Garantie de satisfaction à 100% Disponible immédiatement après paiement En ligne et en PDF Tu n'es attaché à rien
logo-home
Chapter 3 - Ethical Hacking Test Questions and Correct Answers €12,19   Ajouter au panier

Examen

Chapter 3 - Ethical Hacking Test Questions and Correct Answers

 2 vues  0 fois vendu
  • Cours
  • Ethical Hacking
  • Établissement
  • Ethical Hacking

Security Terms Assets An asset is anything of value to the organization. It includes people, equipment, resources, and data. Vulnerability A vulnerability is a weakness in a system, or its design, that could be exploited by a threat. Threat A threat is a potential danger to a company's assets, da...

[Montrer plus]

Aperçu 3 sur 25  pages

  • 23 septembre 2024
  • 25
  • 2024/2025
  • Examen
  • Questions et réponses
  • Ethical Hacking
  • Ethical Hacking
avatar-seller
Chapter 3 - Ethical Hacking Test
Questions and Correct Answers
Security Terms ✅Assets
An asset is anything of value to the organization. It includes people, equipment,
resources, and data.

Vulnerability
A vulnerability is a weakness in a system, or its design, that could be exploited by a
threat.

Threat
A threat is a potential danger to a company's assets, data, or network functionality.

Exploit
An exploit is a mechanism that takes advantage of a vulnerability.

Mitigation
Mitigation is the counter-measure that reduces the likelihood or severity of a potential
threat or risk. Network security involves multiple mitigation techniques.

Risk
Risk is the likelihood of a threat to exploit the vulnerability of an asset, with the aim of
negatively affecting an organization. Risk is measured using the probability of the
occurrence of an event and its consequences.

An attack vector ✅An attack vector is a path by which a threat actor can gain access to
a server, host, or network. Attack vectors originate from inside or outside the corporate
network.

For example, threat actors may target a network through the internet, to disrupt network
operations and create a denial of service (DoS) attack.

Internal attack vector ✅An internal user, such as an employee, can accidentally or
intentionally:

Steal and copy confidential data to removable media, email, messaging software, and
other media.

Compromise internal servers or network infrastructure devices.

Disconnect a critical network connection and cause a network outage.

Connect an infected USB drive into a corporate computer system.

,Internal threats have the potential to cause greater damage than external threats
because internal users have direct access to the building and its infrastructure devices.
Employees may also have knowledge of the corporate network, its resources, and its
confidential data.

Data Loss ✅Data is likely to be an organization's most valuable asset. Organizational
data can include research and development data, sales data, financial data, human
resource and legal data, employee data, contractor data, and customer data.

Data loss or data exfiltration is when data is intentionally or unintentionally lost, stolen,
or leaked to the outside world. The data loss can result in:

Brand damage and loss of reputation
Loss of competitive advantage
Loss of customers
Loss of revenue
Litigation/legal action resulting in fines and civil penalties
Significant cost and effort to notify affected parties and recover from the breach

Data Loss Vectors ✅Email/Social Networking
Intercepted email or IM messages could be captured and reveal confidential
information.

Unencrypted Devices
If the data is not stored using an encryption algorithm, then the thief can retrieve
valuable confidential data.

Cloud Storage Devices
Sensitive data can be lost if access to the cloud is compromised due to weak security
settings.

Removable Media
One risk is that an employee could perform an unauthorized transfer of data to a USB
drive. Another risk is that a USB drive containing valuable corporate data could be lost.

Hard Copy
Confidential data should be shredded when no longer required.

Improper Access Control
Passwords or weak passwords which have been compromised can provide a threat
actor with easy access to corporate data.

DLP ✅Network security professionals must protect the organization's data.

, Various Data Loss Prevention (DLP) controls must be implemented which combine
strategic, operational and tactical measures.

Describe the term Hacker ✅Hacker is a common term used to describe a threat actor.

Originally the term referred to someone who was a skilled computer expert such as a
programmer and a hack was a clever solution.

The term later evolved into what we know of it today.

The terms white hat hacker, black hat hacker, and gray hat hacker are often used to
describe a type of hacker.

Hacker types ✅White Hat Hackers
These are ethical hackers who use their programming skills for good, ethical, and legal
purposes.
White hat hackers may perform network penetration tests in an attempt to compromise
networks and systems by using their knowledge of computer security systems to
discover network vulnerabilities.

Security vulnerabilities are reported to developers for them to fix before the
vulnerabilities can be exploited.

Gray Hat Hackers
These are individuals who commit crimes and do arguably unethical things, but not for
personal gain or to cause damage.
Gray hat hackers may disclose a vulnerability to the affected organization after having
compromised their network.

Black Hat Hackers
These are unethical criminals who compromise computer and network security for
personal gain, or for malicious reasons, such as attacking networks.

Hacking started in the 1960s ✅Hacking started in the 1960s with phone freaking, or
phreaking, which refers to using audio frequencies to manipulate phone systems.
At that time, telephone switches used various tones to indicate different functions.
Early hackers realized that by mimicking a tone using a whistle, they could exploit the
phone switches to make free long-distance calls.

In the mid-1980s, computer dial-up modems were used to connect computers to
networks.
Hackers wrote "war dialing" programs which dialed each telephone number in a given
area in search of computers.
When a computer was found, password-cracking programs were used to gain access.

Hacking Terms ✅Script Kiddies

Les avantages d'acheter des résumés chez Stuvia:

Qualité garantie par les avis des clients

Qualité garantie par les avis des clients

Les clients de Stuvia ont évalués plus de 700 000 résumés. C'est comme ça que vous savez que vous achetez les meilleurs documents.

L’achat facile et rapide

L’achat facile et rapide

Vous pouvez payer rapidement avec iDeal, carte de crédit ou Stuvia-crédit pour les résumés. Il n'y a pas d'adhésion nécessaire.

Focus sur l’essentiel

Focus sur l’essentiel

Vos camarades écrivent eux-mêmes les notes d’étude, c’est pourquoi les documents sont toujours fiables et à jour. Cela garantit que vous arrivez rapidement au coeur du matériel.

Foire aux questions

Qu'est-ce que j'obtiens en achetant ce document ?

Vous obtenez un PDF, disponible immédiatement après votre achat. Le document acheté est accessible à tout moment, n'importe où et indéfiniment via votre profil.

Garantie de remboursement : comment ça marche ?

Notre garantie de satisfaction garantit que vous trouverez toujours un document d'étude qui vous convient. Vous remplissez un formulaire et notre équipe du service client s'occupe du reste.

Auprès de qui est-ce que j'achète ce résumé ?

Stuvia est une place de marché. Alors, vous n'achetez donc pas ce document chez nous, mais auprès du vendeur twishfrancis. Stuvia facilite les paiements au vendeur.

Est-ce que j'aurai un abonnement?

Non, vous n'achetez ce résumé que pour €12,19. Vous n'êtes lié à rien après votre achat.

Peut-on faire confiance à Stuvia ?

4.6 étoiles sur Google & Trustpilot (+1000 avis)

78075 résumés ont été vendus ces 30 derniers jours

Fondée en 2010, la référence pour acheter des résumés depuis déjà 14 ans

Commencez à vendre!
€12,19
  • (0)
  Ajouter