CHAPTER 1 and CHAPTER 2
Ethical hacking
Perpetrating exploits against a system with the intent to find vulnerabilities so that security weaknesses can be addressed and the system can be made more secure.
Which of the following policies would cover what you should do in case of a data breach?
Sensitive data handling policy
Charles found a song he wrote being used without his permission in a video on YouTube. Which law will help him protect his work?
DMCA
Michael is performing a penetration test for a hospital. Which federal regulation does Michael need to ensure he follows?
HIPAA
You are performing a penetration test of a local area network (LAN). Refer to the circled area on the network diagram. network. Which of the following types of penetration tests is being performed?
Internal
Bring your own device (BYOD)
Policies that govern an organization's rules and regulations regarding support of employee-owned smart phones, tablets, and similar devices.
Which type of threat actor only uses skills and knowledge for defensive purposes?
White hat
Which of the following is a consideration when scheduling a penetration test?
Who is aware of the test?
Which of the following best describes a non-disclosure agreement?
A common legal contract outlining confidential material that will be shared during the assessment.
Which of the following best describes a master service agreement?
A contract where parties agree to the terms that will govern future actions.
Master service agreement (MSA)
A contract where parties agree to the terms that will govern future actions. This makes future services and contracts easier to handle and define.
Blue team
A defensive security team that attempts to close vulnerabilities and stop the red team.
Rules of engagement (RoE)
A document that defines exactly how the work will be carried out.
Permission to test
A document that explains what the penetration tester is doing and that their work is authorized. This document is sometimes referred to as the Get Out Of Jail Free Card.
Cyber terrorist
A hacker motivated by religious or political beliefs who wants to create severe disruption or widespread fear.
Suicide hacker
A hacker who is concerned only with taking down the target for a cause.
State-sponsored hacker
A hacker who works for a government and attempts to gain top-secret information by hacking other governments.
Hacktivist
A hacker whose main purpose is to protest an event or situation and draw attention to their own views and opinions.
Rules of engagement
A rules of engagement (ROE) defines how the penetration test will be carried out.
Scope of work
A scope of work (SOW) defines exactly what a project will entail. It is also known as a statement of work.
ISO/IEC 27001
A set of processes and requirements for an organization's information security management systems.
Health Insurance Portability and Accountability Act (HIPAA)
A set of standards that ensures a person's health information is kept safe and shared only with the patient and medical professionals who need it.
Gray hat
A skilled hacker who falls in the middle of the white hat and black hat hackers. The gray hat may cross the line of what is ethical, but usually has good intentions and isn't malicious like a black hat hacker.
White hat
A skilled hacker who uses skills and knowledge for defensive purposes only. The white hat hacker interacts only with systems for which express access permission has been given.
Black hat
A skilled hacker who uses skills and knowledge for illegal or malicious purposes.
Advanced persistent threat (APT)
A stealthy computer network attack in which a person or group gains unauthorized access to a network and remains undetected for an extended period.
Scope of work (SoW)
A very detailed document that defines exactly what is going to be included in the penetration test. This document is also referred to as the statement of work.
The following formula defines which method of dealing with risk? Cost of Risk > Damage = Risk _________
Acceptance
Script kiddie
An extremely unskilled person who uses tools and scripts developed by real hackers.
Red team
An offensive security team that attempts to discover vulnerabilities in a network or computer system.
During a risk assessment, the organization determines that the risk of collecting personal data from its customers is not acceptable and stops. What method of dealing with risk is the organization using?
Avoidance
Yesenia was recently terminated from her position, where she was using her personal cell phone for business purposes. Upon termination, her phone was remotely wiped. Which of the following corporate policies allows this action?
BYOD policy
You are executing an attack in order to simulate an outside attack. Which type of penetration test are you performing?
Black box
Heather is in the middle of performing a penetration test when her client asks her to also check the security of an additional server. Which of the following documents does she need to submit before performing the additional task?
Change order
Which type of penetration test is required to ensure an organization is following federal laws and regulations?
