lOMoARcPSD|59509133

Repeated Questions Asked by Nptel every year course

Ethical Hacking
Computer Science Engineerinf (Narayana Engineering College)

Scan to open on Studocu

Studocu is not sponsored or endorsed by any college or university

Downloaded by Dr. R. Sampath ([email protected])
 lOMoARcPSD|59509133

Most Repeated Questions Asked by NPTEL Every Year Course

Ethical Hacking
Q.1 Which of the following model the tester has partial information about the
network? (MCQ)
a. Black box model
b. White box model
c. Gray box model
d. None of these.
Ans: C
Solutions: In the white box model, the tester has complete information about the network.
In the black box model, the tester does not have any information about the network. Gray
box model is, where the tester is only provided with partial information about the
network.

Q.2 Which address classes do the IP addresses 126.16.75.12 and 191.10.85.120 belong to? (MCQ)

a. Class A and Class B

b. Class B and Class B

c. Class C and Class A 171.56.45.112= class B 228.56.112.121=class D

d. Class B and Class A

Ans: A

Class Address Range

IP Class A 1 to 127

IP Class B 128 to 191

IP Class C 192 to 223

IP Class D 224 to 239

IP Class E 240 to 255

Downloaded by Dr. R. Sampath ([email protected])

 lOMoARcPSD|59509133

Q.3 What is the subnet address if the destination IP address is 144.16.75.105

and the subnet mask is 255.255.240.0?
Solution: Doing AND operation with destination IP address and the subnet mask.
Options:
A. 144.16.64.0

B. 144.16.32.0
C. 144.16.16.0
D.166.16.128.0

Q.4 The maximum size of data that can be accommodated in an IP

datagramis ----------- bytes. (Dash type)
Ans- 65535 bytes
Solution- The TOTAL-LENGTH field in the IP header is 16 bits, which can
contain values from 0 to 2^16 – 1 = 65536-1, the total size of an IP packetcan
be 65535 bytes.
Also, the minimum size of the IP header is 20 bytes, which makes the
maximum size of data as
65535 – 20 = 65515 bytes

Downloaded by Dr. R. Sampath ([email protected])

 lOMoARcPSD|59509133

Q.5 Which of the followings are the features of TCP? (MSQ)

☐ Process to process communication
☐ Stream delivery service
☐ Connection-oriented service
☐ Unreliable
(UDP) service

Ans: - A, B, C

TCP provides reliable and connection-oriented service.

UDP provides Unreliable and Connectionless service.

Q.6 Which of the following statement(s) is/are true for a circuit switched network?
a. A communication link can be shared by more than one connection.
b. A communication link is dedicated to a connection and cannot be shared with other
connections.
c. The packet transfer delay between a pair of nodes may depend on the prevailing
network traffic.
d. The packet transfer delay between a pair of nodes is more or less constant during the
entire period of the connection.
e. It is efficient for bursty traffic.
Correct Answer: b, d

Q.7 Which of the following OSI layers is responsible for end-to-end reliable data transfer,
with error recovery and flow control?
a. Session layer

b. Transport layer
c. Network layer
d. Datalink layer
e. Physical layer
Correct Answer: b

1. Physical layer: transmits raw bits over a physical medium

2. Data Link layer: ensures error-free transfer of data frames
3. Network layer: routes data between networks
4. Transport layer: ensures data is reassembled at the destination (end-to-end reliable
data transfer)
5. Session layer: establishes, manages, and terminates connections

Downloaded by Dr. R. Sampath ([email protected])

 lOMoARcPSD|59509133

6. Presentation layer: converts data to a format readable by the receiving device

7. Application layer: provides services to end-user applications

Q.8 Which of the following is/are True for TCP/IP model?

a. It allows cross-platform communications among heterogeneous networks.
b. It is a scalable client-server architecture which allows network modification without
disrupting the current services.
c. It can also represent any other protocol stack other than the TCP/IP suite such as Bluetooth
connection.
d. None of these.
Correct Answer: A, B

Correct Answer: Detail Solution: TCP/IP is an open source scalable client-server based architecture used
in computer network. It is used to bridge the gap between non-compatible (heterogeneous) networks. In
TCP/IP based network a host/network can be added/removed without disturbing the current
services/systems of the network. TCP/IP is not generic, and thus can only represent the protocol stacks
defined in TCP/IP suite. It cannot represent any protocol that is not defined in TCP/IP such as Bluetooth
connection.

