Page | 1
ITN 261 QUIZ 3 Questions and Verified
Answers
Question: Sniffers are fundamentally evil because they are only used to steal information.
T/F
Ans: FALSE
Question: Most networks and protocols are inherently secure making them difficult to
sniff. T/F
Ans: FALSE
Question: Promiscuous mode is a special mode that a network card can be switched to that
will allow the card to observe all traffic that passes by on the network. T/F
Ans: TRUE
Question: Typically, a computer system can see all communications, whether they are
addressed to the listening station or not. T/F
Ans: FALSE
Question: Content addressable memory (CAM) is the memory present on a switch that is
used to look up the Media Access Control (MAC) address to port mappings that are present
on a network. T/F
Ans: TRUE
Question: Content addressable memory (CAM) is used to build a lookup table.
Ans: TRUE
Question: A lookup table is used to track which Media Access Control (MAC) addresses are
present on which ports on the switch. T/F
Ans: TRUE
Question: Fail-open state results in closed and completely restricted access or
communication. T/F
, Page | 2
Ans: FALSE
Question: Active sniffing introduces traffic onto the network, meaning that the user's
presence is now detectable by anyone or anything that may be looking. T/F
Ans: TRUE
Question: Wireshark, Tcpdump, Windump, and Omnipeek are popular sniffing tools. T/F
Ans: TRUE
Question: Session hijacking is the process of assisting two parties in establishing a new
session. T/F
Ans: FALSE
Question: Active session hijacking takes sniffing to the next level by moving from listening
to interacting. T/F
Ans: TRUE
Question: It is easy for an attacker to predict the sequence numbers of the packets in order
to hijack a session successfully. T/F
Ans: FALSE
Question: A denial of service (DoS) attack is designed to deny legitimate users the use of a
system or service through the systematic overloading of its resources. T/F
Ans: TRUE
Question: A denial of service (DoS) attack is typically the first action an attacker will take
in an attempt to access a system. T/F
Ans: FALSE
Question: Over the past few years, the use of denial of service (DoS) attacks to commit
crimes such as extortion has decreased. T/F
Ans: FALSE
Question: Both denial of service (DoS) and distributed denial of service (DDoS) attacks seek
to overwhelm a victim with requests designed to lock up, slow down, or crash a system. T/F
, Page | 3
Ans: TRUE
Question: A denial of service (DoS) attack can be considered an "upgraded" and advanced
version of a distributed denial of service (DDoS) attack. T/F
Ans: FALSE
Question: In the first wave of a distributed denial of service (DDoS) attack, the targets that
will be the "foot soldiers" are infected with the implements that will be used to attack the
ultimate victim. T/F
Ans: TRUE
Question: A distributed denial of service (DDoS) attack can be performed using only a
software component; no hardware component is necessary. T/F
Ans: FALSE
Question: An application or device that is designed to capture network traffic as it moves
across the network itself is referred to as a:
hub.
protocol.
sniffer.
collision domain.
Ans: b. sniffer
Question: What type of sniffing takes place on networks such as those that have a hub as
the connectivity device?
Promiscuous sniffing
Protocol sniffing
Active sniffing
Passive sniffing
Ans: d. Passive sniffing
Question: With a hub connectivity device in place, all traffic can be seen by all other
stations, which can be also referred to as all stations being on the same:
collision domain.
switch.
, Page | 4
sniffer.
lookup table.
Ans: a. collision domain.
Question: What type of sniffing takes place on networks that have connectivity hardware
that is "smarter" or more advanced, such as those with a switch?
Promiscuous sniffing
Protocol sniffing
Active sniffing
Passive sniffing
Ans: c. Active sniffing
Question: A device used to break a network into logical network segments known as
collision domains is called a:
promiscuous mode.
switch.
sniffer.
lookup table.
Ans: b. switch
Question: Which of the following statements is NOT true regarding passive sniffing?
Passive sniffing is difficult to detect because the attacker does not broadcast anything on
the network as a practice.
Passive sniffing takes place and is effective when a hub is present.
Passive sniffing can be done very simply.
Passive sniffing works only when the traffic you wish to observe and the station that will
do the sniffing are in different collision domains.
Ans: d. Passive sniffing works only when the traffic you wish to observe and the station
that will do the sniffing are in different collision domains.
Question: Media Access Control (MAC) flooding and Address Resolution Protocol (ARP)
poisoning are:
forms of passive sniffing.
