Ethical Hacking Final Exam Questions and 100% Correct Answers
1 vue 0 fois vendu
Cours
Ethical Hacking
Établissement
Ethical Hacking
Which part of the security triad is concerned about denial-of-service attacks Availability
Which phase of the Hacking Methodology is the safest in regards to the target becoming aware that you are planning an attack against it? Reconnaissance with OSINT
What type of hacker can be either ethical o...
which part of the security triad is concerned abou
which phase of the hacking methodology is the safe
École, étude et sujet
Ethical Hacking
Ethical Hacking
Vendeur
S'abonner
twishfrancis
Avis reçus
Aperçu du contenu
Ethical Hacking Final Exam Questions
and 100% Correct Answers
Which part of the security triad is concerned about denial-of-service attacks
✅Availability
Which phase of the Hacking Methodology is the safest in regards to the target
becoming aware that you are planning an attack against it? ✅Reconnaissance with
OSINT
What type of hacker can be either ethical or unethical, usually dependent on the highest
bidder? ✅gray hat
What type of threat actor would hack a system to discover the names of doctors who
perform abortions and then release those names to the internet in an attempt to spread
anger and hatred among the anti-abortion population? ✅hacktivist
All systems on the internet are at risk from being attacked by hackers. Also, machines
not on the internet, such as air-gapped networks, are similarly at risk. ✅true
______________ exploits are mostly successful because they attack an
undiscovered/unknown vulnerability in a system, ✅zero-day
What is the fundamental difference between hacking and ethical hacking?
✅permissions to conduct the attack
If you secure information in its original form, which of the following are you protecting?
✅integrity
Which of the following is the first step in Ethical Hacking methodology? ✅none of these
A __________________ is someone who does not have the expertise of a hacker and
relies on ready-made tools as they can't write their own code. ✅script kitty
Nmap is considered an active form of reconnaissance. ✅true
The Whois website can be used to find domain and registrar information. ✅true
If theHarvester is provided with a domain name and ___________________, it can
return user information such as: email accounts, host names, and sub-domain names.
✅search engine name
,The command nslookup can query the domain name system. So, you can give it a
domain name and nslookup will return its ip address. ✅true
What tool was demonstrated that could graphically illustrate all of the technologies,
services, and subdomains for a given domain AND the connections between each?
✅Maltego
Using whois.domaintools.com would allow you to find the ip address of a domain.
✅true
Signing up for websites using your personal e-mail address can lead to identity theft
attacks. ✅true
Disabling all unnecessary ports and services is one action a system administrator can
take to harden the system he is overseeing. This is sometimes referred to as a
countermeasure. ✅true
A common and often successful attack vector for hackers is an employee who
unknowingly gives out sensitive information that can provide an entry point into the
system. ✅true
Nmap can provide many types of information such as the services and version number
of the service running on different ports, and what ports are open for connections.
However, it cannot fingerprint an Operating System, that is, determine what OS and
version the system is running. ✅false
What operating system is the popular choice of hackers (both ethical and unethical)
because it comes installed with all types of hacking tools? ✅Kali Linux
Nikto is useful for checking for vulnerabilities in ___________________. ✅Web
servers
Output from a nikto vulnerability scan can be output to html for easier reading and
facilitating research on the weaknesses found. ✅true
The OSVDB (open source vulnerability data base) is a currently maintained data base
that you could use to find the most recent vulnerabilities found in different systems and
ways to mitigate these. ✅false
MBSA is a free security analyzer that IT professionals can use to scan a microsoft-
based system for insecure configuration settings and offers guidance to correct these
insecurities. One of the mitigations demonstrated in class was making sure that
passwords must change periodically. Allowing someone the permission to never change
their password is a great find for hackers! ✅true
, A yellow exclamation point icon is used in a MBSA report to indicate that a critical check
has failed. ✅false
MBSA can generate professional-looking reports that you can present to a client
showing the results of your investigation of the client's system. ✅true
A false positive is a condition that is shown as a result when it does not actually exist.
✅true
The windows operating system is one component that MBSA checks to see if the most
recent updates to the OS have been installed. ✅true
Lynis is a free vulnerability scanning tool used with Windows systems but must be
installed first. ✅false
In social engineering, if an attacker gives fake reason(s) for obtaining sensitive
information (username, password, etc...) from a victim, this is known as
__________________. ✅Pretexting
Which of the following was not a method or technique presented for obtaining sensitive
information from a victim? ✅all can be used to obtain information
This type of phishing attack targets high-level executives of a company like a president,
CIO (chief information officer), CFO (chief financial officer), etc... ✅whaling
Kali Linux has a social engineering tookit called SET that provides an attacker with
various means of help in conducting a social engineering attack. ✅true
Using elicitation, the attacker extracts information from a victim without asking direct
questions. ✅true
What is the name of the browser add-on that can help protect users from phishing
schemes when browsing the web. ✅netcraft
What is the name of the website that contains a repository of phished Websites. You
can enter a URL, and it will provide details of whether it is phished or not. ✅Phishtank
In the lab on social engineering, you used Kali Linux to create a payload that would be
stored on a target machine. When the payload ran it connected back to a listener on the
attack machine. This is known as a Reverse TCP shell. The attackers machine would
then gain control of the session on the target machine and could potentially do all sorts
of nefarious things. In the lab, what service was run to transfer the payload to the target
machine? ✅ftp
Les avantages d'acheter des résumés chez Stuvia:
Qualité garantie par les avis des clients
Les clients de Stuvia ont évalués plus de 700 000 résumés. C'est comme ça que vous savez que vous achetez les meilleurs documents.
L’achat facile et rapide
Vous pouvez payer rapidement avec iDeal, carte de crédit ou Stuvia-crédit pour les résumés. Il n'y a pas d'adhésion nécessaire.
Focus sur l’essentiel
Vos camarades écrivent eux-mêmes les notes d’étude, c’est pourquoi les documents sont toujours fiables et à jour. Cela garantit que vous arrivez rapidement au coeur du matériel.
Foire aux questions
Qu'est-ce que j'obtiens en achetant ce document ?
Vous obtenez un PDF, disponible immédiatement après votre achat. Le document acheté est accessible à tout moment, n'importe où et indéfiniment via votre profil.
Garantie de remboursement : comment ça marche ?
Notre garantie de satisfaction garantit que vous trouverez toujours un document d'étude qui vous convient. Vous remplissez un formulaire et notre équipe du service client s'occupe du reste.
Auprès de qui est-ce que j'achète ce résumé ?
Stuvia est une place de marché. Alors, vous n'achetez donc pas ce document chez nous, mais auprès du vendeur twishfrancis. Stuvia facilite les paiements au vendeur.
Est-ce que j'aurai un abonnement?
Non, vous n'achetez ce résumé que pour €9,69. Vous n'êtes lié à rien après votre achat.
