Ethical Hacking Midterm
Network scan
A ping sweep is used to scan a range of IP addresses to look for live systems. A ping sweep can also alert a security system, which could result in an alarm being triggered or an attempt being blocked. Which type of scan is being used?
Mantraps
While reviewing video files from your organization's security cameras, you notice a suspicious person using piggybacking to gain access to your building. The individual in question did not have a security badge. Which of the following would you most likely implement to keep this from happening in the future?
White hat
Which type of threat actor only uses skills and knowledge for defensive purposes?
PCI DSS
Which of the following defines the security standards for any organization that handles cardholder information for any type of payment card?
Scope of Work
Which of the following documents details exactly what can be tested during a penetration test?
Information gathering techniques
Which of the following elements of penetration testing includes the use of web surfing, social engineering, dumpster diving, and social networking?
CAPEC
Which of the following government resources is a dictionary of known patterns of cyberattacks used by hackers?
Ignore messages to unknown recipients instead of sending back error messages
Which of the following is the most basic way to counteract SMTP exploitations?
Gain access
Which of the following is the third step in the ethical hacking methodology?
The remediation phase
Which of the following phases of the vulnerability management lifecycle implements patches, hardening, and correction of weaknesses?
service-based
Which of the following solutions creates the risk that a hacker might gain access to the system?
Compliance-based
Which type of penetration test is required to ensure an organization is following federal laws and regulations?
Use incremental backups and store them in a locked fireproof safe.
You have implemented a regular backup schedule for a Windows system, backing up data files every night and creating a system image backup once per week. For security reasons, your company has decided not to store a redundant copy of the backup media at an off-site location. Which of the following would be the best backup and storage option?
This hacker is only concerned with taking down their target for a cause. They have no concerns about being caught
Which statement best describes a suicide hacker?
Ongoing monitoring is an important practice to ensure that the amount of risk for a security flaw is at a minimum. Just because you patched the existing errors does not mean your work is done. New vulnerabilities are created every day, so it is important to keep up with them to protect your systems. Additionally, it is also important to maintain a system that many people use, as one person making a mistake could lead to a breach later if it is not caught.
Why is ongoing monitoring a valuable practice?
How to prevent piggybacking and tailgating.
You are in the process of implementing policies and procedures that require employee identification. You observe employees holding a secure door for others to pass through. Which of the following training sessions should you implement to help prevent this in the future?
Tolerance
After performing a risk assessment, an organization must decide what areas of operation can be included in a penetration test and what areas cannot be included. Which of the following describes the process?
LDAP
After the enumeration stage, you are considering blocking port 389. Your colleague has advised you to use caution when blocking ports that could potentially impact your network. Which of the following necessary services could be blocked?
Reach out to an attorney for legal advice.
During a penetration test, Heidi runs into an ethical situation she's never faced before and is unsure how to proceed. Which of the following should she do?
Ignore the records and move on.
During an authorized penetration test, Michael discovered his client's financial records. Which of the following should he do?
Add the cloud host to the scope of work.
Hannah is working on the scope of work with her client. During the planning, she discovers that some of the servers are cloud-based servers. Which of the following should she do?
Scanning and enumeration
Heather is performing a penetration test. She has gathered a lot of valuable information about her target already. Heather has used some hacking tools to determine that, on her target network, a computer named Production Workstation has port 445 open. Which step in the ethical hacking methodology is Heather performing?
Split DNS
Hugh, a security consultant, recommended the use of an internal and external DNS to provide an extra layer of security. Which of the following DNS countermeasures is being used?
Enumeration
In which phase of the ethical hacking process do you gather information from a system to learn more about its configurations, software, and services?
NVD
Jessica, an employee, has come to you with a new software package she would like to use. Before you purchase and install the software, you would like to know if there are any known security- related flaws or if it is commonly misconfigured in a way that would make it vulnerable to attack. You only know the name and version of the software package. Which of the following government resources would you consider using to find an answer to your question?
P0f
Joe wants to use a stealthy Linux tool that analyzes network traffic and returns information about operating systems. Which of the following banner grabbing tools is he most likely to use?
HIPAA
Michael is performing a penetration test for a hospital. Which federal regulation does Michael need to ensure he follows?
Social engineering
MinJu, a penetration tester, is testing a client's security. She notices that every Wednesday, a few employees go to a nearby bar for happy hour. She goes to the bar and starts befriending one of the employees with the intention of learning the employee's personal information. Which information gathering technique is MinJu using?
Ethical hacking
Penetration testing is the practice of finding vulnerabilities and risks with the purpose of securing a computer or network. Penetration testing falls under which all-encompassing term?
Moral obligation, ignorance, and threatening
Social engineers are master manipulators. Which of the following are tactics they might use?
APT
The Stuxnet worm was discovered in 2010 and was used to gain sensitive information on Iran's industrial infrastructure. This worm was probably active for about five years before being discovered. During this time, the attacker had access to the target. Which type of attack was Stuxnet?
CISA
The list of cybersecurity resources below are provided by which of the following government sites? Information exchange Training and exercises Risk and vulnerability assessments Data synthesis and analysis Operational planning and coordination Watch operations Incident response and recovery
Reporting
The penetration testing life cycle is a common methodology used when performing a penetration test. This methodology is almost identical to the ethical hacking methodology. Which of the following is the key difference between these methodologies?