Q.9 Which of the following statement(s) is/are true for virtual circuit based packet transfer
approach?
a. It is a connection-oriented approach, where a route is established priori to transfer of packets.
b. In this approach, each packets follows distinct path.
c. The intermediate node can perform dynamic routing.
d. All the packets reach in order to the destination.

e. It is a true packet switched network.

Correct Answer: a, d

Detail Solution: Virtual circuit approach is a connection-oriented packet switching approach

where a route is established before packet transmission starts. For a session the packets follow
the same path, and then once the session is expired a new route is established. In virtual circuit,
a virtual id is used which is used by intermediate node of the route such that the packet can be
forwarded to the next node. This means that the Intermediate nodes can only forward the packet
and cannot make dynamic routing decision. In virtual circuit all packets reach in order to the
destination as packet follows the same path. It is not a true packet switched network as it uses
a fixed path for transmitting data.

Downloaded by Dr. R. Sampath ([email protected])

 lOMoARcPSD|59509133

Q.10 Which of the following statement(s) is/are true for the IP address?
a. It uniquely identifies a network interface of a computer system.
b. It uniquely identifies a host in the network.

c. It indicates how many hardware ports are there in the computer system.
d. None of these.
Ans: B
Q.11 Which of the following statement(s) is/are true for transparent fragmentation?
a. The subsequent networks are aware that the fragmentation has occurred.

b. It is required to route all packet to the same exit router in a network.

c. Each fragment is treated as an independent packet.
d. All fragmented packets are reassembled by host system.
e. All fragmented packets are reassembled by the exit router.
Correct Answer: b, e

Detail Solution: In transparent fragmentation, all packets are routed through an exit router
that assembles the fragmented packets. In this approach the subsequent network(s) have no
information about fragmentation. Whereas in non-transparent fragmentation the packets can
be transmitted through multiple routers as each packet is treated as independent packet and
the reassembly is done by the destination host system.

Q.12 Which of the following is/are true for IP addressing?

a. Each host connected to the Internet is defined by an IP address.
b. IP address consist of two parts: network number and host number.
c. When a packet is routed to the destination network, only the host number is used.
d. Class A address can have a maximum of 16,777,214 networks.
e. None of these.
Correct Answer: a, b
Detail Solution: Each host connected to the Internet is uniquely defined by IP address, where the IP
address consists of network number and host number. When a packet is routed to the destination
network, then only the network number is used. Class A address can have maximum of 127 networks and
16,777,214 hosts.

Q.13 Which of the following is/are not a feature of TCP?

a. Process to process communication.
b. Stream delivery service.
c. Connection-oriented service.
d. Unreliable service. (UDP)
e. Full duplex communication.
f. None of these.
Correct Answer: d

Downloaded by Dr. R. Sampath ([email protected])

 lOMoARcPSD|59509133

Q.14 An organization is allotted a block with beginning address as: 144.16.192.16/28 in CIDR notation.
What will be the address range for that block?

a. 144.16.192.0 to 144.16.192.16
b. 144.16.192.0 to 144.16.192.255
c. 144.16.192.16 to 144.16.192.31
d. 144.16.192.16 to 144.16.192.32
Correct Answer: c
To calculate 232-prefix, where prefix is the number after the slash. (/28)
So, here (/28) contains
232-28 = 24 = 16 address (4)
First 28 bits in the IP address will denote network number. The range will be:

Starting address = 144.16.192.16 = 10010000 00010000 11000000 00010000

= 10010000 00010000 11000000 00010000

= 144.16.192.16

To

Last IP= 144.16.192.16 = 10010000 00010000 11000000 00010000

Ending address = 144.16.192.16 = 10010000 00010000 11000000 00010000

10010000 00010000 11000000 00011111

192.16.192.31

Q. 144.16.192.16/29

144.16.192.16 = 10010000 00010000 11000000 00010000

232-prefix = 232-29= 23
1st
Ip = 10010000 00010000 11000000 00010000

144.16.192.16 to

Last Ip= 10010000 00010000 11000000 00010111

144.16.192.23

Downloaded by Dr. R. Sampath ([email protected])

 lOMoARcPSD|59509133

Q.15 Which of the following host address represents the default route in a routing table?

