Chapter 2 Ethical Hacking Testout
State sponsored hacker
A hacker that works for a government and attempts to gain top-secret information by hacking other governments.
Heather has been hired to work in a firm's cybersecurity division. Her role will include performing both offensive and defensive tasks. Which of the following roles applies to Heather? -A member of the purple team. -A gray hat hacker. -A black hat hacker. -A member of the red team.
-A member of the purple team.
The following formula defines which method of dealing with risk? Cost of Risk > Damage = Risk _________ -Acceptance -Avoidance -Mitigation -Transference
-Acceptance
Yesenia was recently terminated from her position, where she was using her personal cell phone for business purposes. Upon termination, her phone was remotely wiped. Which of the following corporate policies allows this action? -Update policy -BYOD policy -Password policy -Corporate policy
-BYOD policy
Wassenaar Arrangement
An agreement between 41 countries to hold similar export controls on weapons, including banning some and requiring licensing for others, like intrusion software.
White hat
This is a skilled hacker who uses their skills and knowledge for defensive purposes only. A white hat hacker will only interact with a system that they have explicit permission to access. These are the ethical hackers.
Script kiddie
This person is extremely unskilled and uses tools and scripts that real hackers have developed.
Which of the following best describes a non-disclosure agreement? -A common legal contract outlining confidential material that will be shared during the assessment. -A document that defines if the test will be a white box, gray box, or black box test and how to handle sensitive data. -A very detailed document that defines exactly what is going to be included in the penetration test. -A contract where parties agree to most of the terms that will govern future actions.
-A common legal contract outlining confidential material that will be shared during the assessment.
Which of the following best describes a master service agreement? -A contract where parties agree to the terms that will govern future actions. -A very detailed document that defines exactly what is going to be included in the penetration test. -Defines if the test will be a white box, gray box, or black box test and how to handle sensitive data. -Used as a last resort if the penetration tester is caught in the scope of their work.
-A contract where parties agree to the terms that will govern future actions.
Heather is working for a cybersecurity firm based in Florida. She will be conducting a remote penetration test for her client, who is based in Utah. Which state's laws and regulations will she need to adhere to? -A lawyer should be consulted on which laws to adhere to and both parties agree. -Both companies will need to adhere to Florida's laws. -Both companies will need to adhere to Utah's laws. -Heather will adhere to Florida's laws, and the client will adhere to Utah's laws.
-A lawyer should be consulted on which laws to adhere to and both parties agree.
Which of the following best describes a supply chain? -A company provides materials to another company to manufacture a product. -A company stores their product at a distribution center. -A company stocks their product at a store. -A company sells their products on Amazon and has Amazon ship the product.
-A company provides materials to another company to manufacture a product.
Digital MillenniumCopyright Act (DMCA)
Enacted in 1998, this law is designed to protect copyrighted works.
Hannah is working on the scope of work with her client. During the planning, she discovers that some of the servers are cloud-based servers. Which of the following should she do? -Not worry about this fact and test the servers. -Get a non-disclosure agreement. -Add the cloud host to the scope of work. -Tell the client she can't perform the test.
-Add the cloud host to the scope of work.
Which of the following best describes the Wassenaar Arrangement? -An agreement between 41 countries to enforce similar export controls for weapons, including intrusion software. -Standards that ensure medical information is kept safe and is only shared with the patient and medical professionals. -A law that defines the security standards for any organization that handles cardholder information. -A law that defines how federal government data, operations, and assets are handled.
-An agreement between 41 countries to enforce similar export controls for weapons, including intrusion software.
During a risk assessment, the organization determines that the risk of collecting personal data from its customers is not acceptable and stops. What method of dealing with risk is the organization using? -Mitigation -Acceptance -Avoidance -Transference
-Avoidance
You are executing an attack in order to simulate an outside attack. Which type of penetration test are you performing? -Black box -White hat -White box -Black hat
-Black box
Rules of engagement (RoE)
A document that defines exactly how the work will be carried out.
