Deck 1: Ethical Hacking and Testing

A) Script Kiddie
B) Hacker
C) Attacker
D) Consultant

A) PHP
B) SQL Injection
C) Cross Site Scripting
D) Shrink Wrap Code

A) Neil should sell his exploit on eBay. There is nothing wrong with making an honest dollar this way since the software itself should have been free in the first place.
B) The laws that protect the right to Full Disclosure are in higher standing than the EULA. It is a constitutional issue regarding speech and expression. Neil can reveal his findings without worry.
C) Report the finding to a neutral party such as a CERT coordination center
D) Anonymously report the finding to the bugtraq or "full disclosure" mailing lists

A) Disgruntled Employee
B) Black Hat hacker
C) Negligent management
D) The burdens of government regulations

A) Launch a vulnerability scanner
B) Enumerate as much as possible about the policies of each system
C) Attack!
D) Take the information they have gathered and start searching Google

A) A Windows 2000 server
B) Honeypot
C) Bastion host
D) An open source operating system

A) Honeypot
B) Bastion host
C) Intrusion Detection System
D) A Windows 98 machine

A) Annoy the administrator of that host with a Denial of Service attack
B) If the target service is secure there is nothing else that can be done
C) Convince a user to accept a malicious file into one of the clients on the host
D) Attack a service on one of the other open ports

A) A positive or negative event that can impact a resource or process
B) A negative event that can cause damage to a resource or process
C) Bungee jumping
D) A management technique that measures certainty

A) Unpatched operating systems
B) Natural Disasters
C) DD0S (Distributed Denial of Service)
D) Social engineering

A) Backdoor
B) Rootkit
C) Maintenance hook
D) Trojan

A) Throw off the timeline to confuse the investigator
B) Create the appearance of decoy traffic
C) Make an extremely unusual event so it wouldn't be looked at
D) Taunt the administrators

A) Create a tutorial complete with screenshots and submit the finding to digg.com and slashdot.org
B) Call the vendor and offer to keep quiet if they pay you a finder's fee
C) Prove the exploit works, then sell a script on eBay
D) Report the vulnerability to a regional emergency response organization

A) Lecture the person about ethics and appropriate behavior. Make certain she realizes the trouble she is causing the industry as a whole.
B) Avoid insulting the person, enforce policy in a professional yet objective manner, and consider the idea that this person can be an asset if properly mentored.
C) Explain "Script kiddies are l00s3rs." And agree with your friend that if this l@m3r can't write her own buffer overflow shellcode then she isn't worth a slice of pizza.
D) Shrug your shoulders in indifference and get on with your day knowing your network is so secure that this person poses no possible threat.

A) $1,000
B) $5,000
C) $10,000
D) There is no lower limit

A) Copyright and Patent Protection Act
B) Freedom of Information Act
C) Digital Millennium Copyright Act
D) It is not illegal; if a protection can be broken it is a right to break it

A) The law recognizes a difference between a computer being used in a crime and when a computer is the target of a crime
B) The Freedom of Information Act guarantees the fair use and exchange of all information materials
C) The law has definitive distinctions between what is "important" versus "unimportant" information
D) Penalties increase dramatically if human life has been put in danger

A) Computer Fraud and Abuse Act Section 1030
B) Federal Computer Breech Act of 1985
C) The Bush Cheney Act of 2006
D) Symbolic Data Protection Act of 2001

A) Use the netcraft website to look up the target's host
B) Use telnet to perform a banner grab
C) Use a common scanner in "paranoid mode"
D) Call them and ask

A) Look through the websites that target has partner relationships with
B) Use Google to look through their cache database
C) Learn to program in PERL and create a webcrawler of your own
D) "The Wayback Machine"

A) Circumventing copyright protections is permissible if they can be defeated. The responsibility lies on the rights holder to enforce protection adequately.
B) The "Librarian of Congress" can issue exceptions to the circumventing of copyright protections that the DMCA addresses.
C) The DMCA stands for the "Digital Mandates for Circumvention of Assets" Act. It implements treaties established by WIPO (World Intellectual Property Organization).
D) The DMCA protects the attacker by defining reverse engineering as "The legitimate act of research" and "an inherent right of each user."

A) She didn't have enough money to hire a good attorney.
B) This was an injustice. She should have won the case.
C) She used too much. A clip or two with proper attribution would have been better.
D) It was a flip of the coin; the case could have gone either way.

A) The Human Rights act of 1998 (UK)
B) The Google Act of 2003
C) Privacy Act of 1974
D) There are no such rights

A) Illegal and highly prosecuted
B) Information gathering
C) Rude and impolite
D) Denial of Service

A) The GLBA (Graham Leach Bliley Act)
B) The FBI
C) The Secret Service
D) A free market society has no such crime. It is a moral imperative that to the winner "goes the spoils." If you can work the system then it works for you.

