Ethical Hacking Course GCyB - II

Questions and Answers

What is the primary goal of the pre-assessment phase in vulnerability management?

To monitor systems continuously

To create a baseline for vulnerability management (correct)

To conduct a vulnerability scan

To implement remediation strategies

Which step is NOT included in creating a baseline during the pre-assessment phase?

Prioritize critical assets

Identify business processes

Conduct penetration testing (correct)

Understand network architecture

What is one of the tasks involved in the pre-assessment phase?

Performing vulnerability scans

Identifying controls already in place (correct)

Verifying the assessment results

Remediation of vulnerabilities

In which phase do organizations typically identify vulnerabilities in their infrastructure?

Vulnerability assessment phase

What should be prioritized when creating an inventory of all assets during the pre-assessment phase?

Prioritize critical assets

What is a key aspect of understanding before defining the scope of the assessment?

Network architecture and infrastructure

What is accomplished during the risk assessment post the vulnerability assessment phase?

Analysis of identified vulnerabilities

During the pre-assessment phase, what type of documents or procedures are designed?

Information protection procedures

What is the primary role of NVD staff in relation to CVEs?

To aggregate data points from various sources

What is the purpose of the Common Weakness Enumeration (CWE)?

To categorize software and hardware vulnerabilities

Which of the following best describes a vulnerability assessment?

A systematic process for identifying and evaluating security vulnerabilities

Who provides the information that NVD relies on for CVE attributes?

Vendors, third party security researchers, and vulnerability coordinators

What is one of the main goals of conducting a vulnerability assessment?

To identify weaknesses before they are exploited

What is the maximum prison sentence for a first conviction of obtaining national security information under the CFAA?

Up to ten years

What penalty is specified for intentionally disrupting the operation of an automated data processing system under Law 07-03?

One to three years of imprisonment

Under the CFAA, how long can a second conviction for accessing a computer to defraud and obtain value result in imprisonment?

Up to ten years

Which of the following acts is punishable by a maximum fine of 200,000 dirhams under Law 07-03?

Fraudulently introducing data into a system

What is the penalty for trafficking in passwords under the CFAA for a first conviction?

Up to one year

Which of the following actions is punishable by a minimum of one year under the CFAA?

Accessing a computer and obtaining information

What is the maximum imprisonment term for a second conviction of extortion involving computers under the CFAA?

Ten years

What is the punishment for fraudulently accessing part of an automated data processing system under Law 07-03?

One to three months and a fine

What does the ACK flag indicate in a network packet?

It acknowledges the successful receipt of a packet.

Which of the following statements is true regarding the FIN flag?

It ends a connection after its transmission.

What is Zenmap known for?

It is the official Graphical User Interface (GUI) for Nmap.

Which command is used for performing a scan with Nmap from within Metasploit?

nmap -sS 192.168.1.5

What type of scanning technique is provided by the Metasploit framework?

Nmap integration for compiling security reports.

In the context of Metasploit, what is the TCP Port Scan auxiliary module used for?

To scan open ports on a target.

What functionality does the PSH flag provide?

It indicates urgent data should be prioritized.

Which of the following commands would initiate a ping sweep in Metasploit?

auxiliary/scanner/icmp_ping

What does receiving an RST packet in response to an empty TCP ACK packet indicate?

The target host is active.

Which Nmap command is used to perform a TCP ACK ping?

nmap -sn -PA TargetIP

What is the purpose of the UDP ping technique in host discovery?

To check if the host is active based on UDP responses.

What response is expected from the targeted host when an ICMP 'echo request' is sent?

An ICMP 'echo reply' packet.

What kind of packets are used in the IP Protocol Ping technique?

Packets from different IP protocols such as ICMP, IGMP, TCP, or UDP.

Which of the following commands would you use for an ICMP ping using Nmap?

nmap -sn -PE TargetIP

What type of errors might be returned if a target host is offline during a UDP ping?

Host/network unreachable or TTL exceeded.

Which statement about TCP ACK Ping is accurate?

It uses an empty TCP ACK packet and expects an RST response.

What protocol is used for remote desktop access?

RDP

Which protocol uses TCP port 445?

SMB

Which tool is specifically designed for service enumeration and includes modules for various services?

Metasploit

What is the default port for Microsoft's SQL Server protocol?

1433

What syntax is used in Nmap for running a script against a specific port?

Nmap -p --script

On which UDP ports does NetBIOS operate?

137 and 138

What does a NetBIOS name record type's 16th character represent?

Reserved for service or name record type

Nmap's Scripting Engine (NSE) is primarily used for which of the following?

Extracting valuable service information

Study Notes

Abdelmalek Essaadi University

• Ethical Hacking course
• GCyB - II
• 2024-2025
• Instructor: Youssef SBAYTRI

Ethical Hacking Topics

• Introduction to hacking
• Footprinting/Information gathering
• Scanning and Enumeration
• Vulnerability Analysis
• Systems Hacking
• Networks Hacking

What is Hacking?

• The activity of getting into someone else's computer system without permission, to gain information or do illegal actions.
• The use of unconventional or illicit means to gain unauthorized access to a digital device, computer system, or computer network.
• Refers to unauthorized access to a system or network, often to exploit data or manipulate its normal behavior.
• Identifying and exploiting weaknesses in a computer system or network, usually to gain unauthorized access to personal or organizational data.

What is Ethical Hacking ?