During an authorized penetration test, Michael discovered his client's financial records. Which of the following should he do? -Continue digging and look for illegal activity. -Sell the records to a competitor. -Make a backup of the records for the client. -Ignore the records and move on.
-Ignore the records and move on.
During a penetration test, Mitch discovers child pornography on a client's computer. Which of the following actions should he take? -Ignore the files and continue with the penetration test. -Delete the files and continue with the penetration test. -Immediately stop the test and report the finding to the authorities. -Stop the test, inform the client, and let them handle it.
-Immediately stop the test and report the finding to the authorities.
Charles found a song he wrote being used without his permission in a video on YouTube. Which law will help him protect his work? -PCI DSS -HIPAA -FISMA -DMCA
-DMCA
Federal Information SecurityManagement Act (FISMA)
Defines how federal government data, operations, and assets are handled.
Heather is in the middle of performing a penetration test when her client asks her to also check the security of an additional server. Which of the following documents does she need to submit before performing the additional task? -Scope of work -Rules of engagement -Change order -Permission to test
-Change order
ABC company is in the process of merging with XYZ company. As part of the merger, a penetration test has been recommended. Testing the network systems, physical security, and data security have all been included in the scope of work. What else should be included in the scope of work? -Employee IDs -Email policies -Password policies -Company culture
-Company culture
Which type of penetration test is required to ensure an organization is following federal laws and regulations? -Objective-based -Goal-based -Compliance-based -White box
-Compliance-based
What are the rules and regulations defined and put in place by an organization called? -Scope of work -Corporate policies -Rules of engagement -Master service agreement
-Corporate policies
Which of the following best describes what FISMA does? -Implements accounting and disclosure requirements that increase transparency. -Defines standards that ensure medical information is kept safe. -Defines the security standards for any organization that handles cardholder information -Defines how federal government data, operations, and assets are handled.
-Defines how federal government data, operations, and assets are handled.
Which of the following best describes the rules of engagement document? -Defines if the test will be a white box, gray box, or black box test and how to handle sensitive data. -A very detailed document that defines exactly what is going to be included in the penetration test. -Used as a last resort if the penetration tester is caught in the scope of their work. -A contract where parties agree to most of the terms that will govern future actions.
-Defines if the test will be a white box, gray box, or black box test and how to handle sensitive data.
Penetration testing is the practice of finding vulnerabilities and risks with the purpose of securing a computer or network. Penetration testing falls under which all-encompassing term? -Blue teaming -Red teaming -Network scanning -Ethical hacking
-Ethical hacking
Miguel is performing a penetration test on a web server. Miguel was given only the server's IP address and name. Which of the following best describes the type of penetration test Miguel is performing? -Black box -White box -Internal -External
-External
Which of the following best describes a goal-based penetration test? -Ensures the organization follows federal laws and regulations. -The hacker has been given full information about the target. -Focuses on the overall security of the organization and its data security. -Focuses on the end results. The hacker determines the methods.
-Focuses on the end results. The hacker determines the methods.
United States Code Title 18, Chapter 47, Section 1029 deals with which of the following? -Fraud and related activity involving computers. -Fraud and related activity regarding identity theft. -Fraud and related activity involving access devices. -Fraud and related activity involving electronic mail.
-Fraud and related activity involving access devices.
Which of the following is the third step in the ethical hacking methodology? -Scanning and enumeration -Reconnaissance -Clear your tracks -Gain access
-Gain access
Michael is performing a penetration test for a hospital. Which federal regulation does Michael need to ensure he follows? -DMCA -FISMA -PCI DSS -HIPAA
-HIPAA
Which of the following elements is generally considered the weakest link in an organization's security? -Network -Physical -Human -Servers
-Human
Which of the following best describes what SOX does? -Defines the security standards for any organization that handles cardholder information. -Defines how federal government data, operations, and assets are handled. -Defines standards that ensure medical information is kept safe. -Implements accounting and disclosure requirements that increase transparency.
