Certified Network Defender (CND)

Module - MCQ Questionnaire

Instructions
1. Number of Questions: This questionnaire consists of 50 multiple-choice questions
(MCQs).
2. Submission Deadline: All answers must be submitted before 7th June.
3. Discussion Session:
o Date: 6th October 2024
o Format: Online
o Time: 9.00am – 12.00 noon

Student Information

• Name: Mohammed Nilafar Musab

• Student ID: DIP|CS|13|027

• Course: Certified Network Defender (CND)

Submission Guidelines
1. Answer Format:
o Select the correct answer for each MCQ.
o Ensure each answer is clearly typed at the end of the question.
2. Submission Method:
o Submit your completed questionnaire through the designated online portal
or as instructed by your course coordinator.
3. Deadline Adherence: Late submissions will not be accepted. Ensure you submit
before the deadline of 6th October 2024 before 12.30 noon
4. Academic Integrity: Maintain honesty and integrity while answering. Any form of
plagiarism or dishonesty will result in disqualification.
 1. John works as a C programmer. He develops the following C program:

His program is vulnerable to a Buffer overflow attack.

A. SQL injection
B. Denial-of-Service
C. Buffer overflow
D. Cross site scripting

2. Match the terms with their descriptions. (Type the Term in order with the descriptions)

ANSWERTrojan horse: It is malicious software program that contains hidden code and
masquerades itself as a normal program.

Ping sweep: It is a technique used to determine which of a range of IP addresses map to live
hosts.

Spamware: It is software designed by or for spammers to send out automated spam e-mail.

Backdoor: It is any program that allows a hacker to connect to a computer without going
through the normal authentication process.
3. FILL BLANK -
Fill in the blank with the appropriate term. _NetRanger is the complete network
configuration and information toolkit that uses multi-threaded and multi-connection
technologies in order to be very fast and efficient.

4. FILL BLANK -
Fill in the blank with the appropriate term. A_Biometric device is used for uniquely
recognizing humans based upon one or more intrinsic physical or behavioral traits.

5. Which of the following analyzes network traffic to trace specific transactions and can
intercept and log traffic passing over a digital network? Each correct answer represents a
complete solution. Choose all that apply.

A. Wireless sniffer
B. Spectrum analyzer
C. Protocol analyzer
D. Performance Monitor
Answer: A&C
6. In which of the following conditions does the system enter ROM monitor mode? Each
correct answer represents a complete solution. Choose all that apply.
A. The router does not have a configuration file.
B. There is a need to set operating parameters.
C. The user interrupts the boot sequence.
D. The router does not find a valid operating system image.
Answer:C & D
7. Which of the following protocols is used for exchanging routing information between two
gateways in a network of autonomous systems?

A. IGMP
B. ICMP
C. EGP
D. OSPF
Answer:C
8. Which of the following is a 16-bit field that identifies the source port number of the
application program in the host that is sending the segment?

A. Sequence Number
B. Header Length
C. Acknowledgment Number
D. Source Port Address
Answer:D
FILL BLANK -
9. Fill in the blank with the appropriate term. Network reconnaissance is typically carried out
by a remote attacker attempting to gain information or access to a network on which it is
not authorized or allowed.
10. FILL BLANK -
Fill in the blank with the appropriate term. The DCAP is an application layer protocol that is
used between workstations and routers for transporting SNA/
NetBIOS traffic over TCP sessions.
11. John works as a professional Ethical Hacker. He has been assigned the project of testing the
security of www.we-are-secure.com. He is using a tool to crack the wireless encryption keys.
The description of the tool is as follows:

`It is a Linux-based WLAN WEP cracking tool that recovers encryption keys. It operates by
passively monitoring transmissions. It uses Ciphertext Only Attack and captures
approximately 5 to 10 million packets to decrypt the WEP keys.`

Which of the following tools is John using to crack the wireless encryption keys?
A. PsPasswd
B. Kismet
C. AirSnort
D. Cain
Answer: C
12. Which of the following is a process that detects a problem, determines its cause, minimizes
the damages, resolves the problem, and documents each step of response for future
reference?
A. Incident response
B. Incident handling
C. Incident management
D. Incident planning
Answer: A
13. Which of the following is designed to detect the unwanted presence of fire by monitoring
environmental changes associated with combustion?
A. Fire sprinkler
B. Fire suppression system
C. Fire alarm system
D. Gaseous fire suppression
Answer: C
14. Which of the following is an intrusion detection system that monitors and analyzes the
internals of a computing system rather than the network packets on its external interfaces?
A. IPS
B. HIDS
C. DMZ
D. NIDS
Answer: B
15. In which of the following types of port scans does the scanner attempt to connect to all
65535 ports?
A. UDP
B. Strobe
C. FTP bounce
D. Vanilla
Answer: D
16. Which of the following is a firewall that keeps track of the state of network connections
traveling across it?