• The use of hacking techniques for defensive or protective purposes.
• Ethical hackers use their skills to test the security of computer systems, networks, or applications.
• The term “ethical hacking” is usually used interchangeably with penetration testing.
• Penetration testing (Pentesting) is the practice of simulating a cyber attack on a computer system, network, or application to identify vulnerabilities
• Ethical hacking and penetration testing are legal as long as they are done with the permission and knowledge of the system owner.

Key Differences Between Ethical Hacking and Penetration Testing

• Ethical Hacking: Less defined scope of work. Utilizes any attack vector to breach a system. Has visibility to organization's infrastructure. Not a requirement for compliance frameworks. Should have detailed knowledge of TTP (Tactics, Techniques, and Procedures) and various tools. No mandatory requirement to be an expert in report writing.
• Penetration Testing: Well-defined scope of work. Attack vectors defined before testing. Limited/no information of organization's infrastructure. Required for some compliance frameworks. Requires sound knowledge of the dedicated domain. Comes with fool-proof report writing.

Why Ethical Hacking is Necessary

• To prevent hackers from gaining access to an organization's systems and data.
• To identify and assess vulnerabilities in systems in order to evaluate their potential security risks.
• To provide adequate preventive measures to avoid security breaches.
• To assess and harden the organization's security posture.
• To enhance security awareness at all levels.

Required Skills of an Ethical Hacker

• Profound familiarity with leading operating environments such as Windows, Linux, and MacOS
• In-depth knowledge of networking concepts, technologies, and related hardware and software.
• The knowledge of security areas and related issues.
• Ability to quickly learn and adapt new technologies.
• Strong work ethic and good problem-solving and communication skills
• Commitment to an organization's security policies.
• Awareness of local standards and laws.

Hacking Methodologies

• Learning hacking methodologies and frameworks helps ethical hackers understand the different phases.
• This course presents various hacking methodologies such as:
  • EC-Council CEH methodology
  • Cyber Kill Chain methodology
  • MITRE attack framework

CEH Hacking Methodology

• Footprinting
• Scanning
• Enumeration
• Vulnerability analysis
• Gaining Access
• Escalating privileges
• Maintaining Access
• Clearing Logs

Cyber Kill Chain Methodology

• Reconnaissance
• Gathering email addresses, personal information, etc.
• Delivery
• Delivering weaponized payload to the victim via email, USB, etc.
• Weaponization
• Coupling exploit with backdoor into deliverable payload
• Exploitation
• Exploiting a vulnerability
• Installation
• Installing malware on the asset
• Actions on Objectives
• Performing actions to achieve intended objectives
• Command & Control (C2)
• Command channel for remote manipulation of victim

MITRE ATT&CK Framework

• A globally accessible knowledge base of adversary tactics and techniques based on real-world observations.
• Comprises three collections of tactics and techniques (Enterprise, Mobile, and ICS).

Laws and Regulations

• Laws are a system of rules and guidelines that are enforced by a country/community.
• Ethical hacking involves probing systems.
• Understanding relevant laws, cybersecurity regulations (e.g., PCI-DSS, HIPAA), and industry standards ensures compliance and credibility. (Additional subsections on specific cyber laws are also included).

Footprinting and Reconnaissance

• Collecting maximum information about a target organization including infrastructure, assets, and personnel.
• Passive Footprinting: Collecting information without direct interaction.
• Active Footprinting: Collecting information with direct interaction.

Types of gathered information

• Organization information (employee details, phone numbers, locations)
• Network information (domain names, networks, IP addresses of systems)
• System information (OS, location of servers, email addresses, usernames, passwords)

Footprinting Techniques

• Through Search Engines

  • Google Dorking
  • Advanced Operators
  • Exploit Databases

• Through Web Services

• Website Footprinting

• Email Footprinting

• Whois and DNS Footprinting

• Social Engineering

• Eavesdropping, Shoulder Surfing, Dumpster Diving, Impersonation

OSINT Framework

• An open-source intelligence gathering framework.
• Focused on collecting information from free tools or resources.
• Lists various tools arranged by category.

Footprinting Countermeasures

• Security Training
• Password Policies
• Secure Data Handling
• Removing ex-employees and accounts
• Internet Registrar Sanitation
• Blocking External Access
• Monitoring

Vulnerability Analysis

• Introduction to vulnerabilities (weaknesses)
• Classification of vulnerabilities (misconfigurations, application flaws, outdated software, design flaws, etc.)
• Vulnerability research methods
• Vulnerability Scoring systems and Databases (e.g., CVSS)

Vulnerability Assessment

• Vulnerability Assessment process stages (pre-assessment, assessment, post-assessment)
• Types of Vulnerability Assessment (Active, Passive, External, Internal, etc.)
• Vulnerabilities Assessment tools

Network Hacking

• Network sniffing
• MAC flooding
• DHCP attacks
• ARP Spoofing Attacks
• DNS Posioning
• Proxy Server DNS poisoning

Wireless Networks

• Wireless concepts
  • Wireless encryption
  • Wireless threats
    • Access Control
    • Integrity
    • Confidentiality
    • Availability
• Wireless hacking methodology
• Wireless hacking tools
• Wireless hacking countermeasures

Description

This quiz covers the essential topics from the Ethical Hacking course at Abdelmalek Essaadi University for the academic year 2024-2025. It includes questions on hacking fundamentals, vulnerability analysis, and techniques used by ethical hackers. Assess your knowledge on protecting systems and networks from unauthorized access.