Ethical Hacking and CVSS Principles

Questions and Answers

What is the primary purpose of CVSS in organizations?

To measure vulnerability severity accurately and consistently (correct)

To encrypt sensitive data

To ensure compliance with regulatory standards

To monitor network traffic

Which of the following is listed as a common use of CVSS?

Creating marketing strategies

Prioritizing vulnerability remediation activities (correct)

Developing new software systems

Conducting employee training

What type of attack is represented by an unauthorized user accessing a secured network?

Evil twin

Social engineering

Man-in-the-middle

Piggybacking (correct)

How does an evil twin attack function?

Through a fraudulent Wi-Fi access point

What is the primary risk when users log into unsecured accounts with an evil twin setup?

Interception of sensitive information

Which action can attackers easily perform with a fake access point after gaining credentials?

Connect to other related networks

What is a key characteristic of an evil twin access point?

It adopts the same SSID and BSSID of nearby Wi-Fi networks

What makes evil twin attacks particularly challenging to detect?

The ability to shut down instantly

What technique might ethical hackers use to bypass security systems during their testing?

Leaving USB drives with auto-start software in public areas

Which of the following methods is NOT mentioned as a technique for ethical hackers?

Malware distribution

Which tool is specifically mentioned as a security scanner used by ethical hackers?

Nessus

What vulnerability related to WPA3 encryption allows attackers to gain access to networks?

Dragonblood

What is a potential consequence of employing long-term infiltration tactics in ethical hacking?

Access to highly sensitive information over time

Which of the following is an advantage of WPA3 over WPA2?

Protection against offline dictionary attacks

What is the main purpose of frameworks like Metasploit in ethical hacking?

To provide a platform for vulnerability demonstration and exploitation

Which of the following best describes a 'back-door' in the context of ethical hacking?

A hidden method to bypass normal authentication

What potential issue occurs when file system permissions are improperly set?

Legitimate binaries can be replaced with malicious ones.

What is the primary consequence of a process running under higher-level permissions after binary replacement?

The replaced binary executes under higher-level permissions.

Which method of password cracking is known for requiring the least computational effort?

Dictionary attack

What does a brute force attack require from the attacker?

A specific set of predefined values to test

Which of the following vulnerabilities would allow an anonymous user to upload files to a Linux FTP server?

Improper file system permissions

What is a disadvantage of using brute force attacks compared to other methods?

They can take an extensive amount of time for complex passwords.

Which process command can demonstrate that a binary file is actively running on a system?

ps

What could indicate that a system has been compromised via an FTP server?

Presence of unknown files in the root directory.

What is one significant disadvantage of bug bounty programs for organizations?

They might generate a high volume of low-quality submissions.

Why might organizations miss out on the benefits of a bug bounty program?

They are unable to quickly address known problems.

Which statement accurately describes the majority focus of bug bounty participants?

72% are focused on web site vulnerabilities.

What is a possible consequence of having an insufficient number of participants in a bug bounty program?

The program may not identify any vulnerabilities.

What is a potential risk of allowing freelance researchers to test an organization's network?

It can lead to security breaches if not managed correctly.

Why might organizations not achieve a significant return on investment (ROI) from bug bounties?

They are seeking vulnerabilities requiring specialized experience.

What is a consideration for organizations regarding the timing of bug bounty reports?

There is no guarantee on the timing or receipt of reports.

What happens if a bug bounty program doesn't lead to finding unknown issues for the company?

The program has little to no value for the organization.

What is the primary function of an evil twin access point in a phishing scam?

To lure victims to a phishing site

What term describes the risk that remains after all countermeasures have been applied?

Residual risk

What is the main purpose of session splicing in an IDS evasion technique?

To make it hard for IDS to detect attacks

Which tool is designed for performing session splicing attacks?

Whisker

What might a hacker do after collecting sensitive data from a phishing site?

Disconnect the victim from the fake site

What common misconception is associated with inherent risks?

They can be entirely eliminated with proper controls

What characteristics define a phishing site created through an evil twin attack?

Lures victims for sensitive data

When an IDS stops reassembling a packet stream, what can lead to this situation?

Failure to receive packets within a reasonable time

Which advantage is associated with using both symmetric and asymmetric cryptography in SSL/TLS?

It allows less-powerful devices to utilize symmetric encryption.

Calculate the Annual Loss Expectancy (ALE) if the Single Loss Expectancy (SLE) is $440 and the Annual Rate of Occurrence (ARO) is 0.33.

$145.2

What is the Annual Rate of Occurrence (ARO) if a hard drive failure happens once every three years?

0.33

Which of the following is true regarding recovery costs associated with a hard drive failure?

Restoring the OS and software requires additional labor costs.

Which attack type is identified as a known plaintext attack against DES that shows no added security with double encryption?

Meet-in-the-middle attack

What is the cost of recovering a database and restoring the OS if each task takes 10 hours and 4 hours respectively at a rate of $10/hour?

$440

If the exposure factor (EF) is set to 1 (100%), what impact does it have on Single Loss Expectancy (SLE)?

It increases SLE to the asset value.

In the context of SSL/TLS, what typically characterizes asymmetric cryptography?

It is suitable for securely negotiating session keys.

Study Notes

General Information

• No specific information was provided to create study notes. Please provide more details.

Description

Test your knowledge on the primary purposes and uses of the Common Vulnerability Scoring System (CVSS) within organizations. This quiz covers various aspects of ethical hacking, including techniques, types of attacks, and specific tools used by ethical hackers. Delve into the concepts surrounding evil twin attacks and their implications in network security.