Chapter 1 : Introduction
Companies may require a penetration test for which of the following reasons?
Network performance is not the goal of security audits or penetration tests.
What separates a suicide hacker from other attackers?
A suicide hacker's main difference from other hackers is their complete and utter lack of concern in regard to being caught.
Which of the following best describes a vulnerability?
A vulnerability is a weakness. Worms, viruses, and rootkits are forms of malware.
If you have been contracted to perform an attack against a target system, you are what type of hacker?
A white-hat hacker always has permission to perform pen testing against a target system.
How is black-box testing performed?
A. Black-box testing is performed with no knowledge to simulate an actual view of what a hacker would have.
A contract is important because it does what?
C. A contract gives proof that permission and parameters were established.
What is a code of ethics?
Code of ethics is a description of expected behavior. While not adhering to ethics typically does not result in legal action, it can result in expulsion from certain organizations such as EC-Council certification.
Which of the following describes a hacker who attacks without regard for being caught or punished?
Much like suicide bombers in the real world, suicide hackers do not worry about getting caught; they are only concerned with their mission.
A white-box test means the tester has which of the following?
White-box testers have complete knowledge of the environment they have been tasked with attacking.
What should a pentester do prior to initiating a new penetration test?
Permission is absolutely essential to be obtained prior to performing any sort of test against a system you don't own. Permission should also be in writing and never verbal.
Which of the following best describes what a hacktivist does?
A hacktivist engages in mischief for political reasons.
Which of the following describes an attacker who goes after a target to draw attention to a cause?
A hacktivist is an individual or group that performs hacking and other disruptive activities with the intention of drawing attention to a particular cause or message.
Which of the following best describes what a suicide hacker does?
A suicide hacker does not worry about stealth or otherwise conceal their activities but is more concerned with forwarding an agenda.
Which of the following does an ethical hacker require to start evaluating a system?
An ethical hacker never performs their services against a target without explicit permission of the owner of that system.
The group Anonymous is an example of what?
Anonymous is an example of hacktivists.
Which type of hacker may use their skills for both benign and malicious goals at different times?
Gray-hat hackers are typically thought of as those that were formally black hats but have reformed. However, they have been known to use their skills for both benign and malicious purposes.
What level of knowledge about hacking does a script kiddie have?
Script kiddies have low or no knowledge of the hacking process but should still be treated as dangerous.
What does TOE stand for?
TOE stands for target of evaluation and represents the target being tested.
Vulnerability research deals with which of the following?
Vulnerability research is a way of passively uncovering weaknesses.
Which of the following would most likely engage in the pursuit of vulnerability research?
White hats are the most likely to engage in research activities, and although gray and black hats may engage in these activities, they are not typical.