Cybersecurity and Computer Systems Quiz

Questions and Answers

What is the term used to describe an ethical hacker attempting to break into a company's network to find the weakest link?

Security test

Script test

Penetration test (correct)

Packet test

What is a set of instructions that run in sequence to perform tasks on a computer system?

Black box

Script (correct)

Packet

Assessment

What is the name of the model that combines white and black box models?

White box

Gray box (correct)

Penetration box

Black box

What is the purpose of an IRC bot?

To send automatic responses to users

Can hacking tools be legal to possess?

Maybe, depending on the tool

Do laws involving computer technology change rapidly?

Yes, rapidly

What is a legal document that outlines the scope and limitations of a penetration test?

SOW

What type of contract outlines the confidential material that will be shared during an assessment?

NDA

Which of the following is not a step in the NIST SP 800-115 Methodology?

Scoping

What type of support resource might a pentester receive as part of a white box assessment?

Network diagrams

What is an example of a type of support resource that a pentester might not receive as part of a white box assessment?

PII of employees

Study Notes

Ethical Hacking

• Ethical hacking involves attempting to break into a company's network to find the weakest link in the network or network system, which is known as a penetration test.

Scripts and Automation

• A script is a set of instructions that run in sequence to perform tasks on a computer system.
• Scripts can be used to automate tasks and provide automatic responses to users, giving the appearance of a person being on the other side of the connection.

Hacking and Crackers

• Crackers are individuals who break into computer systems with malicious intent, and they may destroy data or cause harm to the system.
• Hacking tools are not always illegal to possess, and ethical hackers use these tools to help organizations improve their security.

Testing and Models

• There are different models used in testing, including the white box, black box, and gray box models.
• The gray box model is a hybrid of the white and black box models.

Computer Laws and Technology

• Laws involving computer technology change rapidly, just like technology itself.

Penetration Test Documentation

• A formal document that states what will and will not be performed during a penetration test is called a Statement of Work (SOW).

Confidentiality Agreements

• A legal contract outlining the confidential material or information that will be shared by the pentester and the organization during an assessment is called a Non-Disclosure Agreement (NDA).

NIST SP 800-115 Methodology

• The NIST SP 800-115 Methodology involves the following steps: Planning, Discovery, and Reporting.
• Scoping is not a step in the NIST SP 800-115 Methodology.

White Box Assessment Support Resources

• Examples of support resources that a pentester might receive as part of a white box assessment include: Network diagrams, SOAP project files, and XSD.
• PII (Personally Identifiable Information) of employees is not an example of a type of support resource that a pentester might receive as part of a white box assessment.

Description

Test your knowledge of cybersecurity concepts and computer systems with this quick quiz. Questions cover ethical hacking, network security, and programming terminology.