Module 01 Ethical Hacking Overview
Questions and Correct Answers
Penetration test ✅An ethical hacker attempts to break into a company's network or
applications to find weak links.
Vulnerability assessment ✅The tester attempts to enumerate all the vulnerabilities
found in an application or on a system.
Security test ✅Breaking into company network or application. They also analyze a
company's security policy and procedures and report any vulnerabilities to
management.
Correcting vulnerabilities ✅Entail task such as updating an operating system (OS),
eliminating unnecessary applications or services, or installing a vendor's latest security
patch.
Penetration tester job ✅Report findings to company, company has final decisions on
how to use the information you supplied.
Security tester ✅Offer solutions for securing or protecting the network.
What does penetration testers and security tester need to perform their jobs effectively?
✅They need technical skills, good understanding of networks and the role of
management in an organization, skills in writing and verbal communication and desire to
continue learning.
What certification is the best? ✅Any certs can help with your knowledge and prioritizes
you over other candidates in the pool.
What can you do legally? ✅You must be aware of what you're allowed to do and what
you should not or cannot do. Laws vary from state and country.
Open Organization of Lockpicker (TOOOL) ✅Checks the laws in each state before
using or packing your lockpicking tools.
Why are laws complex as you travel from state to state or country to country? ✅Written
words are open to interpretation, which is why courts and judges are necessary.
In Hawaii (state laws) ✅State must prove that the person charged with committing a
crime on a computer had the "intent to commit a crime"
Scanning a network isn't a crime in Hawaii.
, State has the even more difficult task of proving that the computer used has been used
by only one person, if the person charged with crime claims that more than one person
had access to the computer used to gather evidence of wrongdoing, the state can't use
that computer as evidence.
issues with laws ✅US laws haven't kept up with the speed of technological advances,
laws can vary, taking photos of bank's exterior and interior legal.
(can't take photos of bank interior or exterior, taking photos across the street from the
bank with a zoom legal is legal however charges can be serious if you commit a crime.
Taking photos of bridges, train station or public area is illegal)
HackerOne ✅Security platform that connects hackers with organizations needing
security vulnerability assessments.
How do you know if something is legal or not legal? ✅You should check with your
state's law http://www.ncsl.org/research/telecommunications-and-information-
technology/computer-hacking-and-unauthorized-access-laws.aspx
Cyber laws should also be studied outside of the US.
Read ISP contracts such as the Acceptable USe Policy.
PacInfo Net (Hawaii) can fine, and terminate account if the account is the source of
spamming, abusive, or malicious activities
Also they can disconnect a customer using techniques to cause damage or deny
access by legitimate users of computers or network components connected to the
Internet.
CFAA Title 18 ✅Computer Fraud Abuse Act. Civil/Criminal Penalties for unauthorized
access to computers.
Prohibited unauthorized access of classified information.
The No Electronic Theft Act (P.L. 105-147) ✅Extends the reach of criminal copyright
law to specifically include electronic means as one method for committing the crime.
The act also expands the scope of the criminal conduct covered under this crime,
allowing for prosecutions without showing that the distributor of the copyrighted material
profited.
Economic Espionage Act (EEA) ✅Federal law that makes it a felony to copy,
download, transmit, or in any way transfer proprietary files, documents, and information
from a computer to an unauthorized person
Questions and Correct Answers
Penetration test ✅An ethical hacker attempts to break into a company's network or
applications to find weak links.
Vulnerability assessment ✅The tester attempts to enumerate all the vulnerabilities
found in an application or on a system.
Security test ✅Breaking into company network or application. They also analyze a
company's security policy and procedures and report any vulnerabilities to
management.
Correcting vulnerabilities ✅Entail task such as updating an operating system (OS),
eliminating unnecessary applications or services, or installing a vendor's latest security
patch.
Penetration tester job ✅Report findings to company, company has final decisions on
how to use the information you supplied.
Security tester ✅Offer solutions for securing or protecting the network.
What does penetration testers and security tester need to perform their jobs effectively?
✅They need technical skills, good understanding of networks and the role of
management in an organization, skills in writing and verbal communication and desire to
continue learning.
What certification is the best? ✅Any certs can help with your knowledge and prioritizes
you over other candidates in the pool.
What can you do legally? ✅You must be aware of what you're allowed to do and what
you should not or cannot do. Laws vary from state and country.
Open Organization of Lockpicker (TOOOL) ✅Checks the laws in each state before
using or packing your lockpicking tools.
Why are laws complex as you travel from state to state or country to country? ✅Written
words are open to interpretation, which is why courts and judges are necessary.
In Hawaii (state laws) ✅State must prove that the person charged with committing a
crime on a computer had the "intent to commit a crime"
Scanning a network isn't a crime in Hawaii.
, State has the even more difficult task of proving that the computer used has been used
by only one person, if the person charged with crime claims that more than one person
had access to the computer used to gather evidence of wrongdoing, the state can't use
that computer as evidence.
issues with laws ✅US laws haven't kept up with the speed of technological advances,
laws can vary, taking photos of bank's exterior and interior legal.
(can't take photos of bank interior or exterior, taking photos across the street from the
bank with a zoom legal is legal however charges can be serious if you commit a crime.
Taking photos of bridges, train station or public area is illegal)
HackerOne ✅Security platform that connects hackers with organizations needing
security vulnerability assessments.
How do you know if something is legal or not legal? ✅You should check with your
state's law http://www.ncsl.org/research/telecommunications-and-information-
technology/computer-hacking-and-unauthorized-access-laws.aspx
Cyber laws should also be studied outside of the US.
Read ISP contracts such as the Acceptable USe Policy.
PacInfo Net (Hawaii) can fine, and terminate account if the account is the source of
spamming, abusive, or malicious activities
Also they can disconnect a customer using techniques to cause damage or deny
access by legitimate users of computers or network components connected to the
Internet.
CFAA Title 18 ✅Computer Fraud Abuse Act. Civil/Criminal Penalties for unauthorized
access to computers.
Prohibited unauthorized access of classified information.
The No Electronic Theft Act (P.L. 105-147) ✅Extends the reach of criminal copyright
law to specifically include electronic means as one method for committing the crime.
The act also expands the scope of the criminal conduct covered under this crime,
allowing for prosecutions without showing that the distributor of the copyrighted material
profited.
Economic Espionage Act (EEA) ✅Federal law that makes it a felony to copy,
download, transmit, or in any way transfer proprietary files, documents, and information
from a computer to an unauthorized person
