Ethical Hacking Unit 2 Quiz Review
Yesenia was recently terminated from her position, where she was using her personal cell phone for business purposes. Upon termination, her phone was remotely wiped. Which of the following corporate policies allows this action?
BYOD policy
The penetration testing life cycle is a common methodology used when performing a penetration test. This methodology is almost identical to the ethical hacking methodology.
Reporting
What does an organization do to identify areas of vulnerability within their network and security systems?
Risk assessment
Which statement best describes a suicide hacker?
This hacker is only concerned with taking down their target for a cause. They have no concerns about being caught.
Which of the following is a limitation of relying on regulations?
Which of the following is a limitation of relying on regulations?
Which type of threat actor only uses skills and knowledge for defensive purposes?
White hat
Miguel is performing a penetration test. His client needs to add Miguel's computer to the list of devices allowed to connect to the network. What type of security exception is this?
Whitelisting
Which of the following best describes a non-disclosure agreement?
A common legal contract outlining confidential material that will be shared during the assessment.
Which of the following best describes a supply chain?
A company provides materials to another company to manufacture a product.
The following formula defines which method of dealing with risk? Cost of Risk > Damage = Risk
Acceptance
Hannah is working on the scope of work with her client. During the planning, she discovers that some of the servers are cloud-based servers. Which of the following should she do?
Add the cloud host to the scope of work.
Which of the following best describes the Wassenaar Arrangement?
An agreement between 41 countries to enforce similar export controls for weapons, including intrusion software.
You are executing an attack in order to simulate an outside attack. Which type of penetration test are you performing?
Black box
Heather is working for a cybersecurity firm based in Florida. She will be conducting a remote penetration test for her client, who is based in Utah. Which state's laws and regulations will she need to adhere to?
Both companies need to agree on which laws to adhere to.
Heather is in the middle of performing a penetration test when her client asks her to also check the security of an additional server. Which of the following documents does she need to submit before performing the additional task?
Change order
Heather has been hired to work in a firm's cybersecurity division. Her role will include performing both offensive and defensive tasks. Which of the following roles applies to Heather?
Company culture
Which type of penetration test is required to ensure an organization is following federal laws and regulations?
Compliance-based
Charles found a song he wrote being used without his permission in a video on YouTube. Which law will help him protect his work?
DMCA
Which of the following best describes what FISMA does?
Defines how federal government data, operations, and assets are handled.
Penetration testing is the practice of finding vulnerabilities and risks with the purpose of securing a computer or network. Penetration testing falls under which all-encompassing term
Ethical hacking
Miguel is performing a penetration test on a web server. Miguel was given only the server's IP address and name. Which of the following best describes the type of penetration test Miguel is performing?
External
Which of the following best describes a goal-based penetration test?
Focuses on the end results. The hacker determines the methods.
Miguel has been practicing his hacking skills. He has discovered a vulnerability on a system that he did not have permission to attack. Once Miguel discovered the vulnerability, he anonymously alerted the owner and instructed him how to secure the system. What type of hacker is Miguel in this scenario?
Gray hat
Michael is performing a penetration test for a hospital. Which federal regulation does Michael need to ensure he follows?
HIPAA
During an authorized penetration test, Michael discovered his client's financial records. Which of the following should he do?
Ignore the records and move on.
Which of the following best describes what SOX does?
Implements accounting and disclosure requirements that increase transparency.
Miguel is performing a penetration test on his client's web-based application. Which penetration test frameworks should Miguel utilize
OWASP
Best describes the red team
Performs offensive security tasks to test the network's security.
A client asking for small deviations from the scope of work is called:
Scope creep
Which document explains the details of an objective-based test?
Scope of workScope of workScope of workScope of workScope of workScope of workScope of work
Which of the following is a deviation from standard operating security protocols?
Security exception
A goal-based penetration test needs to have specific goals. Using SMART goals is extremely useful for this. What does SMART stand for?
Specific/Measurable/Attainable/Relevant/Timely
Which of the following best describes social engineering?
The art of deceiving and manipulating others into doing what you want.
Best describes a gray box penetration test.
The ethical hacker has partial information about the target or network.
The process of analyzing an organization's security and determining its security holes is known as:
Threat modeling
After performing a risk assessment, an organization must decide what areas of operation can be included in a penetration test and what areas cannot be included. Which of the following describes the process?
Tolerance
You are performing a penetration test of a local area network (LAN). Refer to the circled area on the network diagram. network. Which of the following types of penetration tests is being performed?
Internal