&
Daffodil International University
Department of Software Engineering
Faculty of Science & Information Technology
Midterm Exam Examination, Fall-2021
Course Code: C8334, Course Title: Ethical Hacking and Countermeasures with Lab
Level: 3 Term: 3 Section: A
‘Course Instructor: SB
‘Thursday 19 November, 2021 Time: 12:30pm-2:00pm
‘One hour and thirty mins (1:30) assessment; Total Marks: 25
James and Mike works in two reputed IT companies. James works as a senior software developer and
Mike is a penetration tester. For the last Thursday night they own two thickets for a resort and travelled
on the effective day. At the morning they entered into the mail hall building confirmed their reservation
for the hotel room. Suddenly Mike noticed that their reservation confirmation was sent to their mobile
phone using a web portal which was publicly available to all. As Mike knows the web security mechanisms
very well, he tried to get access on the portal. After some advance google searching and social engineering
methods he got the users name of a administrator. And, sequentially after doing a massive brute-force he
also cracked the password for that user. Now, they can modify any kind of changes into that web portal,
but as they didn’t had any bad intentions they disclosed their findings to the authorities. The management
welcomed their observations and gift them with a free trip to their intended places and a grand dinner
for that night.
SEC 1:
J Define reconnaissance and classify the types of reconnaissance with example, (2#3)=5
[CLO1, Level 1&4]
(143
% Explain DNS and How does it work?
[CLO1, Level 6]
SEC 2:
Username from google.
4. Austrate Xmas Scan and how does it work?
From the above scenario discover the possible ways that Mike can use for enumerating the
(3) [CLO2, Level 3]
(142}=3 [CLO2, Level 3]
SEC 3:(2) (CLO3, Level 1)
A. Show how does (intitle:"Index of" | intitle:"Directory Listing For") AND site:example.com dorking
will. Work.
the types of DNS zone transfer. (1+3)=4 {CLOI, Level 4]
4, Define DNS zone transfer, and cla:
Asa hacker sometimes you may need to do firewall bypass. Explain a method which you can use
to bypass firewall using nmap. (4) (CLO2, Level 2}