A) Directive 8570
B) FISMA
C) FISO
D) The Homeland Security Act

A) Organizations that provide educational services and receives funding from the department of education must have certain controls over student records, including disclosure to third parties.
B) Organizations that provide financial services must have certain controls over client records, including disclosure to third parties.
C) Individuals that receive TARP funds must protect the identities of the financial officers that brokered their benefits.
D) FISMA and FIDO must not collude to compromise, sell, or distribute information that reveals financial details about a citizen of the United States.

A) Computer Operation and Protection Act of 1989
B) Computer Hacking and Modification Act of 1990
C) Computer Fraud and Abuse Act Section 1029
D) Computer Misuse Act of 1990

A) CAN-SPAM ACT
B) SPY Act
C) Intellectual Properties and Protection Act
D) Free Speech in Advertising Act

A) Without knowing the original user of the file the information could be inaccurate or not relevant, however, if something thinks it is they would still try to use it during a social engineering attack.
B) Many tools that are easy to obtain can brute force the passwords. It is also common for documents of this nature to use easy to remember dictionary words that are also often the same for many files.
C) Since the password must always be stored in the file itself, it is fairly easy to use a common hex editor to analyze the file and extract the credentials
D) The passwords are usually stored using a very strong encryption, but notepad will usually open the files in clear text anyway

A) Booting up to an alternative operating system might allow you to circumvent the local authentication, compromise a credential store, or steal critical data
B) Not being able to login would prevent your host from obtaining network configurations such as an IP address, routing and DNS settings. But sniffing is still possible.
C) There are ways of detecting the presence of new systems on the network such as rogue infrastructure. These techniques should still be tested regularly
D) Physical security is always critical and along with user training should be a constantly run program

A) Cross Site Scripting
B) SQL Injection
C) Browser drive-by
D) Social Engineering

A) Project scoping
B) Rules of engagement negotiation
C) Vulnerability analysis
D) Passive information gathering

A) Setup a webserver that uses a secondary that only invited users will know about
B) Keeping the directory structures the same as installed, for easier maintenance
C) Allowing the sample pages of the webserver to remain so as not to confuse anyone until the real site is built
D) Keeping the default user accounts to make sure access is always available.

A) To verify information about the email administrator
B) Gather information about internal hosts
C) See how the IT department responds to a Denial of service attack
D) To learn about the internal policies for handling such events

A) URL obfuscation attack
B) Directory traversal attack
C) Query string parameter manipulation attack
D) A path string attack

A) Nessus scans can cause BSODs, she just needs to reboot
B) Her computer is enumerating the network with dumpsec
C) Her computer is using floppyscan
D) A USB key was inserted and caused a IRQ conflict

A) Indemnity Claus
B) "Get out of jail free" card
C) Rules of engagement
D) Non-disclosure agreement

A) Identity theft
B) Identity faking
C) Identity spoofing
D) Identity pre-texting

A) Insider Associate
B) Insider Affiliate
C) Outsider Affiliate
D) Outsider Associate

A) Separation of duties
B) Rotation of duties
C) Restrict privileges
D) Controlled access
E) Logging and auditing
F) Legal policies
G) Archiving critical data

A) Disgruntled Employee
B) Suppliers and Venders
C) CEO
D) Business Partners and consultants

A) LANs
B) Email
C) In Person
D) Telephone

A) Picture fuzzing
B) Steganography
C) Cryptography
D) Reverse Social Engineering

A) Clever talking
B) Door jamming
C) Tailgating
D) Mantrapping

A) Paper Pilfering
B) Trash Tracing
C) Green Grabbing
D) Document Grinding

A) Authority, Scarcity, Liking, Reciprocation, Commitment, Intimidation
B) Authority, Scarcity, Liking, Reciprocation, Consistency, Social Validation
C) Authority, Scarcity, Complimenting, Reciprocation, Consistency, Social Validation
D) Intimidation, Scarcity, Liking, Reciprocation, Charisma, Social Validation

A) SPAM & Scam Sandwich
B) Brazilian Spam Squad
C) Spear Phishing
D) South American 419 Scam

A) Social Networks
B) SMS, Skype, and IM SPAM
C) Spear phishing
D) Botnets

A) Sabotage, Advertising, Assisting
B) Advertising, Sabotage, Assisting
C) Sabotage, Assisting, Advertising
D) Assisting, Sabotage, Advantage

A) It looks like a promising link, he should try it out.
B) You tell him the site is not from the USA and would probably not have leads he can use anyway. He should respond to the poster by calling him a jerk for wasting our time.
C) You offer to click the link from your workstation instead, because it is safer.
D) You advise this is not considered good netiquette and that this type of advertising does not present the best image for the company. You ask Zig not to click on the link, do not respond further, and please don't do this again.