Chat with AI
Deck 1: Ethical Hacking Overview
Full screen (f)
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Question
Unlock Deck
Sign up to unlock the cards in this deck!
Unlock Deck
Unlock Deck
1/50
Play
Full screen (f)
Deck 1: Ethical Hacking Overview
1
In the ____ model, management does not divulge to staff that penetration testing is being conducted, nor does it give the tester any diagrams or describe what technologies the company is using.
A)gray box
B)white box
C)black box
D)red box
A)gray box
B)white box
C)black box
D)red box
C
2
Even though the Certified Information Systems Security Professional (CISSP) certification is not geared toward the technical IT professional, it has become one of the standards for many security professionals.
True
3
The collection of tools for conducting vulnerability assessments and attacks is sometimes referred to as a "____".
A)black box
B)white box
C)gray box
D)tiger box
A)black box
B)white box
C)gray box
D)tiger box
D
4
All states look at port scanning as noninvasive or nondestructive in nature and deem it legal.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
5
An ethical hacker is a person who performs most of the same activities a cracker does, but with the owner or company's permission.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
6
The ____ certification is designated by the Institute for Security and Open Methodologies (ISECOM), a nonprofit organization that provides security training and certification programs for security professionals.
A)CompTIA Security+
B)OSSTMM Professional Security Tester (OPST)
C)Certified Information Systems Security Professional (CISSP)
D)Certified Ethical Hacker (CEH)
A)CompTIA Security+
B)OSSTMM Professional Security Tester (OPST)
C)Certified Information Systems Security Professional (CISSP)
D)Certified Ethical Hacker (CEH)
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
7
The ____ certification for security professionals is issued by the International Information Systems Security Certifications Consortium (ISC²).
A)Global Information Assurance Certification (GIAC)
B)OSSTMM Professional Security Tester (OPST)
C)Certified Information Systems Security Professional (CISSP)
D)Certified Ethical Hacker (CEH)
A)Global Information Assurance Certification (GIAC)
B)OSSTMM Professional Security Tester (OPST)
C)Certified Information Systems Security Professional (CISSP)
D)Certified Ethical Hacker (CEH)
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
8
In a(n) ____, the tester does more than attempt to break in; he or she also analyzes the company's security policy and procedures and reports any vulnerabilities to management.
A)penetration test
B)security test
C)hacking test
D)ethical hacking test
A)penetration test
B)security test
C)hacking test
D)ethical hacking test
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
9
The U.S. Department of Justice labels all illegal access to computer or network systems as "____".
A)cracking
B)hacking
C)sniffing
D)trafficking
A)cracking
B)hacking
C)sniffing
D)trafficking
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
10
____ takes penetration testing to a higher level.
A)Hacking
B)Cracking
C)Security testing
D)Packet sniffing
A)Hacking
B)Cracking
C)Security testing
D)Packet sniffing
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
11
As a security tester, you can't make a network impenetrable.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
12
The SysAdmin, Audit, Network, Security (SANS) Institute offers training and IT security certifications through Global Information Assurance Certification (GIAC).
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
13
In the ____ model, the company might print a network diagram showing all the company's routers, switches, firewalls, and intrusion detection systems (IDSs) or give the tester a floor plan detailing the location of computer systems and the OSs running on these systems.
A)black box
B)white box
C)red box
D)gray box
A)black box
B)white box
C)red box
D)gray box
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
14
Penetration testers and security testers usually have a laptop computer configured with ____ and hacking tools.
A)multiple OSs
B)tiger boxes
C)packet sniffers
D)script kiddies
A)multiple OSs
B)tiger boxes
C)packet sniffers
D)script kiddies
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
15
The International Council of Electronic Commerce Consultants (EC-Council) has developed a certification designation called ____.
A)CompTIA Security+
B)OSSTMM Professional Security Tester (OPST)
C)Certified Information Systems Security Professional (CISSP)
D)Certified Ethical Hacker (CEH)
A)CompTIA Security+
B)OSSTMM Professional Security Tester (OPST)
C)Certified Information Systems Security Professional (CISSP)
D)Certified Ethical Hacker (CEH)
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
16
Many experienced penetration testers can write computer programs or ____ in Perl or the C language to carry out network attacks.
A)kiddies
B)packets
C)scripts
D)crackers
A)kiddies
B)packets
C)scripts
D)crackers
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
17
"____" is not a domain tested for the CEH exam.