a. 0.0.0.0 (Booting IP)

b. 0.0.0.1

c. 127.0.0.1

d. 255.255.255.255

Ans: a

Solution- Default Route is used when no specific address for next hop is available. In Routing
table default Route is specified an address 0.0.0.0
- 0.0. 0.1 is a private IP address, and is only used in internal network environments. Any
abusive activity you see coming from an internal IP is either coming from within your
network itself, or is the result of an error or misconfiguration.
- The IP address 127.0. 0.1 is a special-purpose IPv4 address and is called the localhost or
loopback address. All computers use this address as their own.
- 255.255. 255.255 – Represents the broadcast address, or place to route messages
to be sent to every device within a network.

Q.16 Consider the following routing table in a router. On which interface will an IP packet with
destination address 161.44.64.120 be forwarded? Solution:
Ans :- Interface b

Downloaded by Dr. R. Sampath ([email protected])

 lOMoARcPSD|59509133

Downloaded by Dr. R. Sampath ([email protected])

 lOMoARcPSD|59509133

Downloaded by Dr. R. Sampath ([email protected])

 lOMoARcPSD|59509133

Q.17 Which of the following IP address represent the broadcast address?

A. 144.16.255.255 class B (128-191) Subnet mask = 255.255.0.0

B.144. 16.0.255 144.16.255.255

255.255.0.0

144.16.0.0

C. 202. 0. 255.0 255.255.255.255

D. 202.0 .255.255

To identify the broadcast address, we need to find the address where all bits in the host portion
of the IP are set to 1. The network portion is determined by the subnet mask, and the remaining
bits represent the host portion.

Let's analyze each option:

A. 144.16.255.255

 This is a valid broadcast address if the network is 144.16.0.0 with a subnet mask of
255.255.0.0. All the host bits in the last two octets are set to 1, making it the broadcast
address for this network.

B. 144.16.0.255

 This does not represent a broadcast address. If the subnet mask is 255.255.255.0, then
144.16.0.255 could be a broadcast address, but it is not a valid broadcast address.

C. 202.0.255.0

 This is not a broadcast address. It is likely a host address or part of a subnet, but it
doesn't have the characteristic of a broadcast address (all host bits set to 1).

D. 202.0.255.255

 This could be a valid broadcast address if the network is 202.0.0.0 with a subnet mask
of 255.255.0.0. All the host bits in the last two octets are set to 1, making it the
broadcast address for this network.

Q.18. Which of the following is/are true for direct and indirect packet
delivery option?

a. Direct delivery occurs when the destination host and deliverer are not present
on same network.

Downloaded by Dr. R. Sampath ([email protected])

 lOMoARcPSD|59509133

b. Indirect delivery occurs when the destination host and deliverer are present
on same network.

c. In direct delivery, hosts of same network can exchange packets without

interference of router.

d. In direct delivery, an incoming packet to the router is forwarded to the

destination host present in the network.

e. In an indirect delivery, the packet goes from router to router until it reaches
the one connected to the same physical network as its final destination.

f. None of these.

Ans: - C, E

Explanation:

1. a. Direct delivery occurs when the destination host and deliverer are
not present on the same network.
 False: Direct delivery happens when both the sender and the receiver
(destination) are on the same network. If they are on different
networks, the packet has to be routed indirectly, which is known as
indirect delivery.
2. b. Indirect delivery occurs when the destination host and deliverer are
present on the same network.
 False: Indirect delivery happens when the sender and receiver are
on different networks. The packet must be forwarded through one
or more routers to reach the destination on a different network.
3. c. In direct delivery, hosts of the same network can exchange packets
without interference of router.
 True: This is correct. In a direct delivery scenario, if both hosts are
on the same local network, they can exchange packets directly
without involving a router. The packet is transmitted directly over
the local network (e.g., via MAC addresses).
4. d. In direct delivery, an incoming packet to the router is forwarded to
the destination host present in the network.
 False: In direct delivery, the packet doesn’t go through a router if
the sender and receiver are on the same network. If a router is
involved, it is indirect delivery because the router forwards the
packet between different networks.

