(Hands-On Ethical Hacking and Network Defense, 4e Rob Wilson)
(Test Bank, Answer at the end of each Chapter)
Module 1 - Ethical Hacking Overview
Indicate the answer choice that best completes the statement or answers the question.
1. What type of testing procedure involves the tester(s) analyzing the company's security policy and procedures,
and reporting any vulnerabilities to management?
a. penetration test
b. security test
c. hacking test
d. ethical hacking test
2. What specific term does the U.S. Department of Justice use to label all illegal access to computer or network
systems?
a. Hacking
b. Cracking
c. Security testing
d. Packet sniffing
3. What penetration model should a company use if they only want to allow the penetration tester(s) partial or
incomplete information regarding their network system?
a. gray box
b. white box
c. black box
d. red box
4. What advanced professional security certification requires applicants to demonstrate hands-on abilities to
earn their certificate?
a. Offensive Security Certified Professional
b. Certified Ethical Hacker
c. Certified Information Systems Security Professional
d. CompTIA Security+
5. What common term is used by security testing professionals to describe vulnerabilities in a network?
a. bytes
b. packets
c. bots
d. holes
6. What term refers to a person who performs most of the same activities a hacker does, but with the owner or
company's permission?
a. cracker
b. script kiddie
c. ethical hacker
Powered by Cognero Page 1
,Name: Class: Date:
Module 1 - Ethical Hacking Overview
d. hacktivist
7. What derogatory title do experienced hackers give to inexperienced hackers who copy code or use tools
created by knowledgeable programmers without understanding how the tools work?
a. copy kiddie
b. red team member
c. packet monkey
d. cracker
8. What type of assessment performed by a penetration tester attempts to identify all the weaknesses found in an
application or on a system?
a. health
b. technical
c. vulnerability
d. network
9. Many experienced penetration testers will write a set of instructions that runs in sequence to perform tasks on
a computer system. What type of resource are these penetration testers utilizing?
a. kiddies
b. packets
c. scripts
d. tasks
10. How can a security tester ensure a network is nearly impenetrable?
a. install a vendor's latest security patch
b. update the operating systems
c. eliminate unnecessary applications or services
d. unplug the network cable
11. What penetration model should be used when a company's management team does not wish to disclose that
penetration testing is being conducted?
a. black box
b. white box
c. red box
d. silent box
12. Why might companies prefer black box testing over white box testing?
a. The white box model puts the burden on the tester to find information about the technologies a
company is using.
b. If a company knows that it's being monitored to assess the security of its systems, employees might
behave more carelessly and not adhere to existing procedures.
c. Black box testing involves a collaborative effort between a company's security personnel and
Powered by Cognero Page 2
,Name: Class: Date:
Module 1 - Ethical Hacking Overview
penetration testers.
d. Many companies don't want a false sense of security.
13. What penetration model would likely provide a network diagram showing all the company's routers,
switches, firewalls, and intrusion detection systems, or give the tester a floor plan detailing the location of
computer systems and the OSs running on these systems?
a. black box
b. white box
c. red box
d. blue box
14. What is the difference between penetration tests and security tests?
a. These terms are synonymous
b. In a penetration test, an ethical hacker attempts to break into a company's network or applications to
find weak links. In a security test, testers do more than attempt to break in; they also analyze a
company's security policy and procedures and report any vulnerabilities to management.
c. Penetration testing takes security testing to a higher level
d. In a security test, an ethical hacker attempts to break into a company's network or applications to find
weak links. In a penetration test, testers do more than attempt to break in; they also analyze a
company's security policy and procedures and report any vulnerabilities to management.
15. Why should a company employ an ethical hacker?
a. The benefit of an ethical hacker discovering vulnerabilities outweighs the cost of paying for the
penetration/security test services.
b. A company can hire an ethical hacker to promote political or social ideologies.
c. Ethical hackers can help make a network impenetrable.
d. Companies should never hire hackers.
16. Which penetration model allows for an even distribution of time and resources along with a fairly
comprehensive test?
a. White box
b. Black box
c. Gray box
d. Red box
17. What is critical to remember when studying for a network security certification exam?
a. Memorize answers to questions to ensure you pass.
b. Security certifications are always relevant because it is a static profession.
c. Certifications prove only technical skills are necessary to perform the job of a security professional
effectively.
d. Following the laws and behaving ethically are more important than passing an exam.
Powered by Cognero Page 3
, Name: Class: Date:
Module 1 - Ethical Hacking Overview
18. What can be inferred about successful security professionals?
a. Successful security professionals have strong technical skills.
b. Successful security professionals have strong soft skills.
c. Successful security professionals have a combination of technical and soft skills.
d. Successful security professionals have multiple certifications.
19. With which type of laws should a penetration tester or student learning hacking techniques be familiar?
a. local
b. state
c. federal
d. all of the above
20. What policy, provided by a typical ISP, should be read and understood before performing any port scanning
outside of your private network?
a. Port Scanning Policy
b. Acceptable Use Policy
c. ISP Security Policy
d. Hacking Policy
21. What acronym represents the U.S. Department of Justice branch that addresses computer crime?
a. GIAC
b. OPST
c. CHIP
d. CEH
22. What federal law makes it illegal to intercept any type of communication, regardless of how it was
transmitted?
a. The No Electronic Theft Act
b. U.S. PATRIOT Act
c. Electronic Communication Privacy Act
d. The Computer Fraud Act
23. Which of the following statements about port scanning is true?
a. Port scanning violates the U.S. Constitution.
b. Some states consider port scanning as noninvasive or nondestructive in nature and deem it legal.
c. If you are found innocent of criminal port scanning charges, there are no financial repercussions.
d. Port scanning while connected to a VPN will only allow you to scan your own personal network.
24. Why have some judges dismissed charges for those accused of port scanning?
a. Networks are private property.
b. Usually, no damages are done when port scanning.
Powered by Cognero Page 4
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller tutorsection. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $16.49. You're not tied to anything after your purchase.
