Hands-On Ethical Hacking and Network Defense, 4e R
Hands-On Ethical Hacking and Network Defense, 4e R
Vendeur
S'abonner
tutorsection
Avis reçus
Aperçu du contenu
(Hands-On Ethical Hacking and Network Defense, 4e Rob Wilson)
(Test Bank, Answer at the end of each Chapter)
Module 1 - Ethical Hacking Overview
Indicate the answer choice that best completes the statement or answers the question.
1. What type of testing procedure involves the tester(s) analyzing the company's security policy and procedures,
and reporting any vulnerabilities to management?
a. penetration test
b. security test
c. hacking test
d. ethical hacking test
2. What specific term does the U.S. Department of Justice use to label all illegal access to computer or network
systems?
a. Hacking
b. Cracking
c. Security testing
d. Packet sniffing
3. What penetration model should a company use if they only want to allow the penetration tester(s) partial or
incomplete information regarding their network system?
a. gray box
b. white box
c. black box
d. red box
4. What advanced professional security certification requires applicants to demonstrate hands-on abilities to
earn their certificate?
a. Offensive Security Certified Professional
b. Certified Ethical Hacker
c. Certified Information Systems Security Professional
d. CompTIA Security+
5. What common term is used by security testing professionals to describe vulnerabilities in a network?
a. bytes
b. packets
c. bots
d. holes
6. What term refers to a person who performs most of the same activities a hacker does, but with the owner or
company's permission?
a. cracker
b. script kiddie
c. ethical hacker
Powered by Cognero Page 1
,Name: Class: Date:
Module 1 - Ethical Hacking Overview
d. hacktivist
7. What derogatory title do experienced hackers give to inexperienced hackers who copy code or use tools
created by knowledgeable programmers without understanding how the tools work?
a. copy kiddie
b. red team member
c. packet monkey
d. cracker
8. What type of assessment performed by a penetration tester attempts to identify all the weaknesses found in an
application or on a system?
a. health
b. technical
c. vulnerability
d. network
9. Many experienced penetration testers will write a set of instructions that runs in sequence to perform tasks on
a computer system. What type of resource are these penetration testers utilizing?
a. kiddies
b. packets
c. scripts
d. tasks
10. How can a security tester ensure a network is nearly impenetrable?
a. install a vendor's latest security patch
b. update the operating systems
c. eliminate unnecessary applications or services
d. unplug the network cable
11. What penetration model should be used when a company's management team does not wish to disclose that
penetration testing is being conducted?
a. black box
b. white box
c. red box
d. silent box
12. Why might companies prefer black box testing over white box testing?
a. The white box model puts the burden on the tester to find information about the technologies a
company is using.
b. If a company knows that it's being monitored to assess the security of its systems, employees might
behave more carelessly and not adhere to existing procedures.
c. Black box testing involves a collaborative effort between a company's security personnel and
Powered by Cognero Page 2
,Name: Class: Date:
Module 1 - Ethical Hacking Overview
penetration testers.
d. Many companies don't want a false sense of security.
13. What penetration model would likely provide a network diagram showing all the company's routers,
switches, firewalls, and intrusion detection systems, or give the tester a floor plan detailing the location of
computer systems and the OSs running on these systems?
a. black box
b. white box
c. red box
d. blue box
14. What is the difference between penetration tests and security tests?
a. These terms are synonymous
b. In a penetration test, an ethical hacker attempts to break into a company's network or applications to
find weak links. In a security test, testers do more than attempt to break in; they also analyze a
company's security policy and procedures and report any vulnerabilities to management.
c. Penetration testing takes security testing to a higher level
d. In a security test, an ethical hacker attempts to break into a company's network or applications to find
weak links. In a penetration test, testers do more than attempt to break in; they also analyze a
company's security policy and procedures and report any vulnerabilities to management.
15. Why should a company employ an ethical hacker?
a. The benefit of an ethical hacker discovering vulnerabilities outweighs the cost of paying for the
penetration/security test services.
b. A company can hire an ethical hacker to promote political or social ideologies.
c. Ethical hackers can help make a network impenetrable.
d. Companies should never hire hackers.
16. Which penetration model allows for an even distribution of time and resources along with a fairly
comprehensive test?
a. White box
b. Black box
c. Gray box
d. Red box
17. What is critical to remember when studying for a network security certification exam?
a. Memorize answers to questions to ensure you pass.
b. Security certifications are always relevant because it is a static profession.
c. Certifications prove only technical skills are necessary to perform the job of a security professional
effectively.
d. Following the laws and behaving ethically are more important than passing an exam.
Powered by Cognero Page 3
, Name: Class: Date:
Module 1 - Ethical Hacking Overview
18. What can be inferred about successful security professionals?
a. Successful security professionals have strong technical skills.
b. Successful security professionals have strong soft skills.
c. Successful security professionals have a combination of technical and soft skills.
d. Successful security professionals have multiple certifications.
19. With which type of laws should a penetration tester or student learning hacking techniques be familiar?
a. local
b. state
c. federal
d. all of the above
20. What policy, provided by a typical ISP, should be read and understood before performing any port scanning
outside of your private network?
a. Port Scanning Policy
b. Acceptable Use Policy
c. ISP Security Policy
d. Hacking Policy
21. What acronym represents the U.S. Department of Justice branch that addresses computer crime?
a. GIAC
b. OPST
c. CHIP
d. CEH
22. What federal law makes it illegal to intercept any type of communication, regardless of how it was
transmitted?
a. The No Electronic Theft Act
b. U.S. PATRIOT Act
c. Electronic Communication Privacy Act
d. The Computer Fraud Act
23. Which of the following statements about port scanning is true?
a. Port scanning violates the U.S. Constitution.
b. Some states consider port scanning as noninvasive or nondestructive in nature and deem it legal.
c. If you are found innocent of criminal port scanning charges, there are no financial repercussions.
d. Port scanning while connected to a VPN will only allow you to scan your own personal network.
24. Why have some judges dismissed charges for those accused of port scanning?
a. Networks are private property.
b. Usually, no damages are done when port scanning.
Powered by Cognero Page 4
Les avantages d'acheter des résumés chez Stuvia:
Qualité garantie par les avis des clients
Les clients de Stuvia ont évalués plus de 700 000 résumés. C'est comme ça que vous savez que vous achetez les meilleurs documents.
L’achat facile et rapide
Vous pouvez payer rapidement avec iDeal, carte de crédit ou Stuvia-crédit pour les résumés. Il n'y a pas d'adhésion nécessaire.
Focus sur l’essentiel
Vos camarades écrivent eux-mêmes les notes d’étude, c’est pourquoi les documents sont toujours fiables et à jour. Cela garantit que vous arrivez rapidement au coeur du matériel.
Foire aux questions
Qu'est-ce que j'obtiens en achetant ce document ?
Vous obtenez un PDF, disponible immédiatement après votre achat. Le document acheté est accessible à tout moment, n'importe où et indéfiniment via votre profil.
Garantie de remboursement : comment ça marche ?
Notre garantie de satisfaction garantit que vous trouverez toujours un document d'étude qui vous convient. Vous remplissez un formulaire et notre équipe du service client s'occupe du reste.
Auprès de qui est-ce que j'achète ce résumé ?
Stuvia est une place de marché. Alors, vous n'achetez donc pas ce document chez nous, mais auprès du vendeur tutorsection. Stuvia facilite les paiements au vendeur.
Est-ce que j'aurai un abonnement?
Non, vous n'achetez ce résumé que pour €15,84. Vous n'êtes lié à rien après votre achat.
