• A. yes
• B. Wrong

Correct answer:  wrong

155.  ( True or false, 5 points) The security of information hiding must be higher than that of information encryption. ( )

• A. yes
• B. Wrong

Correct answer:  wrong

156.  ( True or false, 5 points) Wireshark can build icons, but not reorganize data. ( )

• A. yes
• B. Wrong

Correct answer:  wrong

157.  ( True or false, 5 points) Establishing a reliable rule set is very critical to implementing a successful and secure firewall ( )

• A. yes
• B. Wrong

Correct answer:  yes

158.  ( True or false, 5 points) Trojan horses can be hidden in movies, photos or web pages. When the other party allows the implanted Trojan horse files on the server, the Trojan horse will gain control of the server. ( )

• A. yes
• B. Wrong

Correct answer:  yes

159.  ( True or false, 5 points) There are multiple security holes on the router that are likely to cause malicious attacks by hackers. ( )

• A. yes
• B. Wrong

Correct answer:  wrong

160.  ( True or false, 5 points) The Sudo group is a special group with superuser privileges. If a user does not belong to the sudo group, he cannot use the sudo command. ( )

• A. yes
• B. Wrong

Correct answer:  yes