Chapter 1 Ethical Hacking, Ethics, and Legality PDF

Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...

Document Details

StatuesqueAntigorite3952

Uploaded by StatuesqueAntigorite3952

Bahrain Polytechnic

Tags

ethical hacking cybersecurity information security computer science

Summary

This document contains questions and answers relating to ethical hacking topics including ethical hacking, white-hat vs black hat hackers, different types of attacks and laws. It is an introduction to the subject and details different ethical hacking concepts.

Full Transcript

‭Chapter 1 Introduction to Ethical Hacking, Ethics, and Legality‬ ‭. Which of the following statements best describes a white-hat hacker?‬ 1 ‭A. Security professional‬ ‭B. Former black hat‬ ‭C. Former gray hat‬ ‭D. Malicious hacker‬ ‭. A security audit performed on the internal network of an...

‭Chapter 1 Introduction to Ethical Hacking, Ethics, and Legality‬ ‭. Which of the following statements best describes a white-hat hacker?‬ 1 ‭A. Security professional‬ ‭B. Former black hat‬ ‭C. Former gray hat‬ ‭D. Malicious hacker‬ ‭. A security audit performed on the internal network of an organization by the network‬ 2 ‭administration is also known as.‬ ‭A. Gray-box testing‬ ‭B. Black-box testing‬ ‭C. White-box testing‬ ‭D. Active testing‬ ‭E. Passive testing‬ ‭. What is the first phase of hacking?‬ 3 ‭A. Attack‬ ‭B. Maintaining access‬ ‭C. Gaining access‬ ‭D. Reconnaissance‬ ‭E. Scanning‬ ‭. What type of ethical hack tests access to the physical infrastructure?‬ 4 ‭A. Internal network‬ ‭B. Remote network‬ ‭C. External network‬ ‭D. Physical access‬ ‭. The security, functionality, and ease of use triangle illustrates which concept?‬ 5 ‭A. As security increases, functionality and ease of use increase.‬ ‭B. As security decreases, functionality and ease of use increase.‬ ‭C. As security decreases, functionality and ease of use decrease.‬ ‭D. Security does not affect functionality and ease of use.‬ ‭. Which type of hacker represents the highest risk to your network?‬ 6 ‭A. Disgruntled employees‬ ‭B. Black-hat hackers‬ ‭C. Gray-hat hackers‬ ‭D. Script kiddies‬ ‭. What are the three phases of a security evaluation plan? (Choose three answers.)‬ 7 ‭A. Security evaluation‬ ‭. Preparation‬ B ‭C. Conclusion‬ ‭D. Final‬ ‭E. Reconnaissance‬ ‭F. Design security‬ ‭G. Vulnerability assessment‬ ‭. Hacking for a cause is called.‬ 8 ‭A. Active hacking‬ ‭B. Hacktivism‬ ‭C. Activism‬ ‭D. Black-hat hacking‬ ‭. Which federal law is most commonly used to prosecute hackers?‬ 9 ‭A. Title 12‬ ‭B. Title 18‬ ‭C. Title 20‬ ‭D. Title 2‬ ‭ 0. When a hacker attempts to attack a host via the Internet, it is known as what type of‬ 1 ‭attack?‬ ‭A. Remote attack‬ ‭B. Physical access‬ ‭C. Local access‬ ‭D. Internal attack‬ ‭ 1. Which law allows for gathering of information on targets?‬ 1 ‭A. Freedom of Information Act‬ ‭B. Government Paperwork Elimination Act‬ ‭C. USA PATRIOT Act of 2001‬ ‭D. Privacy Act of 1974‬ ‭ 2. The Securely Protect Yourself Against Cyber Trespass Act prohibits which of the following?‬ 1 ‭(Choose all that apply.)‬ ‭A. Sending spam‬ ‭B. Installing and using keystroke loggers‬ ‭C. Using video surveillance‬ ‭D. Implementing pop-up windows‬ ‭ 3. Which step in the framework of a security audit is critical to protect the ethical hacker from‬ 1 ‭legal liability?‬ ‭A. Talk to the client prior to the testing.‬ ‭B. Sign an ethical hacking agreement and NDA with the client prior to the testing.‬ ‭. Organize an ethical hacking team and prepare a schedule prior to testing.‬ C ‭D. Analyze the testing results and prepare a report.