Infosec Exam Questions Answered Correctly Latest Update 2025-2026
What is an APT? - Answers Advanced Persistent Threat
True or false? Data exfiltration is always the last stage in a typical kill chain. - Answers False -
the attacker may maintain access or retreat (and attempt to destroy any evidence that the
attack took place).
Which of the following is used to perform "Google Hacking"? - Answers "Google Hacking" refers
to using search phrases to identify vulnerable services and devices on the web.
What is OSINT? - Answers Open Source Intelligence
Following the CompTIA Cybersecurity Analyst syllabus, which environmental reconnaissance
procdure has been omitted from the following list?
Topology discovery
OS fingerprinting / Service discovery
Packet capture
Log / router / firewall ACL review
Social media profiling
Social engineering
DNS harvesting
Phishing - Answers Email harvesting
Drag the marker representing the most appropriate tool to use to perform the following tasks
(use each tool ONCE only):
blankCorrect - perform a zone transfer.
blankCorrect - identify address autoconfiguration.
blankCorrect - test the local subnet for host responses.
blankCorrect - identify the path taken to communicate with a host.
blankCorrect - show the process using a listening port on the local host
,blankCorrect - identify the OS of a remote host. - Answers [nslookup] - perform a zone transfer.
[ipconfig] - identify address autoconfiguration.
[ping] - test the local subnet for host responses.
[tracert] - identify the path taken to communicate with a host.
[netstat] - show the process using a listening port on the local host
[nmap] - identify the OS of a remote host.
Write the command to use Nmap to scan IP addresses but suppress a port scan on the local
subnet if the local host is configured with IP address 172.16.17.48 and subnet mask
255.255.240.0 (for the purpose of this question, you must write the IP of the network address
rather than any of the valid host addresses): - Answers nmap -sn 172.16.16.0/20
Write the switch to add to an Nmap scan to record the path to the target: - Answers --traceroute
(or --tr)
True or false? You could use the command 'netstat -sp TCP' to check the number of reset
connections since the local Windows host last booted. - Answers true
Drag the label containing the switch over the appropriate marker to perform each of the
following Nmap scan types (use each label ONCE only or not at all):
blankCorrect - half-open scan.
blankCorrect - full connect scan.
blankCorrect - connectionless scan.
blankIncorrect - "Christmas Tree" scan. - Answers [‑sS] - half-open scan.
[‑sT] - full connect scan.
[‑sU] - connectionless scan.
[‑sX] - "Christmas Tree" scan.
A troubleshooting utility outputs a series of lines such as: "1 <10ms 1ms 10.1.0.1" - which utility
is being used? - Answers tracert
Why should a firewall be configured to block packets from an external network with source IP
addresses belonging to the internal network? - Answers : The packets must have spoofed IP
addresses
, What port on a firewall must be opened to allow an SSH connection to a web server? - Answers
22
What feature of a token-based authentication system makes it resistant to replay attacks? -
Answers The token is time stamped
Which of the following are fields in an Ethernet frame? - Answers CRC, Type
Which of the following password policies provides the BEST defense against a brute force
password guessing attack? - Answers Passwords must be at least 8 characters
Which protocol is used for Windows File and Printer Sharing? - Answers SMB
What is "NX"? - Answers Address space protection technology
Which of the following devices would be used for NAT? - Answers Router
True or false? Data exfiltration is always the last stage in a typical kill chain. - Answers False -
the attacker may maintain access or retreat (and attempt to destroy any evidence that the
attack took place).
Which of the following is used to perform "Google Hacking"? - Answers : Search operator
What are the main phases in a typical "kill chain"? - Answers Planning, reconnaissance,
weaponization / exploit, lateral discovery, data exfiltration, retreat.
What tools are available to perform passive environmental reconnaissance? - Answers Web
search ("Google Hacking"), email harvesting, social media harvesting, DNS harvesting, and
website ripping.
How is a ping sweep performed using native command line tools only? - Answers Using a script
to supply the variables (octet values) and loop through them.
What is an "axfr"? - Answers A DNS zone transfer (returning all the records in the zone) named
after the switches used to initiate it by the dig tool.
Describe one advantage and one disadvantage of using the -T0 switch when performing an
Nmap scan? - Answers This sets an extremely high delay between probes, which may help to
evade detection systems but will take a very long time to return results.
What additional information is returned if you run netstat with the -o switch on a Windows PC?
Would you expect the same result in Linux? - Answers The Process ID (PID) of the software that
initiated the connection. In Linux, -o controls timing; the -p switch returns the PID.
