Chapter 1 & 2 Ethical Hacking
What penetration model should be used when a company's management team does not wish to disclose that penetration testing is being conducted?
black box
When a security professional is presented with a contract drawn up by a company's legal department, which allows them to "hack" the company's network, they should proceed by performing what precautionary step?
consult their lawyer
What name is given to people who break into computer systems with the sole purpose to steal or destroy data?
crackers
Penetration testing can create ethical, technical, and privacy concerns for a company's management team. What can a security consultant do to ensure the client fully understands the scope of testing that will be performed?
create a contractual agreement
What term best describes a person who hacks computer systems for political or social reasons?
hacktivist
What common term is used by security testing professionals to describe vulnerabilities in a network?
holes
If you work for a company as a security professional, you will most likely be placed on a special team that will conduct penetration tests. What is the standard name for a team made up of security professionals?
red team
What derogatory title do experienced hackers, who are skilled computer operators, give to inexperienced hackers?
script kiddies
Many experienced penetration testers will write a set of instructions that runs in sequence to perform tasks on a computer system. What type of resource are these penetration testers utilizing?
scripts
What type of testing procedure involves the tester(s) analyzing the company's security policy and procedures, and reporting any vulnerabilities to management?
security test
What IP address is used as a loopback address and is not a valid IP address that can be assigned to a network?
127 address
What port is typically reserved and utilized by the Secure Hypertext Transfer Protocol to create a secure connection to a Web server?
443
What port does the Trivial File Transfer Protocol, or TFTP service use?
69
What policy, provide by a typical ISP, should be read and understood before performing any port scanning outside of your private network?
Acceptable Use Policy
What IPv4 address class has the IP address 221.1.2.3?
Class C
What TCP/IP protocol is used to send messages related to network operations and can be used to troubleshoot network connectivity?
ICMP
What 32-bit number tracks packets received by a node and allows the reassembling of large packets that have been broken up into smaller packets?
ISN
What layer, in the TCP/IP stack, is responsible for routing a packet to a destination address?
Internet
What type of network attack relies on guessing a TCP header's initial sequence number, or ISN?
Session hijacking
What protocol is the most widely used and allows all computers on a network to communicate and function correctly?
TCP/IP