Downloaded by Dr. R. Sampath ([email protected])

 lOMoARcPSD|59509133

5. e. In an indirect delivery, the packet goes from router to router until it

reaches the one connected to the same physical network as its final
destination.
 True: This describes the indirect delivery process correctly. In
indirect delivery, the packet is forwarded between routers across
multiple networks until it reaches the destination router, which is
connected to the final network where the destination host resides.

Q.19 In Open Shortest Path First (OSPF) routing approach, which of the
following packets is used to check if the neighbour router is up or not?

a. Link State Request.

b. Link Request Update.

c. Link State Acknowledgement

d. Using TCP 3-way handshake protocol.

e. None of these.

Ans: E

The correct packet used in OSPF to check if a neighbouring router is up is the

Hello packet. OSPF routers send Hello packets periodically to discover and
maintain neighbour relationships. If a router does not receive a Hello packet from
a neighbour within a specific interval (called the "Dead Interval"), it assumes the
neighbour is down.

Q.20 If a packet is to be delivered to all the hosts in a network, what kind of

address should be used to specify the destination?

a. Unicast address.

b. Broadcast address.

c. Any cast address.

d. None of these.

Ans:- B

Detail Solution: Unicast address is used if a packet is to be delivered to a specific

host. Broadcast address is used if a packet has to be delivered to all the hosts
within a network or subnetwork. Any cast address is used if a packet has to be
delivered to exactly one of the hosts in a network or subnetwork.

Downloaded by Dr. R. Sampath ([email protected])

 lOMoARcPSD|59509133

Q.21 How many bits are used to represent IPv4 and IPv6 addresses
respectively?

a. 4, 24

b. 24, 32

c. 32, 64

d. 32, 128 8.8.8.8

e. 255, 255

Ans: D

Detail Solution: IPv4 address is represented with 32 bits, and that for IPv6
requires 128 bits.

Q.22 When an entire IPv6 packet is included as payload inside an IPv4

packet, it is called _________.

a. Encapsulation

b. Tunnelling

c. Decapsulation

d. None of these

Ans: B

Detail Answer: When entire IPv6 packets are encapsulated within IPv4 packets,
it is called tunnelling. The IPv6 packet gets transmitted as data over an IPv4
network

Q.23 The size of base header in IPv6 datagram packet is ______ bytes.

Correct Answer: 40

Q.24 Consider the following statements:

(i) In transparent fragmentation, all fragmented packets are reassembled by an exit router.

(ii) In non-transparent fragmentation, all fragmented packets reassembled by host.

a. Only (i) is true.

b. Only (ii) is true.

Downloaded by Dr. R. Sampath ([email protected])

 lOMoARcPSD|59509133

c. Both (i) and (ii) are true.

d. Both (i) and (ii) are false.

Correct Answer: c

Detail Solution: In transparent fragmentation, in every network that a packet

passes through, all packets are routed through an exit router that assembles the
fragmented packets. In this approach the subsequent network(s) have no
information about fragmentation. Whereas in non-transparent fragmentation the
packets can be transmitted through multiple routers as the reassembly is done by
the destination host system.

Q.25 How many bits are used for IP address (in IP version 4) and port
number respectively.

a. 32, 8

b. 32, 16

c. 48, 8

d. 48, 16

Ans: Correct Answer: b

Detail Solution: 32 bits are used for IP address whereas 16 bits are used for port number.

Q.26. 50 parties want to exchange messages securely using a symmetric/private

key algorithm. The number of distinct key values required will be
?
Solutions: - 50 parties want to exchange message securely using a
symmetric key (Private key)
So, the number of distinct key values required will be (M value) let say m
= n(n-1)/2 10(10-1)/2 = 10(9)/2 = 5*9 = 45 distinct keys
= 50(50-1)/2
= 50*49/2
= 25*49
= 1225
Thus, 1,225 distinct keys are required for 50 parties to exchange messages
securely.