A. Stateful firewall
B. Stateless packet filter firewall
C. Circuit-level proxy firewall
D. Application gateway firewall
Answer: A
17. Which of the following is an intrusion detection system that monitors and analyzes the
internals of a computing system rather than the network packets on its external interfaces?
A. IPS
B. HIDS
C. DMZ
D. NIDS
Answer:B
18. FILL BLANK -
Fill in the blank with the appropriate word. The quantitative risk analysis process analyzes
the effect of a risk event deriving a numerical value.

19. Which of the following is a tool that runs on the Windows OS and analyzes iptables log
messages to detect port scans and other suspicious traffic?
A. Nmap
B. Hping
C. NetRanger
D. PSAD
Answer:D
20. Which of the following is a distributed multi-access network that helps in supporting
integrated communications using a dual bus and distributed queuing?
A. Logical Link Control
B. Token Ring network
C. Distributed-queue dual-bus
D. CSMA/CA
Answer:D
21. Which of the following is a distributed application architecture that partitions tasks or
workloads between service providers and service requesters? Each correct answer
represents a complete solution. Choose all that apply.
A. Client-server computing
B. Peer-to-peer (P2P) computing
C. Client-server networking
D. Peer-to-peer networking
Answer: A&B
22. Which of the following is an attack on a website that changes the visual appearance of the
site and seriously damages the trust and reputation of the website?
A. Website defacement
B. Zero-day attack
C. Spoofing
D. Buffer overflow
Answer: A
23. Which of the following cables is made of glass or plastic and transmits signals in the form of
light?
A. Coaxial cable
B. Twisted pair cable
C. Plenum cable
D. Fiber optic cable
Answer: A
24. Which of the following is a network that supports mobile communications across an
arbitrary number of wireless LANs and satellite coverage areas?
A. LAN
B. WAN
C. GAN
D. HAN
Answer: C
25. FILL BLANK -
Fill in the blank with the appropriate term. A_token Ring network is a local area network
(LAN) in which all computers are connected in a ring or star topology and a bit- or token-
passing scheme is used for preventing the collision of data between two computers that
want to send messages at the same time.

26. Which of the following techniques is used for drawing symbols in public places for
advertising an open Wi-Fi wireless network?
A. Spamming
B. War driving
C. War dialing
D. Warchalking
Answer:D
27. Which of the following is a standard protocol for interfacing external application software
with an information server, commonly a Web server?
A. DHCP
B. IP
C. CGI
D. TCP

Answer:C
28. Which of the following honeypots provides an attacker access to the real operating system
without any restriction and collects a vast amount of information about the attacker?
A. High-interaction honeypot
B. Medium-interaction honeypot
C. Honeyd
D. Low-interaction honeypot
Answer: A
29. Which of the following representatives of the incident response team takes forensic backups
of systems that are the focus of an incident?
A. Technical representative
B. Lead investigator
C. Information security representative
D. Legal representative
Answer: B
30. Which of the following representatives of the incident response team takes forensic backups
of systems that are the focus of an incident?
A. Technical representative
B. Lead investigator
C. Information security representative
D. Legal representative
Answer:A
31. Which of the following protocols uses a control channel over TCP and a GRE tunnel
operating to encapsulate PPP packets?
A. PPTP
B. ESP
C. LWAPP
D. SSTP
Answer: A
32. Which of the following procedures is designed to enable security personnel to identify,
mitigate, and recover from malicious computer incidents, such as unauthorized access to a
system or data, denial-of-service, or unauthorized changes to system hardware, software, or
data?
A. Cyber Incident Response Plan
B. Crisis Communication Plan
C. Disaster Recovery Plan
D. Occupant Emergency Plan
Answer: A
33. Which of the following TCP commands are used to allocate a receiving buffer associated
with the specified connection?
A. Send
B. Close
C. None
D. Receive
E. Interrupt

