Ethical Hacking Chapter 1 Questions
19. a written contract isn't necessary when a friend recommends a client? True or False
False
If you run a program in New York City that uses network resources to the extent that a user is denied access to them, what type of law have you violated?d.
Federal
What portion of your ISP contract might affect your ability to conduct a penetration test over the Internet?c.
Acceptable use policy
OSSTMM Professional Security Tester (OPST)
An ISECOM-designated certification for penetration and security testers. See also Institute for Security and Open Methodologies (ISECOM).
Global Information Assurance Certification (GIAC)
An organization founded by the SANS Institute in 1999 to validate the skills of security professionals. GIAC certifications encompass many areas of expertise in the security field.
CAN-SPAM Act
Anti spam
SysAdmin Audit Network Security (SANS) Institute
Founded in 1989 this organization conducts training worldwide and offers multiple certifications through GIAC in many aspects of computer security and forensics.
crackers
Hackers who break into systems with the intent of doing harm or destroying data.
penetration test
In this test a security professional performs an attack on a network with permission from the owner to discover vulnerabilities; penetration testers are also called ethical hackers.
security test
In this test, security professionals do more than attempt to break into a
Certified Information Systems Security Professional (CISSP)
Non-vendor-specific, certification issued by the International Information Systems Security Certification Consortium Inc. (ISC2)
A team composed of people with varied skills who attempt to penetrate a network is referred to as which of the following?d.. .
Red team
script kiddies
Similar to packet monkeys, a term for unskilled hackers or crackers who use scripts or programs written by others to penetrate networks.
Electronic Communication Privacy Act
These laws make it illegal to intercept any communication, regardless of how it was transmitted.
Computer Fraud Abuse Act
This law makes it a federal crime to access classified information or financial information without authorization.
Open Source Security Testing Methodology Manual (OSSTMM)
This security manual developed by Peter Herzog has become one of the most widely used security-testing methodologies to date.
ethical hackers
Users who attempt to break into a computer system or network with the owner's permission.
What organization designates a person as a CISSP?
a. International Information Systems Security Certification Consortium (ISC 2)
Which organization issues the top 20 list of current network vulnerabilities?
a. SANS Institute
Before using hacking software over the Internet, you should contact which of the following? (Choose all that apply)
a. Your ISP
What organization offers the Certified Ethical Hacker (CEH) certification exam?
b. EC-Council
Which federal law prohibits intercepting any communication, regardless of how it was transmitted?
b. Electronic Communication Privacy Act
A penetration tester is which of the following?
c. A security professional who hired to hack into a network to discover vulnerabilities
Some experienced hackers refer to inexperienced hackers who copy or use prewritten scripts or programs as which of the following? (Choose all that apply.)
c. Packet monkeys d. Script kiddies
To determine whether scanning is illegal in your area, you should do which of the following?
c. Refer to state laws.
Which federal law amended Chapter 119 of Title 18, U.S. Code?
d. U.S. Patriot Act, Sec. 217: Interception of Computer Trespasser Communications
The international council of electronic commerce consultants
is a member-supported profIts best-known certification is the Certified Ethical Hacker.
network; they also analyze security policies and procedures
report vulnerabilities to management and recommend solutions
other words
the company might give a tester some information about which OSs are running but not provide any network topology information (diagrams of routers, switched, switches, intrusion detection systems firewalls, and so forth).
What three models do penetration or security testers use to conduct tests?
white box, black box, gray box .
Penetration-Testing Methodologies
1. Black Box 2. White Box 3. Gray Box
Certified Ethical Hacker (CEH)
A certification designated by the EC-Council.
Packet monkeys
A derogatory term for unskilled crackers or hackers who steal program code and use it to hack into network systems instead of creating the programs themselves.
red team
A group of penetration testers who work together to break into a network.
gray box model
A hybrid of the black box and white box models for penetration testing. In
white box model
A model for penetration testing in which testers can speak with company staff and are given a full description of the network topology and technology.
Institute for Security and Open Methodologies (ISECOM)
A nonprofit organization that provides training and certification programs for security professionals.
The U.S. Department of Justice defines a hacker as which of the following?a.
A person who accesses a computer or network without the owner's permission
hacker
A user who attempts to break into a computer system or network without authorization fromt he owner
As a security tester, what should you do before installing hacking software on your computer?.
a. Check with local law enforcement agencies.
Which federal law prohibits unauthorized access of classified information? .
a. Computer Fraud and Abuse Act, Title 1810.
How can you find out which computer crime laws are applicable in your state?
a. Contact your local law enforcement agencies.
20. a security tester should posses which of the following attributes?
a. Good listening skills b. Knowledge of networking and computer technology c. Good verbal and written communication skills d. An interest in securing networks and computer systems
