434 Network Defense & Security - ch1
What term best describes a person who hacks computer systems for political or social reasons? a.cracktivist b.hacktivist c.sniffer d.script kiddy
B
What common term is used by security testing professionals to describe vulnerabilities in a network? a.holes b.bytes c.packets d.bots
a
What policy, provide by a typical ISP, should be read and understood before performing any port scanning outside of your private network? a.Acceptable Use Policy b.ISP Security Policy c.Port Scanning Policy d.Hacking Policy
a
What penetration model would likely provide a network diagram showing all the company's routers, switches, firewalls, and intrusion detection systems, or give the tester a floor plan detailing the location of computer systems and the OSs running on these systems? a.black box b.blue box c.white box d.red box
c
What penetration model should be used when a company's management team does not wish to disclose that penetration testing is being conducted? a.black box b.white box c.red box d.silent box
A
Even though the Certified Information Systems Security Professional (CISSP) certification is not geared toward the technical IT professional, it has become one of the standards for many security professionals. True False
True
Penetration testers and security testers need technical skills to perform their duties effectively. True False
True
What derogatory title do experienced hackers, who are skilled computer operators, give to inexperienced hackers? a.crackers b.packet sniffers c.script kiddies d.repetition monkeys
c
What federal law makes it illegal to intercept any type of communication, regardless of how it was transmitted? a.The Computer Fraud Act b.Interception Abuse Act c.Electronic Communication Privacy Act d.Fraud and Abuse Act
c
What organization disseminates research documents on computer and network security worldwide at no cost? a.EC-Council b.ISECOM c.SANS d.ISC2
c
What type of laws should a penetration tester or student learning hacking techniques be aware of? a.federal b.local c.all of the above d.state
c
If you work for a company as a security professional, you will most likely be placed on a special team that will conduct penetration tests. What is the standard name for a team made up of security professionals? a.blue team b.security team c.pen team d.red team
d
What professional level security certification requires five years of experience and is designed to focus on an applicant's security-related managerial skills? a.Certified Ethical Hacker b.Certified Information Systems Security Professional c.OSSTMM Professional Security Tester d.Offensive Security Certified Professional
b
Many experienced penetration testers will write a set of instructions that runs in sequence to perform tasks on a computer system. What type of resource are these penetration testers utilizing? a.packets b.tasks c.kiddies d.scripts
d
Penetration testing can create ethical, technical, and privacy concerns for a company's management team. What can a security consultant do to ensure the client fully understands the scope of testing that will be performed? a.create a lab demonstration b.create a virtual demonstration c.create a slide presentation d.create a contractual agreement
d
What professional level security certification did the "International Information Systems Security Certification Consortium" (ISC2) develop? a.OSSTMM Professional Security Tester (OPST) b.Certified Ethical Hacker (CEH) c.Security+ d.Certified Information Systems Security Professional (CISSP)
d
What security certification uses the Open Source Security Testing Methodology Manual (OSSTMM) as its standardized methodology? a.CISSP b.GIAC c.CEH d.OPST
d
What type of testing procedure involves the tester(s) analyzing the company's security policy and procedures, and reporting any vulnerabilities to management? a.ethical hacking test b.penetration test c.hacking test d.security test
d
As a security tester, you can make a network impenetrable. True False
False