ITN 261 QUIZ 3 Questions and Verified
Answers
Question: Sniffers are fundamentally evil because they are only used to steal information.
T/F
Ans: FALSE
Question: Most networks and protocols are inherently secure making them difficult to
sniff. T/F
Ans: FALSE
Question: Promiscuous mode is a special mode that a network card can be switched to that
will allow the card to observe all traffic that passes by on the network. T/F
Ans: TRUE
Question: Typically, a computer system can see all communications, whether they are
addressed to the listening station or not. T/F
Ans: FALSE
Question: Content addressable memory (CAM) is the memory present on a switch that is
used to look up the Media Access Control (MAC) address to port mappings that are present
on a network. T/F
Ans: TRUE
Question: Content addressable memory (CAM) is used to build a lookup table.
Ans: TRUE
Question: A lookup table is used to track which Media Access Control (MAC) addresses are
present on which ports on the switch. T/F
Ans: TRUE
Question: Fail-open state results in closed and completely restricted access or
communication. T/F
, Page | 2
Ans: FALSE
Question: Active sniffing introduces traffic onto the network, meaning that the user's
presence is now detectable by anyone or anything that may be looking. T/F
Ans: TRUE
Question: Wireshark, Tcpdump, Windump, and Omnipeek are popular sniffing tools. T/F
Ans: TRUE
Question: Session hijacking is the process of assisting two parties in establishing a new
session. T/F
Ans: FALSE
Question: Active session hijacking takes sniffing to the next level by moving from listening
to interacting. T/F
Ans: TRUE
Question: It is easy for an attacker to predict the sequence numbers of the packets in order
to hijack a session successfully. T/F
Ans: FALSE
Question: A denial of service (DoS) attack is designed to deny legitimate users the use of a
system or service through the systematic overloading of its resources. T/F
Ans: TRUE
Question: A denial of service (DoS) attack is typically the first action an attacker will take
in an attempt to access a system. T/F
Ans: FALSE
Question: Over the past few years, the use of denial of service (DoS) attacks to commit
crimes such as extortion has decreased. T/F
Ans: FALSE
Question: Both denial of service (DoS) and distributed denial of service (DDoS) attacks seek
to overwhelm a victim with requests designed to lock up, slow down, or crash a system. T/F
, Page | 3
Ans: TRUE
Question: A denial of service (DoS) attack can be considered an "upgraded" and advanced
version of a distributed denial of service (DDoS) attack. T/F
Ans: FALSE
Question: In the first wave of a distributed denial of service (DDoS) attack, the targets that
will be the "foot soldiers" are infected with the implements that will be used to attack the
ultimate victim. T/F
Ans: TRUE
Question: A distributed denial of service (DDoS) attack can be performed using only a
software component; no hardware component is necessary. T/F
Ans: FALSE
Question: An application or device that is designed to capture network traffic as it moves
across the network itself is referred to as a:
hub.
protocol.
sniffer.
collision domain.
Ans: b. sniffer
Question: What type of sniffing takes place on networks such as those that have a hub as
the connectivity device?
Promiscuous sniffing
Protocol sniffing
Active sniffing
Passive sniffing
Ans: d. Passive sniffing
Question: With a hub connectivity device in place, all traffic can be seen by all other
stations, which can be also referred to as all stations being on the same:
collision domain.
switch.
, Page | 4
sniffer.
lookup table.
Ans: a. collision domain.
Question: What type of sniffing takes place on networks that have connectivity hardware
that is "smarter" or more advanced, such as those with a switch?
Promiscuous sniffing
Protocol sniffing
Active sniffing
Passive sniffing
Ans: c. Active sniffing
Question: A device used to break a network into logical network segments known as
collision domains is called a:
promiscuous mode.
switch.
sniffer.
lookup table.
Ans: b. switch
Question: Which of the following statements is NOT true regarding passive sniffing?
Passive sniffing is difficult to detect because the attacker does not broadcast anything on
the network as a practice.
Passive sniffing takes place and is effective when a hub is present.
Passive sniffing can be done very simply.
Passive sniffing works only when the traffic you wish to observe and the station that will
do the sniffing are in different collision domains.
Ans: d. Passive sniffing works only when the traffic you wish to observe and the station
that will do the sniffing are in different collision domains.
Question: Media Access Control (MAC) flooding and Address Resolution Protocol (ARP)
poisoning are:
forms of passive sniffing.
