CNIT123-QUIZ#01
What organization disseminates research documents on computer and network security worldwide at no cost? a) SANS b) ISECOM c) EC-Council d) ISC2
a) SANS = SANS stands for SysAdmin, Audit, Network and Security. Created in 1989 as a cooperative research and education organization.
What specific term does the U.S. Department of Justice use to label all illegal access to computer or network systems? a) hacking b) packet sniffing c) cracking d) security testing
a) hacking
What acronym represents the U.S. Department of Justice new branch that addresses computer crime? a) CEH b) CHIP c) GIAC d) OPST
b) CHIP = Computer Hacking and Intellectual Property
What term best describes a person who hacks computer systems for political or social reasons? a) sniffer b) cracktivist c) hacktivist d) script kiddy
c) hacktivist
Penetration testing can create ethical, technical, and privacy concerns for a company's management team. What can a security consultant do to ensure the client fully understands the scope of testing that will be performed? a) create a virtual demonstration b) create a lab demonstration c) create a slide presentation d) create a contractual agreement
d) create a contractual agreement
What penetration model should a company use if they only want to allow the penetration tester(s) partial or incomplete information regarding their network system? a) white box b) black box c) red box d) gray box
d) gray box
Many experienced penetration testers will write a set of instructions that runs in sequence to perform tasks on a computer system. What type of resource are these penetration testers utilizing? a) tasks b) kiddies c) packets d) scripts
d) scripts
What professional level security certification did the "International Information Systems Security Certification Consortium" (ISC2) develop? a) (CEH) Certified Ethical Hacker b) Security + c) (CISSP) Certified Information System Security Professional d) (OPST) OSSTM Professional Security Tester
c) (CISSP) Certified Information System Security Professional
What name is given to people who break into computer systems with the sole purpose to steal or destroy data?
c) crackers -- A cracker is someone who breaks into someone else's computer system, often on a network; bypasses passwords or licenses in computer programs, or in other ways intentionally breaches computer security. ... Some breaking-and-entering has been done ostensibly to point out weaknesses in a site's security system.
What derogatory title do experienced hackers, who are skilled computer operators, give to inexperienced hackers? a) repetition monkeys b) packet sniffers c) script kiddies d) crackers
c) script kiddies
What type of laws should a penetration tester or student learning hacking techniques be aware of? a) local b) state c) federal d) all of the above
d) all of the above: local, state, and federal laws
If you work for a company as a security professional, you will most likely be placed on a special team that will conduct penetration tests. What is the standard name for a team made up of security professionals? a) security team b) pen team c) blue team d) red team
d) red team
What type of testing procedure involves the tester(s) analyzing the company's security policy and procedures, and reporting any vulnerabilities to management? a) hacking test b) penetration test c) ethical hacking test d) security test
d) security test
What penetration model would likely provide a network diagram showing all the company's routers, switches, firewalls, and intrusion detection systems, or give the tester a floor plan detailing the location of computer systems and the OSs running on these systems? a) blue box b) white box c) red box d) black box
d) white box
What professional level security certification requires five years of experience and is designed to focus on an applicant's security-related managerial skills? a) (CISSP) Certified Information Systems Security Professional b) (CEH) Certified Ethical Hacker c) (OPST) OSSTMM Professional Security Tester d) (OSCP) Offensive Security Certified Professional
a) (CISSP) Certified Information Systems Security Professional
What policy, provide by a typical ISP, should be read and understood before performing any port scanning outside of your private network? a) ISP Security Policy b) Acceptable Use Policy c) Port Scanning Policy d) Hacking Policy
b) Acceptable Use Policy
What federal law makes it illegal to intercept any type of communication, regardless of how it was transmitted? a) the Computer Fraud Act b) Electronic Communications Privacy Act c) Fraud & Abuse Act d) Interception Abuse Act
b) Electronic Communications Privacy Act (of 1986) -- This Electronic Communication Privacy Act (ECPA) prohibits the interception, disclosure, or use of wire, oral, or electronic communications.
What security certification uses the Open Source Security Testing Methodology Manual (OSSTMM) as its standardized methodology? a) GIAC b) OPST c) CEH d) CISSP
b) OPST = OSSTMM Professional Security Tester
What subject area is not one of the 22 domains tested during the CEH exam? a) Sniffers b) Trojan hacking c) Footprinting d) Social engineering
b) Trojan hacking
What type of assessment performed by a penetration tester attempts to identify all the weaknesses found in an application or on a system? a) health b) vulnerability c) network d) technical
b) vulnerability
What professional security certification requires applicants to demonstrate hands-on abilities to earn their certificate? a) (CISSP) Certified Information Systems Security Professional b) CompTIA Security+ c) (CEH) Certified Ethical Hacker d) (OSCP) Offensive Security Certified Professional
d) (OSCP) Offensive Security Certified Professional
What penetration model should be used when a company's management team does not wish to disclose that penetration testing is being conducted? a) red box b) white box c) silent box d) black box
d) black box
What common term is used by security testing professionals to describe vulnerabilities in a network? a) packets b) bytes c) bots d) holes
d) holes
What security certification did the "The International Council of Electronic Commerce Consultants" (EC-Council) develop? a) (CEH) Certified Ethical Hacker b) Security + c) (CISSP) Certified Information Systems Security Professional d) (OPST) OSSTMM Professional Security Tester
a) (CEH) Certified Ethical Hacker
When a security professional is presented with a contract drawn up by a company's legal department, which allows them to "hack" the company's network, they should proceed by performing what precautionary step? a) consult their lawyer b) sign the contract c) begin testing immediately d) consult the company's lawyer
a) consult their lawyer