A)Sniffers
B)Social engineering
C)Footprinting
D)Red team testing
A)Sniffers
B)Social engineering
C)Footprinting
D)Red team testing
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
18
Some hackers are skillful computer operators, but others are younger inexperienced people who experienced hackers refer to as ____.
A)script kiddies
B)repetition monkeys
C)packet sniffers
D)crackers
A)script kiddies
B)repetition monkeys
C)packet sniffers
D)crackers
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
19
Currently, the CEH exam is based on ____ domains (subject areas) with which the tester must be familiar.
A)11
B)22
C)31
D)41
A)11
B)22
C)31
D)41
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
20
An April 2009 article in USA Today revealed that the federal government is looking for ____ to pay them to secure the nation's networks.
A)crackers
B)IT professionals
C)hackers
D)security testers
A)crackers
B)IT professionals
C)hackers
D)security testers
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
21
MATCHING
Match each term with the correct statement below.
a.script
f.packet monkey
b.red team
g.hacker
c.black box model
h.gray box model
d.packet monkey
i.ethical hacker
e.IRC "bot"
the tester might get information about which OSs are used, but not get any network diagrams
Match each term with the correct statement below.
a.script
f.packet monkey
b.red team
g.hacker
c.black box model
h.gray box model
d.packet monkey
i.ethical hacker
e.IRC "bot"
the tester might get information about which OSs are used, but not get any network diagrams
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
22
In the ____________________ model, the tester is told what network topology and technology the company is using and is given permission to interview IT personnel and company employees.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
23
MATCHING
Match each term with the correct statement below.
a.script
f.packet monkey
b.red team
g.hacker
c.black box model
h.gray box model
d.packet monkey
i.ethical hacker
e.IRC "bot"
Derogatory term referring to people who copy code from knowledgeable programmers instead of creating the code themselves.
Match each term with the correct statement below.
a.script
f.packet monkey
b.red team
g.hacker
c.black box model
h.gray box model
d.packet monkey
i.ethical hacker
e.IRC "bot"
Derogatory term referring to people who copy code from knowledgeable programmers instead of creating the code themselves.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
24
MATCHING
Match each term with the correct statement below.
a.script
f.packet monkey
b.red team
g.hacker
c.black box model
h.gray box model
d.packet monkey
i.ethical hacker
e.IRC "bot"
sometimes employed by companies to perform penetration tests
Match each term with the correct statement below.
a.script
f.packet monkey
b.red team
g.hacker
c.black box model
h.gray box model
d.packet monkey
i.ethical hacker
e.IRC "bot"
sometimes employed by companies to perform penetration tests
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
25
MATCHING
Match each term with the correct statement below.
a.script
f.packet monkey
b.red team
g.hacker
c.black box model
h.gray box model
d.packet monkey
i.ethical hacker
e.IRC "bot"
composed of people with varied skills who perform penetration tests
Match each term with the correct statement below.
a.script
f.packet monkey
b.red team
g.hacker
c.black box model
h.gray box model
d.packet monkey
i.ethical hacker
e.IRC "bot"
composed of people with varied skills who perform penetration tests
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
26
MATCHING
Match each term with the correct statement below.
a.script
f.packet monkey
b.red team
g.hacker
c.black box model
h.gray box model
d.packet monkey
i.ethical hacker
e.IRC "bot"
copies code from knowledgeable programmers instead of creating the code himself/herself
Match each term with the correct statement below.
a.script
f.packet monkey
b.red team
g.hacker
c.black box model
h.gray box model
d.packet monkey
i.ethical hacker
e.IRC "bot"
copies code from knowledgeable programmers instead of creating the code himself/herself
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
27
The U.S. government now has a new branch of computer crime called __________________________________________________.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
28
The ____ Institute Top 20 list details the most common network exploits and suggests ways of correcting vulnerabilities.
A)SANS
B)CompTIA
C)CERT
D)ISECOM
A)SANS
B)CompTIA
C)CERT
D)ISECOM
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
29
MATCHING
Match each term with the correct statement below.
a.script
f.packet monkey
b.red team
g.hacker
c.black box model
h.gray box model
d.packet monkey
i.ethical hacker
e.IRC "bot"
set of instructions that runs in sequence to perform tasks on a computer system
Match each term with the correct statement below.
a.script
f.packet monkey
b.red team
g.hacker
c.black box model
h.gray box model
d.packet monkey
i.ethical hacker
e.IRC "bot"
set of instructions that runs in sequence to perform tasks on a computer system
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
30
MATCHING
Match each term with the correct statement below.
a.script
f.packet monkey
b.red team
g.hacker
c.black box model
h.gray box model
d.packet monkey
i.ethical hacker
e.IRC "bot"
puts the burden on the tester to find out what technologies the company is using
Match each term with the correct statement below.
a.script
f.packet monkey
b.red team
g.hacker
c.black box model
h.gray box model
d.packet monkey
i.ethical hacker
e.IRC "bot"
puts the burden on the tester to find out what technologies the company is using
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
31
The ____ disseminates research documents on computer and network security worldwide at no cost.
