Chapter 1: Introduction to Ethical Hacking
Which of the following best describes a vulnerability? - A worm - A virus - A weakness - A rootkit
A weakness: A vulnerability is a weakness. Worms, viruses, and rootkits are forms of malware.
A white-box test means the tester has which of the following? - No knowledge - Some knowledge - Complete knowledge - Permission
Complete knowledge: White-box testers have complete knowledge of the environment they have been tasked with attacking.
What should a pentester do prior to initiating a new penetration test? - Plan - Study the environment - Get permission - Study the code of ethics
Get permission: Permission is absolutely essential to be obtained prior to performing any sort of test against a system you don't own. Permission should also be in writing and never verbal.
A contract is important because it does what? - Gives permission - Gives test parameters - Gives proof - Gives a mission
Gives proof: A contract gives proof that permission and parameters were established.
Which of the following describes an attacker who goes after a target to draw attention to a cause? - Terrorist - Criminal - Hacktivist - Script kiddie
Hacktivist: A hacktivist is an individual or group that performs hacking and other disruptive activities with the intention of drawing attention to a particular cause or message.
The group Anonymous is an example of what? - Terrorists - Script kiddies - Hacktivists - Grayware
Hacktivists: Anonymous is an example of hacktivists.
What level of knowledge about hacking does a script kiddie have? - Low - Average - High - Advanced
Low: Script kiddies have low or no knowledge of the hacking process but should still be treated as dangerous.
Which of the following does an ethical hacker require to start evaluating a system? - Training - Permission - Planning - Nothing
Permission: An ethical hacker never performs their services against a target without explicit permission of the owner of that system.
Which of the following would most likely engage in the pursuit of vulnerability research? - White hat - Gray hat - Black hat - Suicide hacker
White hat: White hats are the most likely to engage in research activities, and although gray and black hats may engage in these activities, they are not typical.
How is black-box testing performed? - With no knowledge - With full knowledge - With partial knowledge - By a black hat
With no knowledge: Black-box testing is performed with no knowledge to simulate an actual view of what a hacker would have.
What is a code of ethics? - A law for expected behavior - A description of expected behavior - A corporate policy - A standard for civil conduct
A description of expected behavior: Code of ethics is a description of expected behavior. While not adhering to ethics typically does not result in legal action, it can result in expulsion from certain organizations such as EC-Council certification.
What separates a suicide hacker from other attackers? - A disregard for the law - A desire to be helpful - The intent to reform - A lack of fear of being caught
A lack of fear of being caught: A suicide hacker's main difference from other hackers is their complete and utter lack of concern in regard to being caught.
Which type of hacker may use their skills for both benign and malicious goals at different times? - White hat - Gray hat - Black hat - Suicide hacker
Gray hat: Gray-hat hackers are typically thought of as those that were formally black hats but have reformed. However, they have been known to use their skills for both benign and malicious purposes.
Which of the following best describes what a hacktivist does? - Defaces websites - Performs social engineering - Hacks for political reasons - Hacks with basic skills
Hacks for political reasons: A hacktivist engages in mischief for political reasons.
Which of the following best describes what a suicide hacker does? - Hacks with permission - Hacks without stealth - Hacks without permission - Hacks with stealth
Hacks without stealth: A suicide hacker does not worry about stealth or otherwise conceal their activities but is more concerned with forwarding an agenda.
Companies may require a penetration test for which of the following reasons? - Legal reasons - Regulatory reasons - To perform an audit - To monitor network performance
Legal reasons: Network performance is not the goal of security audits or penetration tests.
Vulnerability research deals with which of the following? - Actively uncovering vulnerabilities - Passively uncovering vulnerabilities - Testing theories - Applying security guidance
Passively uncovering vulnerabilities: Vulnerability research is a way of passively uncovering weaknesses.
Which of the following describes a hacker who attacks without regard for being caught or punished? - Hacktivist - Terrorist - Criminal - Suicide hacker
Suicide hacker: Much like suicide bombers in the real world, suicide hackers do not worry about getting caught; they are only concerned with their mission.
What does TOE stand for? - Target of evaluation - Time of evaluation - Type of evaluation - Term of evaluation
Target of evaluation: TOE stands for target of evaluation and represents the target being tested.
If you have been contracted to perform an attack against a target system, you are what type of hacker? - White hat - Gray hat - Black hat - Red hat
White hat: A white-hat hacker always has permission to perform pen testing against a target system.