Penetration Testing and Ethical Hacking Course

Questions and Answers

What is the primary goal of the course on Penetration Testing, Ethical Hacking and Network Defense?

• To develop new hacking tools for malicious purposes
• To teach students how to conduct ethical hacking and protect systems from attacks (correct)
• To train students to become proficient programmers
• To prepare students for a career in human resource management

Which of the following is a skill students are expected to acquire by the end of the course?

• Performing reconnaissance on a target network using various techniques (correct)
• Developing business strategies for startups
• Installing operating systems
• Managing human resources in a corporate setting

According to the course objectives, what aspect of ethical hacking is emphasized?

• Identifying potential job opportunities in the industry
• Understanding the legal boundaries and limitations of ethical hackers (correct)
• Creating new malware for testing purposes
• Designing web applications for better user engagement

What type of roles and credentials should students evaluate as part of their learning?

The credentials of penetration testers and ethical hackers (D)

What type of damage can malicious software cause, as highlighted in the course objectives?

Disrupting system operations and stealing data (B)

Which of the following is NOT a focus area in the Penetration Testing course?

Assessing customer satisfaction in service industries (D)

What scripting languages are students expected to learn for ethical hacking?

Open-source scripting languages and hacking toolkits (B)

What is emphasized as a method for understanding vulnerabilities in operating systems?

Classifying and enumerating vulnerabilities in Microsoft and Linux Operating Systems (C)

What percentage of the overall evaluation is attributed to the mid-module examination?

25% (A)

Which of the following best describes a threat in the context of ethical hacking?

An actor or agent attempting to cause harm (A)

What does an exploit refer to in the context of ethical hacking?

The tool or method used to take advantage of a vulnerability (C)

What is one of the key responsibilities of an ethical hacker?

To perform assessments within legal boundaries (C)

What is the primary goal of ethical hacking?

To improve a target's security by identifying vulnerabilities (C)

Which of the following statements best defines a vulnerability?

It is a flaw that can be exploited by an attacker (A)

What do the 'Rules of Engagement' typically describe in a penetration testing scenario?

How the testing will be performed (B)

How do ethical hacking and penetration testing differ?

Penetration testing is a type of ethical hacking that simulates attacks (A)

What is the purpose of the Non-Disclosure Agreement (NDA) in ethical hacking?

To prevent unauthorized information sharing about the test (B)

What mindset should penetration testers and ethical hackers maintain?

Balance creativity with methodical practices (B)

What phase follows the testing in the overall penetration testing process?

Conclusion phase (A)

Which of the following components is NOT part of the ethical hacking evaluation methods?

Final Paper (B)

What does the term 'risk' refer to in the context of ethical hacking?

The overlap of threats and vulnerabilities (B)

How does ethical hacking differ from traditional hacking?

Traditional hacking seeks to exploit vulnerabilities for personal gain; ethical hacking seeks to improve security. (A)

In ethical hacking, what does the vulnerability represent?

An opportunity for attackers to infiltrate a system (B)

What is encompassed in the preparation phase of penetration testing?

Planning and defining the scope and objectives of the test (A)

What is the primary purpose of obtaining a Permission Memo before testing?

To ensure legal authority for the test (B)

Which field in the IPv4 header determines how many hops a packet can make?

TTL (Time To Live) (C)

Which of the following is NOT part of the required configuration settings for TCP/IP?

DNS server (A)

What does a subnet mask do in a TCP/IP network?

Determines local versus remote network (C)

In binary notation, what does the subnet mask 255.255.255.0 represent?

11111111.11111111.11111111.00000000 (B)

What format is commonly used to express an IP address?

Dotted-decimal format (A)

How many bits are in an IP address under IPv4?

32 bits (A)

Which of the following correctly describes an octet in the context of an IP address?

A group of 8 bits (A)

Flashcards

Ethical Hacking

Using hacking techniques to find and fix security vulnerabilities in a system, rather than for malicious purposes.

Penetration Testing

Simulating cyberattacks to identify weaknesses in a computer network or system.

Vulnerability

A weakness in a system that can be exploited by an attacker.

Reconnaissance

Gathering information about a target system or network to identify potential vulnerabilities.

Malicious Software

Software designed to harm or damage a computer system.

Operating System (OS) Vulnerabilities

Weaknesses in the software that controls a computer, such as Windows or Linux.

Security Devices

Tools like firewalls, intrusion detection systems, and honeypots that protect a network.

Cryptography & Hashing

Techniques for protecting data by encrypting it and ensuring data integrity by hashing.

Threat

Someone or something that could potentially harm a system or network.

Risk

The likelihood of a threat exploiting a vulnerability.

Ethical Hacker Mindset

The combination of critical thinking (out-of-the-box) with thoroughness, careful planning, and detailed documentation.

TCP/IP Protocol Stack

A set of networking protocols that define how data is transmitted over a network.

IP Addressing

A system for assigning unique addresses to devices on a network.

What is a security exploit?

A method used by attackers to take advantage of a vulnerability in a system, causing harm or damage.

What is the main goal of ethical hacking?

To identify system weaknesses and vulnerabilities, in a controlled way, to improve overall security.

What is a penetration test?

Simulating real-world attacks on a system to assess its security and identify weaknesses.

What is a vulnerability?

A weak spot in a system that can be exploited by an attacker.