Compliance-based
What are the rules and regulations defined and put in place by an organization called?
Corporate policies
Which of the following best describes what FISMA does?
Defines how federal government data, operations, and assets are handled.
Penetration testing is the practice of finding vulnerabilities and risks with the purpose of securing a computer or network. Penetration testing falls under which all-encompassing term?
Ethical hacking
Miguel is performing a penetration test on a web server. Miguel was given only the server's IP address and name. Which of the following best describes the type of penetration test Miguel is performing?
External
Sarbanes Oxley Act (SOX)
Federal regulation enacted in 2002 with the goal of implementing accounting and disclosure requirements that would increase transparency in corporate governance and financial reporting and formalize a system of internal checks and balances.
Which of the following best describes a goal-based penetration test?
Focuses on the end results. The hacker determines the methods.
Which of the following best describes what SOX does?
Implements accounting and disclosure requirements that increase transparency. The Sarbanes Oxley Act (SOX) was enacted in 2002 with the goal of implementing accounting and disclosure requirements that would increase transparency in corporate governance and financial reporting and formalize a system of internal checks and balances.
Performing reconnaissance
In this phase, the hacker begins gathering information about the target. This can include gathering publicly available information, using social engineering techniques, or even dumpster diving.
Establishing access
In this phase, the hacker uses all the information gathered through reconnaissance and scanning to exploit any vulnerabilities found and gain access.
Which of the following is considered a mission-critical application?
Medical database
Miguel is performing a penetration test on his client's web-based application. Which penetration test frameworks should Miguel utilize?
OWASP The Open Web Application Security Project (OWASP) describes techniques for testing the most common web application and web service security issues.
Which of the following defines the security standards for any organization that handles cardholder information for any type of payment card?
PCI DSS The Payment Card Industry Data Security Standards (PCI DSS)
Which of the following is a common corporate policy that would be reviewed during a penetration test?
Password policy
Randy was just hired as a penetration tester for the red team. Which of the following best describes the red team?
Performs offensive security tasks to test the network's security.
During a penetration test, Dylan is caught testing the physical security. Which document should Dylan have on his person to avoid being arrested?
Permission to test
During a penetration test, Heidi runs into an ethical situation she's never faced before and is unsure how to proceed. Which of the following should she do?
Reach out to an attorney for legal advice.
The penetration testing life cycle is a common methodology used when performing a penetration test. This methodology is almost identical to the ethical hacking methodology. Which of the following is the key difference between these methodologies?
Reporting
Scanning and enumeration
Scanning is a natural extension of reconnaissance. The hacker uses various tools to gather in-depth information about the network, computer systems, live systems, open ports, and other features. Extracting information such as usernames, computer names, network resources, shares, and services is known as enumeration. Enumeration is a part of the scanning step.
Which of the following is a deviation from standard operating security protocols?
Security exception
Payment Card Industry Data Security Standards (PCI-DSS)
Security standards for any organization that handles cardholder information for debit cards, credit cards, prepaid cards, and other types of payment cards.
A goal-based penetration test needs to have specific goals. Using SMART goals is extremely useful for this. What does SMART stand for?
Specific/Measurable/Attainable/Relevant/Timely SMART goals are very useful when establishing and defining the goals of a penetration test. SMART goals help create goals that are specific, measurable, attainable, relevant, and timely (or time-bound).
Which of the following best describes social engineering?
The art of deceiving and manipulating others into doing what you want.
Black box
The ethical hacker has no information regarding the target or network. This type of test best simulates an outside attack and ignores the insider threats.
Which of the following best describes a gray box penetration test?
The ethical hacker has partial information about the target or network.
White box
The ethical hacker is given full knowledge of the target or network. This test allows for a comprehensive and thorough test, but is not very realistic.
Gray box
The ethical hacker is given partial information of the target or network, such as IP configurations or emails lists. This test simulates an insider threat.
Clearing tracks
The final step in the hacking process is clearing tracks. The hacker overwrites log files to hide the fact they were ever there.
