Chapter 1: Introduction to Ethical Hacking

Which of the following best describes a vulnerability? - A worm - A virus - A weakness - A rootkit

A weakness: A vulnerability is a weakness. Worms, viruses, and rootkits are forms of malware.

A white-box test means the tester has which of the following? - No knowledge - Some knowledge - Complete knowledge - Permission

Complete knowledge: White-box testers have complete knowledge of the environment they have been tasked with attacking.

What should a pentester do prior to initiating a new penetration test? - Plan - Study the environment - Get permission - Study the code of ethics

Get permission: Permission is absolutely essential to be obtained prior to performing any sort of test against a system you don't own. Permission should also be in writing and never verbal.

A contract is important because it does what? - Gives permission - Gives test parameters - Gives proof - Gives a mission

Gives proof: A contract gives proof that permission and parameters were established.

Which of the following describes an attacker who goes after a target to draw attention to a cause? - Terrorist - Criminal - Hacktivist - Script kiddie

Hacktivist: A hacktivist is an individual or group that performs hacking and other disruptive activities with the intention of drawing attention to a particular cause or message.

The group Anonymous is an example of what? - Terrorists - Script kiddies - Hacktivists - Grayware

Hacktivists: Anonymous is an example of hacktivists.

What level of knowledge about hacking does a script kiddie have? - Low - Average - High - Advanced

Low: Script kiddies have low or no knowledge of the hacking process but should still be treated as dangerous.

Which of the following does an ethical hacker require to start evaluating a system? - Training - Permission - Planning - Nothing

Permission: An ethical hacker never performs their services against a target without explicit permission of the owner of that system.

Which of the following would most likely engage in the pursuit of vulnerability research? - White hat - Gray hat - Black hat - Suicide hacker

White hat: White hats are the most likely to engage in research activities, and although gray and black hats may engage in these activities, they are not typical.

How is black-box testing performed? - With no knowledge - With full knowledge - With partial knowledge - By a black hat

With no knowledge: Black-box testing is performed with no knowledge to simulate an actual view of what a hacker would have.

What is a code of ethics? - A law for expected behavior - A description of expected behavior - A corporate policy - A standard for civil conduct

A description of expected behavior: Code of ethics is a description of expected behavior. While not adhering to ethics typically does not result in legal action, it can result in expulsion from certain organizations such as EC-Council certification.

What separates a suicide hacker from other attackers? - A disregard for the law - A desire to be helpful - The intent to reform - A lack of fear of being caught

A lack of fear of being caught: A suicide hacker's main difference from other hackers is their complete and utter lack of concern in regard to being caught.

Which type of hacker may use their skills for both benign and malicious goals at different times? - White hat - Gray hat - Black hat - Suicide hacker

Gray hat: Gray-hat hackers are typically thought of as those that were formally black hats but have reformed. However, they have been known to use their skills for both benign and malicious purposes.

Which of the following best describes what a hacktivist does? - Defaces websites - Performs social engineering - Hacks for political reasons - Hacks with basic skills

Hacks for political reasons: A hacktivist engages in mischief for political reasons.

Which of the following best describes what a suicide hacker does? - Hacks with permission - Hacks without stealth - Hacks without permission - Hacks with stealth

Hacks without stealth: A suicide hacker does not worry about stealth or otherwise conceal their activities but is more concerned with forwarding an agenda.

Companies may require a penetration test for which of the following reasons? - Legal reasons - Regulatory reasons - To perform an audit - To monitor network performance

Legal reasons: Network performance is not the goal of security audits or penetration tests.

Vulnerability research deals with which of the following? - Actively uncovering vulnerabilities - Passively uncovering vulnerabilities - Testing theories - Applying security guidance

Passively uncovering vulnerabilities: Vulnerability research is a way of passively uncovering weaknesses.

Which of the following describes a hacker who attacks without regard for being caught or punished? - Hacktivist - Terrorist - Criminal - Suicide hacker

Suicide hacker: Much like suicide bombers in the real world, suicide hackers do not worry about getting caught; they are only concerned with their mission.

What does TOE stand for? - Target of evaluation - Time of evaluation - Type of evaluation - Term of evaluation

Target of evaluation: TOE stands for target of evaluation and represents the target being tested.

If you have been contracted to perform an attack against a target system, you are what type of hacker? - White hat - Gray hat - Black hat - Red hat

White hat: A white-hat hacker always has permission to perform pen testing against a target system.