Ethical Hacking Test 1
What layer protocols operate as the front end to the lower-layer protocols in the TCP/IP stack?
application
What layer, in the TCP/IP stack, do applications and protocols, such as HTTP and Telnet, operate?
application
What penetration model should be used when a company's management team does not wish to disclose that penetration testing is being conducted?
black box
What specific term does the U.S. Department of Justice use to label all illegal access to computer or network systems?
hacking
What common term is used by security testing professionals to describe vulnerabilities in a network?
holes
What is the logical component of a TCP connection that can be assigned to a process that requires network connectivity?
port
What type of testing procedure involves the tester(s) analyzing the company's security policy and procedures, and reporting any vulnerabilities to management?
security test
In the TCP/IP stack, what layer is concerned with controlling the flow of data, sequencing packets for reassembly, and encapsulating the segment with a TCP or UDP header?
transport
What type of assessment performed by a penetration tester attempts to identify all the weaknesses found in an application or on a system?
vulnerability
What penetration model would likely provide a network diagram showing all the company's routers, switches, firewalls, and intrusion detection systems, or give the tester a floor plan detailing the location of computer systems and the OSs running on these systems?
white box
What is the decimal equivalent of the binary number 11000001?
193
How many host computers can be assigned a valid IPv4 address when using a CIDR /24 prefix?
2.54
What port does the Simple Mail Transfer Protocol, or SMTP service use?
25
What port does the Hypertext Transfer Protocol, or HTTP service use?
80
T or F. An octal digit can be represented with only three bits because the largest digit in octal is seven.
True
T or F. Penetration testers and security testers need technical skills to perform their duties effectively.
True
When a security professional is presented with a contract drawn up by a company's legal department, which allows them to "hack" the company's network, they should proceed by performing what precautionary step?
Consult their lawyer
What security certification uses the Open Source Security Testing Methodology Manual (OSSTMM) as its standardized methodology?
OPST
What professional security certification requires applicants to demonstrate hands-on abilities to earn their certificate?
Offensive Security Certified Professional
What IP address is used as a loopback address and is not a valid IP address that can be assigned to a network?
127 address
What TCP/IP protocol is used to send messages related to network operations and can be used to troubleshoot network connectivity?
ICMP
What type of network attack relies on guessing a TCP header's initial sequence number, or ISN?
Session hijacking
What does the acronym TCP represent?
Transmission Control Protocol
What TCP/IP protocol is fast, unreliable, and operates at the Transport layer?
UDP
What port does the Trivial File Transfer Protocol, or TFTP service use?
69
What TCP flag is responsible for synchronizing the beginning of a session?
SYN flag
What derogatory title do experienced hackers, who are skilled computer operators, give to inexperienced hackers?
Script kiddies
What connection-oriented protocol is utilized by the Transport layer?
TCP
What protocol is the most widely used and allows all computers on a network to communicate and function correctly?
TCP/IP
T or F. Even though the Certified Information Systems Security Professional (CISSP) certification is not geared toward the technical IT professional, it has become one of the standards for many security professionals.
True
T or F. No matter what medium connects computers on network-copper wires, fiber-optic cables, or a wireless setup; the same protocol must be running on all computers if communication is going to function correctly.
True
In the TCP/IP stack, what layer is concerned with physically moving bits across the network's medium?
network
If you work for a company as a security professional, you will most likely be placed on a special team that will conduct penetration tests. What is the standard name for a team made up of security professionals?
red team
What type of laws should a penetration tester or student learning hacking techniques be aware of?
all of the above
What acronym represents the U.S. Department of Justice new branch that addresses computer crime?
chip
What name is given to people who break into computer systems with the sole purpose to steal or destroy data?
crackers
What layer, in the TCP/IP stack, is responsible for routing a packet to a destination address?
internet
What port is typically reserved and utilized by the Secure Hypertext Transfer Protocol to create a secure connection to a Web server?
443
What port does the Domain Name System, or DNS service use?
53
What penetration model should a company use if they only want to allow the penetration tester(s) partial or incomplete information regarding their network system?
Gray box
What term best describes a person who hacks computer systems for political or social reasons?
Hacktivist
What 32-bit number tracks packets received by a node and allows the reassembling of large packets that have been broken up into smaller packets?
ISN
What TCP flag is responsible for delivering data directly and immediately to an application?
PSH flag
What organization disseminates research documents on computer and network security worldwide at no cost?
SANS
T or F. An ethical hacker is a person who performs most of the same activities a hacker does, but with the owner or company's permission.
True
Penetration testing can create ethical, technical, and privacy concerns for a company's management team. What can a security consultant do to ensure the client fully understands the scope of testing that will be performed?
create a contractual agreement
Many experienced penetration testers will write a set of instructions that runs in sequence to perform tasks on a computer system. What type of resource are these penetration testers utilizing?
scripts
What layer, in the TCP/IP protocol stack, is responsible for encapsulating data into segments?
Transport Layer
What subject area is not one of the 22 domains tested during the CEH exam?
Trojan hijacking
What policy, provide by a typical ISP, should be read and understood before performing any port scanning outside of your private network?
Acceptable Use Policy
What security certification did the "The International Council of Electronic Commerce Consultants" (EC-Council) develop?
Certified Ethical Hacker (CEH)
What professional level security certification did the "International Information Systems Security Certification Consortium" (ISC2) develop?
Certified Information Systems Security Professional
What professional level security certification requires five years of experience and is designed to focus on an applicant's security-related managerial skills?
Certified Information Systems Security Professional (CISSP)
What IPv4 address class has the IP address 221.1.2.3?
Class C
What federal law makes it illegal to intercept any type of communication, regardless of how it was transmitted?
Electronic Communication Privacy Act
T or F. A hex number is written with two characters, each representing a byte.
False
T or F. As a security tester, you can make a network impenetrable.
False
T or F. In the TCP/IP stack, the Transport layer includes network services and client software.
False
T or F. Port scanning is a noninvasive, nondestructive, and legal testing procedure that is protected by federal law.
False
T or F. To retrieve e-mail from a mail server, you most likely access port 119.
False
