Penetration Testing and Ethical Hacking Course

Questions and Answers

What is the primary goal of the course on Penetration Testing, Ethical Hacking and Network Defense?

To develop new hacking tools for malicious purposes

To teach students how to conduct ethical hacking and protect systems from attacks (correct)

To train students to become proficient programmers

To prepare students for a career in human resource management

Which of the following is a skill students are expected to acquire by the end of the course?

Performing reconnaissance on a target network using various techniques (correct)

Developing business strategies for startups

Installing operating systems

Managing human resources in a corporate setting

According to the course objectives, what aspect of ethical hacking is emphasized?

Identifying potential job opportunities in the industry

Understanding the legal boundaries and limitations of ethical hackers (correct)

Creating new malware for testing purposes

Designing web applications for better user engagement

What type of roles and credentials should students evaluate as part of their learning?

The credentials of penetration testers and ethical hackers

What type of damage can malicious software cause, as highlighted in the course objectives?

Disrupting system operations and stealing data

Which of the following is NOT a focus area in the Penetration Testing course?

Assessing customer satisfaction in service industries

What scripting languages are students expected to learn for ethical hacking?

Open-source scripting languages and hacking toolkits

What is emphasized as a method for understanding vulnerabilities in operating systems?

Classifying and enumerating vulnerabilities in Microsoft and Linux Operating Systems

What percentage of the overall evaluation is attributed to the mid-module examination?

25%

Which of the following best describes a threat in the context of ethical hacking?

An actor or agent attempting to cause harm

What does an exploit refer to in the context of ethical hacking?

The tool or method used to take advantage of a vulnerability

What is one of the key responsibilities of an ethical hacker?

To perform assessments within legal boundaries

What is the primary goal of ethical hacking?

To improve a target's security by identifying vulnerabilities

Which of the following statements best defines a vulnerability?

It is a flaw that can be exploited by an attacker

What do the 'Rules of Engagement' typically describe in a penetration testing scenario?

How the testing will be performed

How do ethical hacking and penetration testing differ?

Penetration testing is a type of ethical hacking that simulates attacks

What is the purpose of the Non-Disclosure Agreement (NDA) in ethical hacking?

To prevent unauthorized information sharing about the test

What mindset should penetration testers and ethical hackers maintain?

Balance creativity with methodical practices

What phase follows the testing in the overall penetration testing process?

Conclusion phase

Which of the following components is NOT part of the ethical hacking evaluation methods?

Final Paper

What does the term 'risk' refer to in the context of ethical hacking?

The overlap of threats and vulnerabilities

How does ethical hacking differ from traditional hacking?

Traditional hacking seeks to exploit vulnerabilities for personal gain; ethical hacking seeks to improve security.

In ethical hacking, what does the vulnerability represent?

An opportunity for attackers to infiltrate a system

What is encompassed in the preparation phase of penetration testing?

Planning and defining the scope and objectives of the test

What is the primary purpose of obtaining a Permission Memo before testing?

To ensure legal authority for the test

Which field in the IPv4 header determines how many hops a packet can make?

TTL (Time To Live)

Which of the following is NOT part of the required configuration settings for TCP/IP?

DNS server

What does a subnet mask do in a TCP/IP network?

Determines local versus remote network

In binary notation, what does the subnet mask 255.255.255.0 represent?

11111111.11111111.11111111.00000000

What format is commonly used to express an IP address?

Dotted-decimal format

How many bits are in an IP address under IPv4?

32 bits

Which of the following correctly describes an octet in the context of an IP address?