Penetration testing
The practice of finding vulnerabilities and risks with the purpose of securing the computer or network system.
Threat modeling
The process of analyzing the security of the organization and determine security holes.
Which of the following is a limitation of relying on regulations?
They rely heavily on password policies.
Which statement best describes a suicide hacker?
This hacker is only concerned with taking down their target for a cause. They have no concerns about being caught.
The process of analyzing an organization's security and determining its security holes is known as:
Threat modeling
After performing a risk assessment, an organization must decide what areas of operation can be included in a penetration test and what areas cannot be included. Which of the following describes the process?
Tolerance
Non-disclosure agreement (NDA)
A common legal contract that outlines confidential material or information that will be shared during a security assessment and what restrictions are placed on information.
Which of the following best describes a supply chain?
A company provides materials to another company to manufacture a product.
Digital Millennium Copyright Act (DMCA)
A federal regulation enacted in 1998 that is designed to protect copyrighted works.
Federal Information Security Management Act (FISMA)
A federal regulation that defines how federal government data, operations, and assets are handled.
Heather is working for a cybersecurity firm based in Florida. She will be conducting a remote penetration test for her client, who is based in Utah. Which state's laws and regulations will she need to adhere to?
A lawyer should be consulted on which laws to adhere to and both parties agree.
Heather has been hired to work in a firm's cybersecurity division. Her role will include performing both offensive and defensive tasks. Which of the following roles applies to Heather?
A member of the purple team.
Purple team
A mixture of both red and blue teams.
The Stuxnet worm was discovered in 2010 and was used to gain sensitive information on Iran's industrial infrastructure. This worm was probably active for about five years before being discovered. During this time, the attacker had access to the target. Which type of attack was Stuxnet?
APT An APT (advanced persistent threat) is a stealthy attack that gains access to a network or computer system and remains hidden for an extended period of time.
Hannah is working on the scope of work with her client. During the planning, she discovers that some of the servers are cloud-based servers. Which of the following should she do?
Add the cloud host to the scope of work.
Which of the following best describes the Wassenaar Arrangement?
An agreement between 41 countries to enforce similar export controls for weapons, including intrusion software.
Wassenaar Arrangement
An agreement between 41 countries to hold similar export controls on weapons, including banning some and requiring licensing for others, like intrusion software.
ABC company is in the process of merging with XYZ company. As part of the merger, a penetration test has been recommended. Testing the network systems, physical security, and data security have all been included in the scope of work. What else should be included in the scope of work?
Company culture
Which of the following best describes the rules of engagement document?
Defines if the test will be a white box, gray box, or black box test and how to handle sensitive data.
United States Code Title 18, Chapter 47, Section 1029 deals with which of the following?
Fraud and related activity involving access devices.
Which of the following is the third step in the ethical hacking methodology?
Gain access
Miguel has been practicing his hacking skills. He has discovered a vulnerability on a system that he did not have permission to attack. Once Miguel discovered the vulnerability, he anonymously alerted the owner and instructed him how to secure the system. What type of hacker is Miguel in this scenario?
Gray hat
Which of the following elements is generally considered the weakest link in an organization's security?
Human
During an authorized penetration test, Michael discovered his client's financial records. Which of the following should he do?
Ignore the records and move on.
During a penetration test, Mitch discovers child pornography on a client's computer. Which of the following actions should he take?
Immediately stop the test and report the finding to the authorities.
Maintaining access
Once the hacker has gained access, he can use backdoors, rootkits, or Trojans to establish permanent access to the system.
What does an organization do to identify areas of vulnerability within their network and security systems?
Risk assessment
Heather is performing a penetration test. She has gathered a lot of valuable information about her target already. Heather has used some hacking tools to determine that, on her target network, a computer named Production Workstation has port 445 open. Which step in the ethical hacking methodology is Heather performing?
Scanning and enumeration
A client asking for small deviations from the scope of work is called:
Scope creep
Which of the following documents details exactly what can be tested during a penetration test?
Scope of Work
Which document explains the details of an objective-based test?
Scope of work