A)International Council of Electronic Commerce Consultants (EC-Council)
B)SysAdmin,Audit,Network,Security (SANS)Institute
C)Institute for Security and Open Methodologies (ISECOM)
D)International Information Systems Security Certifications Consortium (ISC²)
A)International Council of Electronic Commerce Consultants (EC-Council)
B)SysAdmin,Audit,Network,Security (SANS)Institute
C)Institute for Security and Open Methodologies (ISECOM)
D)International Information Systems Security Certifications Consortium (ISC²)
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
32
The SysAdmin,Audit,Network, Security (SANS) Institute offers training and IT security certifications through ____.
A)Global Information Assurance Certification (GIAC)
B)OSSTMM Professional Security Tester (OPST)
C)Certified Information Systems Security Professional (CISSP)
D)Certified Ethical Hacker (CEH)
A)Global Information Assurance Certification (GIAC)
B)OSSTMM Professional Security Tester (OPST)
C)Certified Information Systems Security Professional (CISSP)
D)Certified Ethical Hacker (CEH)
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
33
Those who break into systems to steal or destroy data are often referred to as ____________________.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
34
Some of the most infamous cases are hacks carried out by ____ students, such as the eBay hack of 1999.
A)graduate
B)high-school
C)college
D)engineering
A)graduate
B)high-school
C)college
D)engineering
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
35
Employees of a security company are protected under the company's ____________________ with the client.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
36
MATCHING
Match each term with the correct statement below.
a.script
f.packet monkey
b.red team
g.hacker
c.black box model
h.gray box model
d.packet monkey
i.ethical hacker
e.IRC "bot"
accesses a computer system or network without the authorization of the system's owner
Match each term with the correct statement below.
a.script
f.packet monkey
b.red team
g.hacker
c.black box model
h.gray box model
d.packet monkey
i.ethical hacker
e.IRC "bot"
accesses a computer system or network without the authorization of the system's owner
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
37
MATCHING
Match each term with the correct statement below.
a.script
f.packet monkey
b.red team
g.hacker
c.black box model
h.gray box model
d.packet monkey
i.ethical hacker
e.IRC "bot"
program that sends automatic responses to users, giving the appearance of a person being present on the other side of the connection
Match each term with the correct statement below.
a.script
f.packet monkey
b.red team
g.hacker
c.black box model
h.gray box model
d.packet monkey
i.ethical hacker
e.IRC "bot"
program that sends automatic responses to users, giving the appearance of a person being present on the other side of the connection
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
38
In a(n) ____________________, an ethical hacker attempts to break into a company's network to find the weakest link in that network or one of its systems.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
39
The ____ certification uses the Open Source Security Testing Methodology Manual (OSSTMM), written by Peter Herzog, as its standardized methodology.
A)CEH
B)OPST
C)CISSP
D)GIAC
A)CEH
B)OPST
C)CISSP
D)GIAC
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
40
A ____ can be created that welcomes new users joining a chat session, even though a person isn't actually present to welcome them.
A)byte
B)packet
C)switch
D)bot
A)byte
B)packet
C)switch
D)bot
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
41
Why are employees sometimes not told that the company is being monitored?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
42
In the context of penetration testing, what is the gray box model?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
43
Ethical hackers are employed or contracted by a company to do what illegal hackers do: break in. Why?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
44
Why is it hard for an ethical hacker to avoid breaking any laws?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
45
What are four different skills a security tester needs?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
46
Even though you might think you're following the requirements set forth by the client who hired you to perform a security test, don't assume that management will be happy with your results. Provide an example of an ethical hacking situation that might upset a manager.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
47
List at least five domains tested for the Certified Ethical Hacker (CEH) exam.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
48
If being liked by others is important to you, you might want to consider a different profession than penetration testing. Why?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
49
What is the SANS Institute Top 20 list?
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
50
Describe some actions which security testers cannot perform legally.
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
Unlock Deck
k this deck
Unlock Deck
Unlock for access to all 50 flashcards in this deck.