‬ ‭ 4. Which of the following is a system, program, or network that is the subject of a security‬ 1 ‭analysis?‬ ‭A. Owned system‬ ‭B. Vulnerability‬ ‭C. Exploited system‬ ‭D. Target of evaluation‬ ‭ 5. Which term best describes a hacker who uses their hacking skills for destructive purposes?‬ 1 ‭A. Cracker‬ ‭B. Ethical hacker‬ ‭C. Script kiddie‬ ‭D. White-hat hacker‬ ‭ 6. MAC address spoofing is which type of attack?‬ 1 ‭A. Encryption‬ ‭B. Brute-force‬ ‭C.‬‭Authentication‬ ‭D. Social engineering‬ ‭ 7. Which law gives authority to intercept voice communications in computer hacking‬ 1 ‭attempts?‬ ‭A. Patriot Act‬ ‭B. Telecommunications Act‬ ‭C. Privacy Act‬ ‭D. Freedom of Information Act‬ ‭ 8. Which items should be included in an ethical hacking report? (Choose all that apply.)‬ 1 ‭A. Testing type‬ ‭B. Vulnerabilities discovered‬ ‭C. Suggested countermeasures‬ ‭D. Router configuration information‬ ‭ 9. Which type of person poses the most threat to an organization’s security?‬ 1 ‭A. Black-hat hacker‬ ‭B. Disgruntled employee‬ ‭C. Script kiddie‬ ‭D. Gray-hat hacker‬ ‭ 0. Which of the following should be included in an ethical hacking report? (Choose all that‬ 2 ‭apply.)‬ ‭. Findings of the test‬ A ‭B. Risk analysis‬ ‭C. Documentation of laws‬ ‭D. Ethics disclosure‬ ‭Answers to Chapter 1‬ ‭1. A. White-hat hackers are “good” guys who use their skills for defensive purposes.‬ ‭2. C. White-box testing is a security audit performed with internal knowledge of the systems.‬ ‭3. D. Reconnaissance is gathering information necessary to perform the attack.‬ ‭4. D. Physical access tests access to the physical infrastructure.‬ ‭5. B. As security increases, it makes it more difficult to use and less functional.‬ ‭6. A. Disgruntled employees have information that can allow them to launch a powerful attack.‬ ‭. A, B, C. The three phases of a security evaluation plan are preparation, security evaluation,‬ 7 ‭and conclusion.‬ ‭. B. Hacktivism is performed by individuals who claim to be hacking for a political or social‬ 8 ‭Cause.‬ ‭9. B. Title 18 of the US Code is most commonly used to prosecute hackers.‬ ‭10. A. An attack from the Internet is known as a remote attack.‬ ‭ 1. A. The Freedom of Information Act ensures public release of many documents and records‬ 1 ‭and can be a rich source of information on potential targets.‬ ‭ 2. A, B, D. Sending spam, installing and using keystroke loggers, and implementing pop-up‬ 1 ‭windows are all prohibited by the SPY ACT.‬ ‭ 3. B. Signing an NDA agreement is critical to ensuring the testing is authorized and the ethical‬ 1 ‭hacker has the right to access the client’s systems.‬ ‭ 4. D. A target of evaluation is a system, program, or network that is the subject of a security‬ 1 ‭analysis. It is the target of the ethical hacker’s attacks.‬ ‭15. A. A cracker is a hacker who uses their hacking skills for destructive purposes.‬ ‭16. C. MAC address spoofing is an authentication attack used to defeat MAC address filters.‬ ‭ 7. A. The Patriot Act gives authority to intercept voice communications in many cases,‬ 1 ‭including‬ ‭computer hacking.‬ ‭ 8. A, B, C. All information about the testing process, vulnerabilities discovered in the network‬ 1 ‭or system, and suggested countermeasures should be included in the ethical hacking report.‬ ‭ 9. B. Disgruntled employees pose the biggest threat to an organization’s security because of‬ 1 ‭the information and access that they possess.‬ ‭20. A, B. Findings of the test and risk analysis should both be included in an ethical hacking‬

Use Quizgecko on...
Browser
Browser