What is the principal challenge in scanning UDP ports? - Answers UDP does not send ACK
messages so the scan must use timeouts to interpret the port state. This makes scanning a
wide range of UDP ports a lengthy process
What is an APT? - Answers Advanced Persistent Threat
True or false? Data exfiltration is always the last stage in a typical kill chain. - Answers False -
the attacker may maintain access or retreat (and attempt to destroy any evidence that the
attack took place).
Which of the following is used to perform "Google Hacking"? - Answers "Google Hacking" refers
to using search phrases to identify vulnerable services and devices on the web.
What is OSINT? - Answers Open Source Intelligence
Following the CompTIA Cybersecurity Analyst syllabus, which environmental reconnaissance
procdure has been omitted from the following list?
Topology discovery
OS fingerprinting / Service discovery
Packet capture
Log / router / firewall ACL review
Social media profiling
Social engineering
DNS harvesting
Phishing - Answers Email harvesting
Drag the marker representing the most appropriate tool to use to perform the following tasks
(use each tool ONCE only):
blankCorrect - perform a zone transfer.
blankCorrect - identify address autoconfiguration.
blankCorrect - test the local subnet for host responses.
blankCorrect - identify the path taken to communicate with a host.
blankCorrect - show the process using a listening port on the local host
,blankCorrect - identify the OS of a remote host. - Answers [nslookup] - perform a zone transfer.
[ipconfig] - identify address autoconfiguration.
[ping] - test the local subnet for host responses.
[tracert] - identify the path taken to communicate with a host.
[netstat] - show the process using a listening port on the local host
[nmap] - identify the OS of a remote host.
Write the command to use Nmap to scan IP addresses but suppress a port scan on the local
subnet if the local host is configured with IP address 172.16.17.48 and subnet mask
255.255.240.0 (for the purpose of this question, you must write the IP of the network address
rather than any of the valid host addresses): - Answers nmap -sn 172.16.16.0/20
Write the switch to add to an Nmap scan to record the path to the target: - Answers --traceroute
(or --tr)
True or false? You could use the command 'netstat -sp TCP' to check the number of reset
connections since the local Windows host last booted. - Answers true
Drag the label containing the switch over the appropriate marker to perform each of the
following Nmap scan types (use each label ONCE only or not at all):
blankCorrect - half-open scan.
blankCorrect - full connect scan.
blankCorrect - connectionless scan.
blankIncorrect - "Christmas Tree" scan. - Answers [‑sS] - half-open scan.
[‑sT] - full connect scan.
[‑sU] - connectionless scan.
[‑sX] - "Christmas Tree" scan.
A troubleshooting utility outputs a series of lines such as: "1 <10ms 1ms 10.1.0.1" - which utility
is being used? - Answers tracert
Why should a firewall be configured to block packets from an external network with source IP
addresses belonging to the internal network? - Answers : The packets must have spoofed IP
addresses
, What port on a firewall must be opened to allow an SSH connection to a web server? - Answers
22
What feature of a token-based authentication system makes it resistant to replay attacks? -
Answers The token is time stamped
Which of the following are fields in an Ethernet frame? - Answers CRC, Type
Which of the following password policies provides the BEST defense against a brute force
password guessing attack? - Answers Passwords must be at least 8 characters
Which protocol is used for Windows File and Printer Sharing? - Answers SMB
What is "NX"? - Answers Address space protection technology
Which of the following devices would be used for NAT? - Answers Router
True or false? Data exfiltration is always the last stage in a typical kill chain. - Answers False -
the attacker may maintain access or retreat (and attempt to destroy any evidence that the
attack took place).
Which of the following is used to perform "Google Hacking"? - Answers : Search operator
What are the main phases in a typical "kill chain"? - Answers Planning, reconnaissance,
weaponization / exploit, lateral discovery, data exfiltration, retreat.
What tools are available to perform passive environmental reconnaissance? - Answers Web
search ("Google Hacking"), email harvesting, social media harvesting, DNS harvesting, and
website ripping.
How is a ping sweep performed using native command line tools only? - Answers Using a script
to supply the variables (octet values) and loop through them.
What is an "axfr"? - Answers A DNS zone transfer (returning all the records in the zone) named
after the switches used to initiate it by the dig tool.
Describe one advantage and one disadvantage of using the -T0 switch when performing an
Nmap scan? - Answers This sets an extremely high delay between probes, which may help to
evade detection systems but will take a very long time to return results.
What additional information is returned if you run netstat with the -o switch on a Windows PC?
Would you expect the same result in Linux? - Answers The Process ID (PID) of the software that
initiated the connection. In Linux, -o controls timing; the -p switch returns the PID.
What is the principal challenge in scanning UDP ports? - Answers UDP does not send ACK
messages so the scan must use timeouts to interpret the port state. This makes scanning a
wide range of UDP ports a lengthy process