Answer: D
34. You work as a professional Computer Hacking Forensic Investigator for DataEnet Inc. You
want to investigate e-mail information of an employee of the company.
The suspected employee is using an online e-mail system such as Hotmail or Yahoo. Which
of the following folders on the local computer will you review to accomplish the task? Each
correct answer represents a complete solution. Choose all that apply.
A. History folder
B. Temporary Internet Folder
C. Cookies folder
D. Download folder
Answer:A,B&C
35. Which of the following layers of the TCP/IP model maintains data integrity by ensuring that
messages are delivered in the order in which they are sent and that there is no loss or
duplication?
A. Transport layer
B. Link layer
C. Internet layer
D. Application layer
Answer:A
36. Which of the following is a telecommunication service designed for cost-efficient data
transmission for intermittent traffic between local area networks (LANs) and between end-
points in a wide area network (WAN)?
A. PPP
B. Frame relay
C. ISDN
D. X.25
E. None
Answer:B
37. Which of the following policies is a set of rules designed to enhance computer security by
encouraging users to employ strong passwords and use them properly?
A. Information protection policy
B. Remote access policy
C. Group policy
D. Password policy
Answer:D
38. Which of the following biometric devices is used to take impressions of the friction ridges of
the skin on the underside of the tip of the fingers?
A. Facial recognition device
B. Iris camera
C. Voice recognition voiceprint
D. Fingerprint reader

Answer:D
39. Peter, a malicious hacker, obtains e-mail addresses by harvesting them from postings, blogs,
DNS listings, and Web pages. He then sends a large number of unsolicited commercial e-mail
(UCE) messages to these addresses. Which of the following e-mail crimes is Peter
committing?
A. E-mail spam
B. E-mail storm
C. E-mail bombing
D. E-mail spoofing
Answer:A
40. Peter, a malicious hacker, obtains e-mail addresses by harvesting them from postings, blogs,
DNS listings, and Web pages. He then sends a large number of unsolicited commercial e-mail
(UCE) messages to these addresses. Which of the following e-mail crimes is Peter
committing?
A. E-mail spam
B. E-mail storm
C. E-mail bombing
D. E-mail spoofing
Answer:A
41. DRAG DROP -
George works as a Network Administrator for Blue Soft Inc. The company uses Windows
Vista operating system. The network of the company is continuously connected to the
Internet. What will George use to protect the network of the company from intrusion?
Select and Place: Answer:Firewall,Router,Window Defender and Switch

42. Which of the following are the common security problems involved in communications and
email? Each correct answer represents a complete solution. Choose all that apply.
A. Message replay
B. Identity theft
C. Message modification
D. Message digest
E. Message repudiation
F. Eavesdropping
G. False message
Answer:A,B,C,E,F & G
43. Which of the following layers of TCP/IP model is used to move packets between the Internet
Layer interfaces of two different hosts on the same link?
A. Application layer
B. Internet layer
C. Link layer
D. Transport Layer
E. None
Answer:C
44. FILL BLANK -
Fill in the blank with the appropriate term. Disaster Recovery is the process, policies, and
procedures related to preparing for recovery or continuation of technology infrastructure
critical to an organization after a natural or human-induced disaster.

45. You are advising a school district on disaster recovery plans. In case a disaster affects the
main IT centers for the district they will need to be able to work from an alternate location.
However, budget is an issue. Which of the following is most appropriate for this client?
A. Warm site
B. Cold site
C. Hot site
D. Off site
Answer:B
46. Which of the following techniques uses a modem in order to automatically scan a list of
telephone numbers?
A. War driving
B. War dialing
C. Warchalking
D. Warkitting
Answer:B
47. FILL BLANK -
Fill in the blank with the appropriate file system. Alternate Data Streams (ADS) is a feature of
the NTFS file system, allowing more than one data stream to be associated with a filename.

48. Which of the following policies is used to add additional information about the overall
security posture and serves to protect employees and organizations from inefficiency or
ambiguity?
A. User policy
B. IT policy
C. Issue-Specific Security Policy
D. Group policy
Answer:C
49. Which of the following statements best describes the consequences of the disaster recovery
plan test?
A. The plan should not be changed no matter what the results of the test would be.
B. The results of the test should be kept secret.
C. If no deficiencies were found during the test, then the test was probably flawed.
D. If no deficiencies were found during the test, then the plan is probably perfect.
Answer:C
FILL BLANK -
50. Fill in the blank with the appropriate term. Asymmetric encryption is a type of
encryption that uses two keys, i.e., a public key and a private key pair for data encryption. It
is also known as public key encryption.

51. Which of the following can be performed with software or hardware devices in order to
record everything a person types using his or her keyboard?
A. Warchalking
B. Keystroke logging
C. War dialing
D. IRC bot
Answer:B