CWE
This government resource is a community-developed list of common software security weaknesses. They strive to create commonality in the descriptions of weaknesses of software security. Which of the following government resources is described?
cve.mitre.org https://nvd.nist.gov/ us-cert.gov capec.mitre.org CVSS Calculato
What are five helpful government-sponsored resources?
(Internal Examples) Physical security Internal open ports Viruses and malware Internal flaws and patches (External Examples) Network maps exist Rule set for firewalls DNS zones
What are seven types of assessments?
information gathering, establishing relationship and rapport, exploitation, and execution.
What are the phases of a social engineering attack?
A document that goes over the rules and guidelines of how to handle a penetration test.
What are the rules of engagement?
Banner grabbing is a technique used to gain information about a computer system on a network and the services running on its open ports. Administrators can use this to take inventory of the systems and services on their network. Wikipedia
What is banner grabbing?
Pretexting is use of a fabricated story, or pretext, to gain a victim's trust and trick or manipulate them into sharing sensitive information, downloading malware, sending money to criminals, or otherwise harming themselves or the organization they work for.
What is pretexting? How is it used in social engineering?
a technique that allows for a deep dive into a system to seek out valuable data and services in an IP address range
What is scanning?
Train the receptionist to keep her iPad in a locked drawer.
You are a security consultant and have been hired to evaluate an organization's physical security practices. All employees must pass through a locked door to enter the main work area. Access is restricted using a biometric fingerprint lock. A receptionist is located next to the locked door in the reception area. She uses an iPad application to log any security events that may occur. She also uses her iPad to complete work tasks as assigned by the organization's CEO. What could you do to add an additional layer of security to this organization?
Define the effectiveness of the current security policies and procedures.
You are an ethical hacker contracting with a medical clinic to evaluate their environment. Which of the following is the first thing you should do?
Internal assessment
An ethical hacker is running an assessment test on your networks and systems. The assessment test includes the following items: Inspecting physical security Checking open ports on network devices and router configurations Scanning for Trojans, spyware, viruses, and malware Evaluating remote management processes Determining flaws and patches on the internal network systems, devices, and servers Which of the following assessment tests is being performed?
Banner grabbing
Information transmitted by the remote host can be captured to expose the application type, application version, and even operating system type and version. Which of the following is a technique hackers use to obtain information about the services running on a target system?
SNscan
Robby, a security specialist, is taking countermeasures for SNMP. Which of the following utilities would he most likely use to detect SNMP devices on the network that are vulnerable to attacks?
Risk assessment
Rose, an ethical hacker, has created a report that clearly identifies her findings and recommendations for locking down an organization's systems and patching problems. Which of the following phases of the vulnerability management life cycle is she working in?
is extracting a system's valid usernames, machine names, share names, directory names, and other information.
What is enumeration?
Reconnaissance
When a penetration tester starts gathering details about employees, vendors, business processes, and physical security, which phase of testing are they in?
finger
Which of the following enumeration tools provides information about users on a Linux machine?
Wardialing
A technician is using a modem to dial a large block of phone numbers in an attempt to locate other systems connected to a modem. Which type of network scan is being used?
Employee and visitor safety
Implementing emergency lighting that runs on protected power and automatically switches on when the main power goes off is part of which physical control?
Vulnerability assessment
In a world where so much private information is stored and transferred digitally, it is essential to proactively discover weaknesses. An ethical hacker's assessment sheds light on the flaws that can open doors for malicious attackers. Which of the following types of assessments does an ethical hacker complete to expose these weaknesses?
White Hat - A hacker who uses their skills only with permission to test the security of systems. Black Hat - An immoral, unethical hacker who uses their skills for malicious purposes. Gray Hat - Someone who falls somewhere in between a white and black hat hacker. Suicide Hacker - A hacker only concerned with taking down their target for their cause. Cyber Terrorist - A hacker motivated by religious, political, or other beliefs. State-sponsored hacker - A hacker working for the government to gather intel, usually from other governments. Hacktivist - A hacker who wants to protest an event and use their knowledge to spread their views. Script kiddie - An unskilled person who doesn't have the knowledge to make their own tools, and uses tools made by actual hackers.
What are the different categories of hackers?
An internal target is one where there is an insider trying to access a target, this insider may have more information to a certain system than a random hacker. An external target is one where an outsider is trying to get into a system, they have no insider knowledge of.
What is the difference between an internal target and an external target?
The scope of work is a detailed document that talks about what is going to be included in the penetration test. It goes over what you are going to be allowed to try to access, as well as the who, what, where, when, and why's of the penetration test.
What is the scope of work? What does it include?
Brute force
Which enumeration process tries different combinations of usernames and passwords until it finds something that works?
Base, temporal, and environmental
Which of the following are the three metrics used to determine a CVSS score?
Host-based assessment
Which of the following assessment types focus on all types of user risks, including threats from malicious users, ignorant users, vendors, and administrators?
A hacker who uses scripts written by much more talented individuals.
Which of the following best describes a script kiddie?
Proves your work to management and generates verifiable evidence to show that your patching and hardening implementations have been effective.
Which of the following best describes the verification phase of the vulnerability management life cycle?
