Ethical Hacking CH1

Companies may require a penetration test for which of the following reasons? A. Legal reasons B. Regulatory reasons C. To perform an IT audit D. To monitor network performance

A. Legal reasons B. Regulatory reasons C. To perform an IT audit

What level of knowledge about hacking does a script kiddie have? A. Low B. Average C. High D. Advanced

A. Low

What is the most important aspect when conducting a penetration test? A. Receiving a formal written agreement B. Documenting all actions and activities C. Remediating serious threats immediately D. Maintaining proper handoff with the information assurance team

A. Receiving a formal written agreement

What does TOE stand for? A. Target of evaluation B. Time of evaluation C. Type of evaluation D. Term of evaluation

A. Target of evaluation

Which of the following would most likely engage in the pursuit of vulnerability research? A. White hat B. Gray hat C. Black hat D. Suicide hacker

A. White hat

How is black‐box testing performed? A. With no knowledge B. With full knowledge C. With partial knowledge D. By a black hat

A. With no knowledge

What is a code of ethics? A. A law for expected behavior B. A description of expected behavior C. A corporate policy D. A standard for civil conduct

B. A description of expected behavior

What organization offers the CEH certification exam? A. ISC2 B. EC-Council C. SANS Institute D. GIAC

B. EC-Council

Which type of hacker may use their skills for both benign and malicious goals at different times? A. White hat B. Gray hat C. Black hat D. Suicide hacker

B. Gray hat

Which of the following best describes what a suicide hacker does? A. Hacks with permission B. Hacks without stealth C. Hacks without permission D. Hacks with stealth

B. Hacks without stealth

Which of the following organizations provides government-backed standards? A. EC-Council B. NIST (National Institute of Standards and Technology) C. CAIN D. NITS

B. NIST (National Institute of Standards and Technology)

Vulnerability research deals with which of the following? A. Actively uncovering vulnerabilities B. Passively uncovering weakness / vulnerabilities C. Testing theories D. Applying security guidance

B. Passively uncovering weakness / vulnerabilities

Which of the following does an ethical hacker require to start evaluating a system? A. Training B. Permission C. Planning D. Nothing

B. Permission

A team that conducts penetration testing can be referred to as what? A. Blue team B. Red team C. Black team D. White team

B. Red team

A penetration tester is which of the following? A. A person who breaks into a computer or network without permission from the owner B. A person who uses telephone services without payment C. A security professional who's hired to break into a network to discover vulnerabilities D. A hacker who breaks into a system without permission but doesn't delete or destroy files

C. A security professional who's hired to break into a network to discover vulnerabilities

A white‐box test method means the tester has which of the following? A. No Information B. Some Information of system/ network C. Complete Information of system / network D. Permission

C. Complete Information of system / network

What should a pen-tester do prior to initiating a new penetration test? A. Plan B. Study the environment C. Get permission D. Study the code of ethics

C. Get permission

A contract is important because it does what? A. Gives permission B. Gives test parameters C. Gives proof D. Gives a mission

C. Gives proof

As a penetration tester, Delaney and some of individuals from the company will know of the targeted network that will be tested. Delaney also have some detail on target network and systems, as well. What type of assessment methodology she is performing? A. Black box testing B. White box testing C. Gray box testing D. Blue box testing

C. Gray box testing

Which of the following best describes what a hacktivist does? A. Defaces websites B. Performs social engineering C. Hacks for political / ideological reasons D. Hacks with basic skills

C. Hacks for political / ideological reasons

Which of the following describes an attacker who goes after a target to draw attention to a cause? A. Terrorist B. Criminal C. Hacktivist D. Script kiddie

C. Hacktivist

he group anonymous is an example of what? A. Terrorists B. Script kiddies C. Hacktivists D. Grayware

C. Hacktivists

Which of the following best describes a vulnerability? A. worm B. virus C. weakness (in a system) D. rootkit

C. weakness (in a system)

What separates a suicide hacker from other attackers? A. A disregard for the law B. A desire to be helpful C. The intent to reform D. A lack of fear of being caught

D. A lack of fear of being caught

Which term best describes the several hacking attacks in sequence.? A. Risk B. Threat C. Exploit D. Daisy chaining

D. Daisy chaining

How can you find out which computer crime laws are applicable in your state? A. Contact your local law enforcement agencies. B. Contact your ISP provider. C. Contact your local computer store vendor. D. Call 911.

A. Contact your local law enforcement agencies.

1. If you have been contracted to perform an attack against a target system, you are what type of hacker? A. White hat B. Gray hat C. Black hat D. Red hat

A. White Hat

Which of the following describes a hacker who attacks without regard for being caught or punished? A. Hacktivist B. Terrorist C. Criminal D. Suicide hacker

D. Suicide hacker

A written contract isn't necessary when a friend recommends a client. True or False?

False