Downloaded by Dr. R. Sampath ([email protected])

 lOMoARcPSD|59509133

Q.27 50 parties want to exchange messages securely using an Asymmetric key

algorithm. The number of distinct key values required will be:

Solution: 50 parties want to exchange messages securely using an Asymmetric

(Public) key = 2*N 2*10=20
= 2*50
= 100

Q.28 For encryption using public-key cryptography, we use the

a. Receiver’s public key
b. Receivers’ private key
c. Sender’s public key

d. Sender’s private key

Ans. A
Solution: - Anyone can encrypt a message by using your public key, but only
you can read it. When you receive the message, you decrypt it by using your
private key.
Q.29 Consider a colour image of size 4000 x 4000, where each pixel is
stored in 24-bits (containing red, green and blue components as 8-bits
each). How many bytes of information can be hidden in the image by using
single-LSB steganography technique?

In single-LSB (Least Significant Bit) steganography, one bit of information is

hidden in the least significant bit of each pixel channel. A color image with 24
bits per pixel (8 bits for each of the Red, Green, and Blue components) has 3 bits
available for LSB steganography (one for each color component).

To calculate how many bytes of information can be hidden in the image, follow
these steps:

Downloaded by Dr. R. Sampath ([email protected])

 lOMoARcPSD|59509133

Q.30 For modular exponentiation computation of x19, how many squaring and
multiplication operations would be required?

19 = 1 0 0 1 1
= 16 8 4 2 1

Downloaded by Dr. R. Sampath ([email protected])

 lOMoARcPSD|59509133

Downloaded by Dr. R. Sampath ([email protected])

 lOMoARcPSD|59509133

Q.31 ____________is a specific Linux distribution based on Debian?

Ans: Kali Linux

Q.32 Dictionary Attack (Crunch tool used)

Password Attack (Hydra tool)

XSS (Cross-Site Scripting) (Burp suite tools used)

Denial-of-Service (DoS) (Slow Loris tools)

Q.33 Which of the following information is retrieved by port scanning?

Port generally specifies the services running on the systems, thus by port scanning
we can identify the services running on any target system.

Q.34 for OS and version detection -O and -sV option is used. OS and version can
also be scanned using only –A option which is known as aggressive scan, performs
various type of scanning such as port scanning, host scanning, OS and version
detection, vulnerabilities, etc.

Q.35 Which of the following statement(s) is/are true for user enumeration?

a. Enumeration refers to collecting details of users and their privileges.

b. User enumeration refers to collecting username and passwords.

c. NMAP does not have any script for user enumeration.

d. Hydra and crunch tool can be used for user enumeration.

Correct Answer: a

Q.36 Which of the following can be used for gaining same level privileges than existing one?

a. Vertical privilege escalation.

b. Horizontal privilege escalation.

c. Diagonal privilege escalation.

d. Triangular privilege escalation.

e. None of these.

Downloaded by Dr. R. Sampath ([email protected])

 lOMoARcPSD|59509133

Correct Answer: b

Detail Solution: Vertical privilege escalation refers to gaining higher than

existing privileges. Horizontal privilege escalation refers to acquiring the same
level of privilege with the identity of some other user. There is nothing called
diagonal/triangular privilege escalation.

Q.37. Sniffing is a process of monitoring and capturing all data packets passing
through a given network.

Q.38. In private key encryption, a single key is used by sender and receiver.

In public key encryption, separate keys are used by sender and receiver.

Q.39 In data encryption standard (DES), longer plain text is processed in ________ bit
blocks.

Correct Answer: 64

In the DES algorithm, the key size is 56 bits, plaintext length is 64-bit. It is a block
cipher; thus if the plain text is longer, then it is processed in 64-bit blocks.

Q.40 In AES the block length is limited to 128 bit, however the key length can
be 128, 192 or 256 bit.

Q.41 For decryption using public-key cryptography ____________ is used.

a. Receiver’s public key

b. Receiver’s private key

c. Sender’s public key

d. Sender’s private key

Correct Answer: b

If a sender A wants to carry out encryption on a message and send it to receiver

B using public-key cryptography, A will encrypt the given message using B’s
public key, so that it can be correctly decrypted by the receiver B using B’s
private key.

