CCTC Networking UPDATED ACTUAL
Exam Questions and CORRECT Answers
Ethernet header fields - CORRECT ANSWER - - Destination MAC: ether[0:6]
- Source MAC: ether[5:6]
- Ethertype: ether[12:2] (w/o VLAN)
- VLAN tag: ether[12:4]
Common ethertypes - CORRECT ANSWER - - 0x0800: IPv4
- 0x86DD: IPv6
- 0x0806: ARP
IPv4 header - CORRECT ANSWER - - Version: ip[0] & 0xF0
- IHL: ip[0] & 0x0F
- DSCP: ip[1] & 0xFC
- ID: ip[4:2]
- TTL: ip[8]
- Protocol: ip[9]
- Flags: ip[6] & 0xE000
- Source IP: ip[12:4]
- Dest IP: ip[16:4]
IPv6 header - CORRECT ANSWER - - Next header: ip6[6]
TCP header - CORRECT ANSWER - - Source port: tcp[0:2]
- Dest port: tcp[2:2]
- Flags: tcp[13]; CWR, ECE, URG, ACK, PSH, RST, SYN, FIN
,Protocol codes - CORRECT ANSWER - - TCP: 6
- UDP: 17
- ICMP: 1
ICMP type/codes - CORRECT ANSWER - - Echo reply: 0/0
- Echo request: 8/0
- Time Exceeeded: 11
- Destination unreachable: 3
Default TTLs - CORRECT ANSWER - - Linux: 64
- Windows: 128
- Cisco: 255
Scapy - CORRECT ANSWER - - Interactive packet maniputlation tool, packet sniffer,
network scanner, packet generator
Legal TCP flag combinations - CORRECT ANSWER - - Ack
- Syn
- Syn ack
- Fin ack
- Rst ack
Types of social engineering - CORRECT ANSWER - - Pretexting: pretending to be
someone you are not; impersonation
- Reciprocity: provide something for something
- Scarcity: running out of time to get something; limited time offer
- Authority: the right to exercise power
- Social proof: convince the target to take a certain action
, - Sympathy:
Scanning tools - CORRECT ANSWER - - nmap: run with root priv; ARP packets; open
raw sockets; OS best guest
- netcat: nc -vwz <IP> <ports>
- scapy
- ping sweep: icmp; FW and OS can block packet, making scan unreliable
TCP Connect Scan - CORRECT ANSWER - - 3 way handshake is completed
- Logged scan
TCP SYN (half-open) scan - CORRECT ANSWER - - badguy: sends SYN
- target (if open): SYNACK
- target (if closed): RST
- badguy:sends RST => target port stays open
- if target is filtered: no response
ACK Scan - CORRECT ANSWER - - Solicits stateful firewall
- Open or closed ports return RST flag => unfiltered
- No response => filtered
UDP Scans - CORRECT ANSWER - - Do not create connection
- Can bypass TCP stateful firewalls
Stealth scans - CORRECT ANSWER - - Don't create connection
- NULL, XMAS and FIN scans
- Open: No response, Closed: RST
Exam Questions and CORRECT Answers
Ethernet header fields - CORRECT ANSWER - - Destination MAC: ether[0:6]
- Source MAC: ether[5:6]
- Ethertype: ether[12:2] (w/o VLAN)
- VLAN tag: ether[12:4]
Common ethertypes - CORRECT ANSWER - - 0x0800: IPv4
- 0x86DD: IPv6
- 0x0806: ARP
IPv4 header - CORRECT ANSWER - - Version: ip[0] & 0xF0
- IHL: ip[0] & 0x0F
- DSCP: ip[1] & 0xFC
- ID: ip[4:2]
- TTL: ip[8]
- Protocol: ip[9]
- Flags: ip[6] & 0xE000
- Source IP: ip[12:4]
- Dest IP: ip[16:4]
IPv6 header - CORRECT ANSWER - - Next header: ip6[6]
TCP header - CORRECT ANSWER - - Source port: tcp[0:2]
- Dest port: tcp[2:2]
- Flags: tcp[13]; CWR, ECE, URG, ACK, PSH, RST, SYN, FIN
,Protocol codes - CORRECT ANSWER - - TCP: 6
- UDP: 17
- ICMP: 1
ICMP type/codes - CORRECT ANSWER - - Echo reply: 0/0
- Echo request: 8/0
- Time Exceeeded: 11
- Destination unreachable: 3
Default TTLs - CORRECT ANSWER - - Linux: 64
- Windows: 128
- Cisco: 255
Scapy - CORRECT ANSWER - - Interactive packet maniputlation tool, packet sniffer,
network scanner, packet generator
Legal TCP flag combinations - CORRECT ANSWER - - Ack
- Syn
- Syn ack
- Fin ack
- Rst ack
Types of social engineering - CORRECT ANSWER - - Pretexting: pretending to be
someone you are not; impersonation
- Reciprocity: provide something for something
- Scarcity: running out of time to get something; limited time offer
- Authority: the right to exercise power
- Social proof: convince the target to take a certain action
, - Sympathy:
Scanning tools - CORRECT ANSWER - - nmap: run with root priv; ARP packets; open
raw sockets; OS best guest
- netcat: nc -vwz <IP> <ports>
- scapy
- ping sweep: icmp; FW and OS can block packet, making scan unreliable
TCP Connect Scan - CORRECT ANSWER - - 3 way handshake is completed
- Logged scan
TCP SYN (half-open) scan - CORRECT ANSWER - - badguy: sends SYN
- target (if open): SYNACK
- target (if closed): RST
- badguy:sends RST => target port stays open
- if target is filtered: no response
ACK Scan - CORRECT ANSWER - - Solicits stateful firewall
- Open or closed ports return RST flag => unfiltered
- No response => filtered
UDP Scans - CORRECT ANSWER - - Do not create connection
- Can bypass TCP stateful firewalls
Stealth scans - CORRECT ANSWER - - Don't create connection
- NULL, XMAS and FIN scans
- Open: No response, Closed: RST
