Hands-On Ethical Hacking and Network Defense, 4e R
Hands-On Ethical Hacking and Network Defense, 4e R
Verkoper
Volgen
tutorsection
Ontvangen beoordelingen
Voorbeeld van de inhoud
(Hands-On Ethical Hacking and Network Defense, 4e Rob Wilson)
(Test Bank, Answer at the end of each Chapter)
Module 1 - Ethical Hacking Overview
Indicate the answer choice that best completes the statement or answers the question.
1. What type of testing procedure involves the tester(s) analyzing the company's security policy and procedures,
and reporting any vulnerabilities to management?
a. penetration test
b. security test
c. hacking test
d. ethical hacking test
2. What specific term does the U.S. Department of Justice use to label all illegal access to computer or network
systems?
a. Hacking
b. Cracking
c. Security testing
d. Packet sniffing
3. What penetration model should a company use if they only want to allow the penetration tester(s) partial or
incomplete information regarding their network system?
a. gray box
b. white box
c. black box
d. red box
4. What advanced professional security certification requires applicants to demonstrate hands-on abilities to
earn their certificate?
a. Offensive Security Certified Professional
b. Certified Ethical Hacker
c. Certified Information Systems Security Professional
d. CompTIA Security+
5. What common term is used by security testing professionals to describe vulnerabilities in a network?
a. bytes
b. packets
c. bots
d. holes
6. What term refers to a person who performs most of the same activities a hacker does, but with the owner or
company's permission?
a. cracker
b. script kiddie
c. ethical hacker
Powered by Cognero Page 1
,Name: Class: Date:
Module 1 - Ethical Hacking Overview
d. hacktivist
7. What derogatory title do experienced hackers give to inexperienced hackers who copy code or use tools
created by knowledgeable programmers without understanding how the tools work?
a. copy kiddie
b. red team member
c. packet monkey
d. cracker
8. What type of assessment performed by a penetration tester attempts to identify all the weaknesses found in an
application or on a system?
a. health
b. technical
c. vulnerability
d. network
9. Many experienced penetration testers will write a set of instructions that runs in sequence to perform tasks on
a computer system. What type of resource are these penetration testers utilizing?
a. kiddies
b. packets
c. scripts
d. tasks
10. How can a security tester ensure a network is nearly impenetrable?
a. install a vendor's latest security patch
b. update the operating systems
c. eliminate unnecessary applications or services
d. unplug the network cable
11. What penetration model should be used when a company's management team does not wish to disclose that
penetration testing is being conducted?
a. black box
b. white box
c. red box
d. silent box
12. Why might companies prefer black box testing over white box testing?
a. The white box model puts the burden on the tester to find information about the technologies a
company is using.
b. If a company knows that it's being monitored to assess the security of its systems, employees might
behave more carelessly and not adhere to existing procedures.
c. Black box testing involves a collaborative effort between a company's security personnel and
Powered by Cognero Page 2
,Name: Class: Date:
Module 1 - Ethical Hacking Overview
penetration testers.
d. Many companies don't want a false sense of security.
13. What penetration model would likely provide a network diagram showing all the company's routers,
switches, firewalls, and intrusion detection systems, or give the tester a floor plan detailing the location of
computer systems and the OSs running on these systems?
a. black box
b. white box
c. red box
d. blue box
14. What is the difference between penetration tests and security tests?
a. These terms are synonymous
b. In a penetration test, an ethical hacker attempts to break into a company's network or applications to
find weak links. In a security test, testers do more than attempt to break in; they also analyze a
company's security policy and procedures and report any vulnerabilities to management.
c. Penetration testing takes security testing to a higher level
d. In a security test, an ethical hacker attempts to break into a company's network or applications to find
weak links. In a penetration test, testers do more than attempt to break in; they also analyze a
company's security policy and procedures and report any vulnerabilities to management.
15. Why should a company employ an ethical hacker?
a. The benefit of an ethical hacker discovering vulnerabilities outweighs the cost of paying for the
penetration/security test services.
b. A company can hire an ethical hacker to promote political or social ideologies.
c. Ethical hackers can help make a network impenetrable.
d. Companies should never hire hackers.
16. Which penetration model allows for an even distribution of time and resources along with a fairly
comprehensive test?
a. White box
b. Black box
c. Gray box
d. Red box
17. What is critical to remember when studying for a network security certification exam?
a. Memorize answers to questions to ensure you pass.
b. Security certifications are always relevant because it is a static profession.
c. Certifications prove only technical skills are necessary to perform the job of a security professional
effectively.
d. Following the laws and behaving ethically are more important than passing an exam.
Powered by Cognero Page 3
, Name: Class: Date:
Module 1 - Ethical Hacking Overview
18. What can be inferred about successful security professionals?
a. Successful security professionals have strong technical skills.
b. Successful security professionals have strong soft skills.
c. Successful security professionals have a combination of technical and soft skills.
d. Successful security professionals have multiple certifications.
19. With which type of laws should a penetration tester or student learning hacking techniques be familiar?
a. local
b. state
c. federal
d. all of the above
20. What policy, provided by a typical ISP, should be read and understood before performing any port scanning
outside of your private network?
a. Port Scanning Policy
b. Acceptable Use Policy
c. ISP Security Policy
d. Hacking Policy
21. What acronym represents the U.S. Department of Justice branch that addresses computer crime?
a. GIAC
b. OPST
c. CHIP
d. CEH
22. What federal law makes it illegal to intercept any type of communication, regardless of how it was
transmitted?
a. The No Electronic Theft Act
b. U.S. PATRIOT Act
c. Electronic Communication Privacy Act
d. The Computer Fraud Act
23. Which of the following statements about port scanning is true?
a. Port scanning violates the U.S. Constitution.
b. Some states consider port scanning as noninvasive or nondestructive in nature and deem it legal.
c. If you are found innocent of criminal port scanning charges, there are no financial repercussions.
d. Port scanning while connected to a VPN will only allow you to scan your own personal network.
24. Why have some judges dismissed charges for those accused of port scanning?
a. Networks are private property.
b. Usually, no damages are done when port scanning.
Powered by Cognero Page 4
Voordelen van het kopen van samenvattingen bij Stuvia op een rij:
Verzekerd van kwaliteit door reviews
Stuvia-klanten hebben meer dan 700.000 samenvattingen beoordeeld. Zo weet je zeker dat je de beste documenten koopt!
Snel en makkelijk kopen
Je betaalt supersnel en eenmalig met iDeal, creditcard of Stuvia-tegoed voor de samenvatting. Zonder lidmaatschap.
Focus op de essentie
Samenvattingen worden geschreven voor en door anderen. Daarom zijn de samenvattingen altijd betrouwbaar en actueel. Zo kom je snel tot de kern!
Veelgestelde vragen
Wat krijg ik als ik dit document koop?
Je krijgt een PDF, die direct beschikbaar is na je aankoop. Het gekochte document is altijd, overal en oneindig toegankelijk via je profiel.
Tevredenheidsgarantie: hoe werkt dat?
Onze tevredenheidsgarantie zorgt ervoor dat je altijd een studiedocument vindt dat goed bij je past. Je vult een formulier in en onze klantenservice regelt de rest.
Van wie koop ik deze samenvatting?
Stuvia is een marktplaats, je koop dit document dus niet van ons, maar van verkoper tutorsection. Stuvia faciliteert de betaling aan de verkoper.
Zit ik meteen vast aan een abonnement?
Nee, je koopt alleen deze samenvatting voor €16,09. Je zit daarna nergens aan vast.