Why is ethical hacking important?

It helps organizations identify and fix security vulnerabilities before attackers can exploit them.

What are the phases of the penetration testing process?

The process typically involves preparation, testing, and conclusion phases.

What is an NDA (Non-Disclosure Agreement)?

A legal agreement that protects confidential information shared during a penetration test.

What are Rules of Engagement?

Guidelines that define how a penetration test will be conducted, including scope and limitations.

TTL Field

A field in the IP header that indicates the maximum number of hops a packet can travel before it must be discarded.

Source IP Address

The IP address of the computer or device sending a packet.

Destination IP Address

The IP address of the computer or device receiving a packet.

Dotted-Decimal Format

The way IP addresses are usually written, with four numbers separated by periods (e.g., 192.168.1.1).

Subnet Mask

A 32-bit number that helps determine whether a device is on the same local network as another device.

Default Gateway

The router that connects a local network to the internet.

Octet

An 8-bit section of an IP address, represented by a single number between 0 and 255.

Study Notes

Profiles

• Leonardo Brown:

  • MBA in Information Systems
  • MSc. in Cyber Security
  • BSc. in Telecommunications Engineering
  • GIAC® Penetration Tester (GPEN)
  • Over 30 years of experience in ICT/Digital Transformation
  • Email: [email protected]
  • Telephone: 876-428-3091

• Michelle Reid:

  • MSc. in Teaching
  • BSc. in Human Resource Management
  • Certified Management Analyst
  • Email: [email protected]
  • Telephone: 876-236-0211

Course Information

• Course: BSc. in Cyber Security and Digital Forensics (CSD4115)
• Course Title: Penetration Testing, Ethical Hacking, and Network Defence
• Duration: 45 hours
• Credits: 3
• Semester: 7

Course Purpose/Why

• The course aims to train students to become skilled security testers.
• It teaches hacking strategies and tactics used by ethical hackers ("White Hats").
• It covers methods of vulnerability exploitation.
• It highlights the use of open-source scripting languages and hacking toolkits.
• Understanding hacker tools and methods helps security testers protect systems.

Course Objectives

• Students should be able to define the scope of ethical hacking.
• Students will learn about penetration testing credentials and roles.
• Students will learn reconnaissance techniques on target networks.
• Students will learn about different types of malicious software and their damage potential.
• Students will enumerate and classify vulnerabilities in Microsoft and Linux operating systems.
• Students will learn to control and protect web servers and wireless networks.
• Students will evaluate and choose cryptography and hashing methods.
• Students will learn to implement security devices (routers, firewalls, Intrusion Detection Systems, honeypots).

Methods of Evaluation

• Coursework (50%):
  • Individual Presentation (10%)
  • Group Presentation (10%)
  • Lab/Pop Quiz (5%)
  • Mid-module Examination (25%)
• Final Examination (50%)

Unit One: Ethical Hacking Overview

• Describe the role of an ethical hacker.
• Describe legal actions an ethical hacker can take.
• Describe actions an ethical hacker cannot take.

Unit Two: TCP/IP Concepts Review

• Describe the TCP/IP protocol stack.
• Explain the basics of IP addressing.
• Explain binary, octal, and hexadecimal numbering systems.

Ethical Hacking Overview (Mindset)

• Successful penetration testers/ethical hackers need contradictory concepts.
• Think outside the box, use pragmatism, differentiate; be thorough, methodical.
• Balance between these two is crucial for success.

Ethical Hacking Overview (Terms)

• Ethical hacking is the process of using hacking techniques legally to find security flaws.
• To start the session, define terms like ethical hacking, penetration testing and how they differ.
• Ethical hacking is about finding flaws in a system.
• Penetration Testing is the practice of using attack techniques.

Ethical Hacking Overview (Threats, Vulnerabilities, Risk, Exploit)

• Threat: An actor or agent that may/can cause harm. Examples include organized crime, spyware companies, or disgruntled employees.
• Vulnerability: A flaw in the system that attackers exploit.
• Risk: When a threat and vulnerability overlap. This means if there’s a vulnerability, an attacker could exploit it.
• Exploit: The vehicle (tool or method) attackers use to cause harm.

Ethical Hacking Overview (Process)

• The penetration testing process involves preparation, testing, and conclusion phases.
• This often includes a Non-Disclosure Agreement (NDA), especially when testing is conducted by a third-party.
• Rules of Engagement are needed to explain exactly how testing will occur.
• Crucial: obtaining official, written permission before conducting tests, even within an organisation.

Ethical Hacking Overview (Laws)

• Many countries have laws to deal with cybercrimes.
• Penetration testers/ethical hackers should strictly adhere to these laws.
• A "Permission Memo" is a useful document demonstrating that a company grants permission to conduct tests.

TCP/IP Concepts Review (More detail)

• IP Version 4 (IPv4) Header: (contains details about how the packet should be handled) Includes TTL (Time to Live), Protocol;Source IP Address, Destination IP Address, etc.
• Configure TCP/IP requires IP address, subnet mask, default gateway.
• An IP address is a 32-bit number that identifies a device on a network.
• IP addresses are normally written in dotted-decimal format (e.g., 192.168.123.132).
• Subnet mask (e.g., 255.255.255.0) determines local/remote networks.
• A default gateway is a router that links different networks.
• TCP connections use a three-way handshake to confirm communication.