Chapter 1 Ethical Hacking, Ethics, and Legality PDF

Summary

This document contains questions and answers relating to ethical hacking topics including ethical hacking, white-hat vs black hat hackers, different types of attacks and laws. It is an introduction to the subject and details different ethical hacking concepts.

Full Transcript

‭Chapter 1 Introduction to Ethical Hacking, Ethics, and Legality‬ ‭. Which of the following statements best describes a white-hat hacker?‬ 1 ‭A. Security professional‬ ‭B. Former black hat‬ ‭C. Former gray hat‬ ‭D. Malicious hacker‬ ‭. A security audit performed on the internal network of an...

‭Chapter 1 Introduction to Ethical Hacking, Ethics, and Legality‬ ‭. Which of the following statements best describes a white-hat hacker?‬ 1 ‭A. Security professional‬ ‭B. Former black hat‬ ‭C. Former gray hat‬ ‭D. Malicious hacker‬ ‭. A security audit performed on the internal network of an organization by the network‬ 2 ‭administration is also known as.‬ ‭A. Gray-box testing‬ ‭B. Black-box testing‬ ‭C. White-box testing‬ ‭D. Active testing‬ ‭E. Passive testing‬ ‭. What is the first phase of hacking?‬ 3 ‭A. Attack‬ ‭B. Maintaining access‬ ‭C. Gaining access‬ ‭D. Reconnaissance‬ ‭E. Scanning‬ ‭. What type of ethical hack tests access to the physical infrastructure?‬ 4 ‭A. Internal network‬ ‭B. Remote network‬ ‭C. External network‬ ‭D. Physical access‬ ‭. The security, functionality, and ease of use triangle illustrates which concept?‬ 5 ‭A. As security increases, functionality and ease of use increase.‬ ‭B. As security decreases, functionality and ease of use increase.‬ ‭C. As security decreases, functionality and ease of use decrease.‬ ‭D. Security does not affect functionality and ease of use.‬ ‭. Which type of hacker represents the highest risk to your network?‬ 6 ‭A. Disgruntled employees‬ ‭B. Black-hat hackers‬ ‭C. Gray-hat hackers‬ ‭D. Script kiddies‬ ‭. What are the three phases of a security evaluation plan? (Choose three answers.)‬ 7 ‭A. Security evaluation‬ ‭. Preparation‬ B ‭C. Conclusion‬ ‭D. Final‬ ‭E. Reconnaissance‬ ‭F. Design security‬ ‭G. Vulnerability assessment‬ ‭. Hacking for a cause is called.‬ 8 ‭A. Active hacking‬ ‭B. Hacktivism‬ ‭C. Activism‬ ‭D. Black-hat hacking‬ ‭. Which federal law is most commonly used to prosecute hackers?‬ 9 ‭A. Title 12‬ ‭B. Title 18‬ ‭C. Title 20‬ ‭D. Title 2‬ ‭ 0. When a hacker attempts to attack a host via the Internet, it is known as what type of‬ 1 ‭attack?‬ ‭A. Remote attack‬ ‭B. Physical access‬ ‭C. Local access‬ ‭D. Internal attack‬ ‭ 1. Which law allows for gathering of information on targets?‬ 1 ‭A. Freedom of Information Act‬ ‭B. Government Paperwork Elimination Act‬ ‭C. USA PATRIOT Act of 2001‬ ‭D. Privacy Act of 1974‬ ‭ 2. The Securely Protect Yourself Against Cyber Trespass Act prohibits which of the following?‬ 1 ‭(Choose all that apply.)‬ ‭A. Sending spam‬ ‭B. Installing and using keystroke loggers‬ ‭C. Using video surveillance‬ ‭D. Implementing pop-up windows‬ ‭ 3. Which step in the framework of a security audit is critical to protect the ethical hacker from‬ 1 ‭legal liability?‬ ‭A. Talk to the client prior to the testing.‬ ‭B. Sign an ethical hacking agreement and NDA with the client prior to the testing.‬ ‭. Organize an ethical hacking team and prepare a schedule prior to testing.‬ C ‭D. Analyze the testing results and prepare a report.‬ ‭ 4. Which of the following is a system, program, or network that is the subject of a security‬ 1 ‭analysis?