Domain 7: Ethics
You get a call from one of your best customers. The customer is asking about your company's employees, teams, and managers. What should you do?
You should not provide any information and forward the call to the help desk.
Which of the following best describes an inside attacker?
An unintentional threat actor; the most common threat.
Compliments, misinformation, feigning ignorance, and being a good listener are tactics of which social engineering technique?
Elicitation
Which of the following is a consideration when scheduling a penetration test?
Who is aware of the test?
Ron, a hacker, wants to get access to a prestigious law firm he has been watching for a while. June, an administrative assistant at the law firm, is having lunch at the food court around the corner from her office. Ron notices that June has a picture of a dog on her phone. He casually walks by and starts a conversation about dogs. Which phase of the social engineering process is Ron in?
Development phase
Penetration testing is the practice of finding vulnerabilities and risks with the purpose of securing a computer or network. Penetration testing falls under which all-encompassing term?
Ethical hacking
Miguel has been practicing his hacking skills. He has discovered a vulnerability on a system that he did not have permission to attack. Once Miguel discovered the vulnerability, he anonymously alerted the owner and instructed him how to secure the system. What type of hacker is Miguel in this scenario?
Gray hat
Which of the following elements is generally considered the weakest link in an organization's security?
Human
During a penetration test, Tyler discovers one of the client's employees has unauthorized software installed on their computer. Which of the following actions should he take?
Immediately inform the client and let them handle it.
During a penetration test, Mitch discovers child pornography on a client's computer. Which of the following actions should he take?
Immediately stop the test and report the finding to the authorities.
During an authorized penetration test, Michael discovers a vulnerability that could affect his client's partner's network. Which of the following actions should he take?
Inform the client and leave it to them to inform the partner.
Social engineers are master manipulators. Which of the following are tactics they might use?
Moral obligation, ignorance, and threatening
During a penetration test, Heidi runs into an ethical situation she's never faced before and is unsure how to proceed. Which of the following should she do?
Reach out to an attorney for legal advice.
Brandon is helping Fred with his computer. He needs Fred to enter his username and password into the system. Fred enters the username and password while Brandon is watching him. Brandon explains to Fred that it is not a good idea to allow anyone to watch you type in usernames or passwords. Which type of social engineering attack is Fred referring to?
Shoulder surfing
Any attack involving human interaction of some kind is referred to as:
Social engineering
Which of the following best describes social engineering?
The art of deceiving and manipulating others into doing what you want.
Which of the following best describes a gray box penetration test?
The ethical hacker has partial information about the target or network.
Which statement best describes a suicide hacker?
This hacker is only concerned with taking down their target for a cause. They have no concerns about being caught.
An attack that targets senior executives and high-profile victims is referred to as:
Whaling
Which of the following precautions does a penetration tester need to take when working with medical records?
Do not open or view any records at all.