Cybersecurity and Computer Systems Quiz

Questions and Answers

What is the term used to describe an ethical hacker attempting to break into a company's network to find the weakest link?

Penetration test

What is a set of instructions that run in sequence to perform tasks on a computer system?

Script

What is the name of the model that combines white and black box models?

Gray box

What is the purpose of an IRC bot?

To send automatic responses to users Signup and view all the answers

Can hacking tools be legal to possess?

Maybe, depending on the tool Signup and view all the answers

Do laws involving computer technology change rapidly?

Yes, rapidly Signup and view all the answers

What is a legal document that outlines the scope and limitations of a penetration test?

SOW Signup and view all the answers

What type of contract outlines the confidential material that will be shared during an assessment?

NDA Signup and view all the answers

Which of the following is not a step in the NIST SP 800-115 Methodology?

Scoping Signup and view all the answers

What type of support resource might a pentester receive as part of a white box assessment?

Network diagrams Signup and view all the answers

What is an example of a type of support resource that a pentester might not receive as part of a white box assessment?

PII of employees Signup and view all the answers

Study Notes

Ethical Hacking

Ethical hacking involves attempting to break into a company's network to find the weakest link in the network or network system, which is known as a penetration test.

Scripts and Automation

A script is a set of instructions that run in sequence to perform tasks on a computer system.
Scripts can be used to automate tasks and provide automatic responses to users, giving the appearance of a person being on the other side of the connection.

Hacking and Crackers

Crackers are individuals who break into computer systems with malicious intent, and they may destroy data or cause harm to the system.
Hacking tools are not always illegal to possess, and ethical hackers use these tools to help organizations improve their security.

Testing and Models

There are different models used in testing, including the white box, black box, and gray box models.
The gray box model is a hybrid of the white and black box models.

Computer Laws and Technology

Laws involving computer technology change rapidly, just like technology itself.

Penetration Test Documentation

A formal document that states what will and will not be performed during a penetration test is called a Statement of Work (SOW).

Confidentiality Agreements

A legal contract outlining the confidential material or information that will be shared by the pentester and the organization during an assessment is called a Non-Disclosure Agreement (NDA).

NIST SP 800-115 Methodology

The NIST SP 800-115 Methodology involves the following steps: Planning, Discovery, and Reporting.
Scoping is not a step in the NIST SP 800-115 Methodology.

White Box Assessment Support Resources

Examples of support resources that a pentester might receive as part of a white box assessment include: Network diagrams, SOAP project files, and XSD.
PII (Personally Identifiable Information) of employees is not an example of a type of support resource that a pentester might receive as part of a white box assessment.