A group of 8 bits

Study Notes

Profiles

• Leonardo Brown:

  • MBA in Information Systems
  • MSc. in Cyber Security
  • BSc. in Telecommunications Engineering
  • GIAC® Penetration Tester (GPEN)
  • Over 30 years of experience in ICT/Digital Transformation
  • Email: [email protected]
  • Telephone: 876-428-3091

• Michelle Reid:

  • MSc. in Teaching
  • BSc. in Human Resource Management
  • Certified Management Analyst
  • Email: [email protected]
  • Telephone: 876-236-0211

Course Information

• Course: BSc. in Cyber Security and Digital Forensics (CSD4115)
• Course Title: Penetration Testing, Ethical Hacking, and Network Defence
• Duration: 45 hours
• Credits: 3
• Semester: 7

Course Purpose/Why

• The course aims to train students to become skilled security testers.
• It teaches hacking strategies and tactics used by ethical hackers ("White Hats").
• It covers methods of vulnerability exploitation.
• It highlights the use of open-source scripting languages and hacking toolkits.
• Understanding hacker tools and methods helps security testers protect systems.

Course Objectives

• Students should be able to define the scope of ethical hacking.
• Students will learn about penetration testing credentials and roles.
• Students will learn reconnaissance techniques on target networks.
• Students will learn about different types of malicious software and their damage potential.
• Students will enumerate and classify vulnerabilities in Microsoft and Linux operating systems.
• Students will learn to control and protect web servers and wireless networks.
• Students will evaluate and choose cryptography and hashing methods.
• Students will learn to implement security devices (routers, firewalls, Intrusion Detection Systems, honeypots).

Methods of Evaluation

• Coursework (50%):
  • Individual Presentation (10%)
  • Group Presentation (10%)
  • Lab/Pop Quiz (5%)
  • Mid-module Examination (25%)
• Final Examination (50%)

Unit One: Ethical Hacking Overview

• Describe the role of an ethical hacker.
• Describe legal actions an ethical hacker can take.
• Describe actions an ethical hacker cannot take.

Unit Two: TCP/IP Concepts Review

• Describe the TCP/IP protocol stack.
• Explain the basics of IP addressing.
• Explain binary, octal, and hexadecimal numbering systems.

Ethical Hacking Overview (Mindset)

• Successful penetration testers/ethical hackers need contradictory concepts.
• Think outside the box, use pragmatism, differentiate; be thorough, methodical.
• Balance between these two is crucial for success.

Ethical Hacking Overview (Terms)

• Ethical hacking is the process of using hacking techniques legally to find security flaws.
• To start the session, define terms like ethical hacking, penetration testing and how they differ.
• Ethical hacking is about finding flaws in a system.
• Penetration Testing is the practice of using attack techniques.

Ethical Hacking Overview (Threats, Vulnerabilities, Risk, Exploit)

• Threat: An actor or agent that may/can cause harm. Examples include organized crime, spyware companies, or disgruntled employees.
• Vulnerability: A flaw in the system that attackers exploit.
• Risk: When a threat and vulnerability overlap. This means if there’s a vulnerability, an attacker could exploit it.
• Exploit: The vehicle (tool or method) attackers use to cause harm.

Ethical Hacking Overview (Process)

• The penetration testing process involves preparation, testing, and conclusion phases.
• This often includes a Non-Disclosure Agreement (NDA), especially when testing is conducted by a third-party.
• Rules of Engagement are needed to explain exactly how testing will occur.
• Crucial: obtaining official, written permission before conducting tests, even within an organisation.

Ethical Hacking Overview (Laws)

• Many countries have laws to deal with cybercrimes.
• Penetration testers/ethical hackers should strictly adhere to these laws.
• A "Permission Memo" is a useful document demonstrating that a company grants permission to conduct tests.

TCP/IP Concepts Review (More detail)

• IP Version 4 (IPv4) Header: (contains details about how the packet should be handled) Includes TTL (Time to Live), Protocol;Source IP Address, Destination IP Address, etc.
• Configure TCP/IP requires IP address, subnet mask, default gateway.
• An IP address is a 32-bit number that identifies a device on a network.
• IP addresses are normally written in dotted-decimal format (e.g., 192.168.123.132).
• Subnet mask (e.g., 255.255.255.0) determines local/remote networks.
• A default gateway is a router that links different networks.
• TCP connections use a three-way handshake to confirm communication.

Description

Test your understanding of the key concepts from the Penetration Testing and Ethical Hacking course. This quiz will cover course objectives, skills acquisition, and the impact of malicious software. Challenge yourself to see how well you know the material and prepare for your certification in network defense.