Ethical Hacking Grade 11 & 12: Chapter 2 - Introduction to Penetration Testing

Questions and Answers

PDF Questions PDF Answers

What is the main distinguishing factor between a white hat hacker and a black hat hacker?

The legality of their actions (correct)

Their motivation

The level of skill and knowledge

The type of systems they access

In the context of penetration testing, what is the significance of recognizing the common motivations of a hacker?

To better understand the mindset of a script kiddie

To differentiate between ethical and unethical hackers

To identify potential sources of internal threats

To anticipate the methods and techniques used by attackers (correct)

What distinguishes a gray hat hacker from white hat and black hat hackers?

Their focus on illegal activities while pretending to be ethical

Their involvement in both defensive and offensive security activities

Their ambiguous stance between ethical and unethical hacking (correct)

Their level of skill and expertise

Why is it important to differentiate between an internal target and an external target in penetration testing?

To prioritize security measures based on potential threat sources

What is the primary distinction between a hacker and a script kiddie?

The depth of their technical knowledge

How have the technical advancements influenced the amount of knowledge a hacker needs compared to previous hackers?

Increased the need for deeper understanding of systems

What is the primary motivation of a hacktivist?

Political or religious beliefs

Why are APT attacks challenging to defend against?

They remain hidden for an extended period of time

What was the target of the Stuxnet Worm, an example of an APT attack?

Devices controlling manufacturing processes

Which type of hacker is concerned only with taking down their target for a cause?

Suicide hacker

What is the main characteristic of a script kiddie?

Uses tools and scripts developed by real hackers

What is the primary goal of a cyber terrorist?

Causing severe disruption or widespread fear

What is the main characteristic of an advanced persistent threat (APT) attack?

Remains hidden for an extended period of time

What are the motives of hackers according to the text?

Greed, blackmail, and revenge

What is the motivation of a state sponsored hacker?

Attempting to gain top-secret information

What makes a black hat hacker different from a gray hat hacker?

Black hats may steal and sell customer data for profit, while gray hats aim to cause severe disruption or widespread fear.

What is the primary focus of a social engineering attack?

Manipulating human interaction to trick victims

Why is it difficult to protect data and assets against social engineering attacks?

Because human interaction is involved and can be easily manipulated

How can the impact of social engineering attacks be minimized?

By educating individuals to recognize and respond appropriately to such attacks

What is a key characteristic of social engineers?

Master manipulators with a keen sense for exploiting behaviors and signs

Why are social engineering attacks harder to track and catch compared to other cyber threats?

The involvement of human element makes it more challenging to detect and prevent

What is the best approach to defend against social engineering attacks?

Educating individuals to recognize and respond appropriately to social engineering attacks

What is the term for when an attacker intimidates the victim by promising negative consequences if they don't comply with the attacker's request?

Threatening

Which phase involves the attacker gathering information about the company or organization they'll attack?

Researcher

What does the term 'ignorance' refer to in the context of social engineering tactics?

The victim's lack of education in social engineering tactics and prevention

What is the term for when the attacker takes advantage of the relationship with the victim to extract information or accomplish the attacker's purposes?

Exploitation

What is the process called when the attacker gathers information about the target company through official websites, social media, dumpster diving, and other on-site observations?

Researcher

What is it called when the attacker exploits the victim's willingness to be helpful and assist them out of a sense of responsibility?

Leveraging moral obligation