‬ ‭A. Owned system‬ ‭B. Vulnerability‬ ‭C. Exploited system‬ ‭D. Target of evaluation‬ ‭ 5. Which term best describes a hacker who uses their hacking skills for destructive purposes?‬ 1 ‭A. Cracker‬ ‭B. Ethical hacker‬ ‭C. Script kiddie‬ ‭D. White-hat hacker‬ ‭ 6. MAC address spoofing is which type of attack?‬ 1 ‭A. Encryption‬ ‭B. Brute-force‬ ‭C.‬‭Authentication‬ ‭D. Social engineering‬ ‭ 7. Which law gives authority to intercept voice communications in computer hacking‬ 1 ‭attempts?‬ ‭A. Patriot Act‬ ‭B. Telecommunications Act‬ ‭C. Privacy Act‬ ‭D. Freedom of Information Act‬ ‭ 8. Which items should be included in an ethical hacking report? (Choose all that apply.)‬ 1 ‭A. Testing type‬ ‭B. Vulnerabilities discovered‬ ‭C. Suggested countermeasures‬ ‭D. Router configuration information‬ ‭ 9. Which type of person poses the most threat to an organization’s security?‬ 1 ‭A. Black-hat hacker‬ ‭B. Disgruntled employee‬ ‭C. Script kiddie‬ ‭D. Gray-hat hacker‬ ‭ 0. Which of the following should be included in an ethical hacking report? (Choose all that‬ 2 ‭apply.)‬ ‭. Findings of the test‬ A ‭B. Risk analysis‬ ‭C. Documentation of laws‬ ‭D. Ethics disclosure‬ ‭Answers to Chapter 1‬ ‭1. A. White-hat hackers are “good” guys who use their skills for defensive purposes.‬ ‭2. C. White-box testing is a security audit performed with internal knowledge of the systems.‬ ‭3. D. Reconnaissance is gathering information necessary to perform the attack.‬ ‭4. D. Physical access tests access to the physical infrastructure.‬ ‭5. B. As security increases, it makes it more difficult to use and less functional.‬ ‭6. A. Disgruntled employees have information that can allow them to launch a powerful attack.‬ ‭. A, B, C. The three phases of a security evaluation plan are preparation, security evaluation,‬ 7 ‭and conclusion.‬ ‭. B. Hacktivism is performed by individuals who claim to be hacking for a political or social‬ 8 ‭Cause.‬ ‭9. B. Title 18 of the US Code is most commonly used to prosecute hackers.‬ ‭10. A. An attack from the Internet is known as a remote attack.‬ ‭ 1. A. The Freedom of Information Act ensures public release of many documents and records‬ 1 ‭and can be a rich source of information on potential targets.‬ ‭ 2. A, B, D. Sending spam, installing and using keystroke loggers, and implementing pop-up‬ 1 ‭windows are all prohibited by the SPY ACT.‬ ‭ 3. B. Signing an NDA agreement is critical to ensuring the testing is authorized and the ethical‬ 1 ‭hacker has the right to access the client’s systems.‬ ‭ 4. D. A target of evaluation is a system, program, or network that is the subject of a security‬ 1 ‭analysis. It is the target of the ethical hacker’s attacks.‬ ‭15. A. A cracker is a hacker who uses their hacking skills for destructive purposes.‬ ‭16. C. MAC address spoofing is an authentication attack used to defeat MAC address filters.‬ ‭ 7. A. The Patriot Act gives authority to intercept voice communications in many cases,‬ 1 ‭including‬ ‭computer hacking.‬ ‭ 8. A, B, C. All information about the testing process, vulnerabilities discovered in the network‬ 1 ‭or system, and suggested countermeasures should be included in the ethical hacking report.‬ ‭ 9. B. Disgruntled employees pose the biggest threat to an organization’s security because of‬ 1 ‭the information and access that they possess.‬ ‭20. A, B. Findings of the test and risk analysis should both be included in an ethical hacking‬

Use Quizgecko on...
Browser
Browser