Q.42 Which of the following statement(s) is/are true.

a. The security of RSA algorithm is dependent on prime factorization problem.

Downloaded by Dr. R. Sampath ([email protected])

 lOMoARcPSD|59509133

b. RSA algorithm is vulnerable to man-in-the middle attack.

c. Diffie-Hellman approach can be used for encryption/decryption of message.

d. Symmetric encryption approaches are faster than asymmetric encryption.

e. None of these

Correct Answer: a, d

The security of the RSA algorithm depends on the complexity of factoring the product of two
large prime numbers. It is not vulnerable to man-in the middle attack. DiffieHellman is used
to exchange keys rather than encryption/decryption applications. Symmetric
encryption/decryption is much faster than asymmetric encryption/decryption.

Q.43 For message authentication, conventional encryption approach, MD2,

MD4, MD5, SHA-1, SHA-256, SHA-384, SHA512, RIPEMD-128 and RIPEMD-160
can be used.

Q.44 Which of the following statement(s) is/are true?

a. Hashing realizes a one-to-one mapping.

b. Encryption realizes a one-to-one mapping.

c. Hashing realizes a many-to-one mapping.

d. Encryption realizes a many-to-one mapping.

Correct Answer: b, c

Detail Solution: A hash function by definition realizes a many-to-one mapping,

where more than one message can get mapped to the same hash function. In
contrast, encryption realizes a one-to-one function, where a given plaintext
maps to a unique cipher text, and vice versa. The correct options are (b) and (c).

Q.45 Which of the following are hash functions?

a. MD5

b. Triple-DES

c. SHA-1

d. AES

Detail Solution: MD5 and SHA-1 are examples of hash function, while Triple-DES and AES are
examples of symmetric key encryption algorithm. The correct options are (a) and (c).

Downloaded by Dr. R. Sampath ([email protected])

 lOMoARcPSD|59509133

Q.46 Public-key encryption is the slowest, while hash function computation is

the fastest.

Q.47 In the DES algorithm, the block size is 64 bits and the key size is 56 bits.
Q.48 What kinds of algorithms are typically used in the computation of digital
signature?
Ans: Cryptographic hash function.
Q.49 Which of the following correspond to behavioural biometrics?
a. Biometrics that relate to human behavior.

b. Biometrics that relate to human body.

c. Biometrics that rely on the use of a powerful computer system.

d. None of these

Ans: a

Detail Solution: Behavioural biometrics refers to biometrics that relate to human

behavior, like signature (hand and finger movement) and Gait (walking style).
However, fingerprint, Iris scan and Retina scan are properties of the human body
and not dependent on the behavior. It does not rely on computing power.
Q.50 Which of the following attacks refer to the situation where an attacker
gains entry into the victim machine (or spoofs the IP address) and then sends a
ping request to a broadcast address?
a. SYN flooding attack.

b. Smurf denial-of-service attack.

c. DNS spoofing attack.
d. None of these.
Ans: -b
Q.51 Which of the following attacks rely on some vulnerability in the TCP connection establishment
phase?

a. SYN flooding attack.

b. DNS spoofing attack.

c. Smurf DoS attack.

d. None of these.

Correct Answer: a

Downloaded by Dr. R. Sampath ([email protected])

 lOMoARcPSD|59509133

Detail Solution: The SYN flooding attack tries to exploit a weakness in the TCP connection
establishment phase. The attacker floods the victim machine with a large number of TCP
connection requests, each of which is left as half-open (i.e. the third packet in 3-way
handshake is not sent). Each connection request will take up some resources on the victim
machine (e.g. port number, buffer space, etc.), and ultimately genuine requests will not get
processed.

Q.52 Which of the following is/are true for Botnet?

a. A Botnet refers to a host connected to the Internet that is under control of the attacker.

b. A Botnet host runs a number of bots that are repetitive code segments with some malicious intent.
c. It relies on IP spoofing to mount attacks.

d. All of these.

Correct Answer: a, b

Q.53 Burp suite is a tool that can be used for sniffing. With the help of payload
option available in intruder module, we can also perform password attack on
web applications.

Downloaded by Dr. R. Sampath ([email protected])