-Implements accounting and disclosure requirements that increase transparency.
You are performing a penetration test of a local area network (LAN). Refer to the circled area on the network diagram. network. Which of the following types of penetration tests is being performed? -Internal -Black Box -External -Gray Box
-Internal
Which of the following is considered a mission-critical application? -Customer database -Support log -Video player -Medical database
-Medical database
Miguel is performing a penetration test on his client's web-based application. Which penetration test frameworks should Miguel utilize? -OSSTMM -NIST SP 800-115 -ISO/IEC 27001 -OWASP
-OWASP
Which of the following defines the security standards for any organization that handles cardholder information for any type of payment card? -PCI DSS -HIPAA -FISMA -DMCA
-PCI DSS
Which of the following is a common corporate policy that would be reviewed during a penetration test? -Parking policy -Password policy -Meeting policy -Purchasing policy
-Password policy
Randy was just hired as a penetration tester for the red team. Which of the following best describes the red team? -Is responsible for establishing and implementing policies. -Acts as a pipeline between teams and can work on any side. -Is a team of specialists that focus on the organization's defensive security. -Performs offensive security tasks to test the network's security.
-Performs offensive security tasks to test the network's security.
During a penetration test, Dylan is caught testing the physical security. Which document should Dylan have on his person to avoid being arrested? -Rules of engagement -Scope of work -Permission to test -Master service agreement
-Permission to test
During a penetration test, Heidi runs into an ethical situation she's never faced before and is unsure how to proceed. Which of the following should she do? -Reach out to an attorney for legal advice. -Trust her instincts and do what she feels is right. -Ignore the situation and just move on. -Talk with her friend and do what they suggest.
-Reach out to an attorney for legal advice.
The penetration testing life cycle is a common methodology used when performing a penetration test. This methodology is almost identical to the ethical hacking methodology. Which of the following is the key difference between these methodologies? -Maintain access -Reconnaissance -Reporting -Gain access
-Reporting
What does an organization do to identify areas of vulnerability within their network and security systems? -Internal test -Scanning -External test -Risk assessment
-Risk assessment
Heather is performing a penetration test. She has gathered a lot of valuable information about her target already. Heather has used some hacking tools to determine that, on her target network, a computer named Production Workstation has port 445 open. Which step in the ethical hacking methodology is Heather performing? -Gain access -Scanning and enumeration -Maintain access -Reconnaissance
-Scanning and enumeration
A client asking for small deviations from the scope of work is called: -Security exception -Change order -Scope creep -Rules of engagement
-Scope creep
Which of the following documents details exactly what can be tested during a penetration test? -Scope of Work -Rules of Engagement -Master Service Agreement -Non-Disclosure Agreement
-Scope of Work
Which document explains the details of an objective-based test? -Rules of engagement -Permission to test -Scope of work -Change order
-Scope of work
Which of the following is a deviation from standard operating security protocols? -Whitelisting -Blacklisting -Security exception -MAC filtering
-Security exception
Which of the following policies would cover what you should do in case of a data breach? -Password policy -Update frequency policy -Corporate data policy -Sensitive data handling policy
-Sensitive data handling policy
A goal-based penetration test needs to have specific goals. Using SMART goals is extremely useful for this. What does SMART stand for? -Specific/Measurable/Attainable/Relevant/Timely -Steps/Measurable/Affordable/Results/Tuned -Steps/Maintainable/Affordable/Results/Tuned -Specific/Maintainable/Attainable/Relevant/Timely
-Specific/Measurable/Attainable/Relevant/Timely
Which of the following best describes social engineering? -A stealthy computer network attack in which a person or group gains unauthorized access for an extended period. -The art of deceiving and manipulating others into doing what you want. -The process of analyzing an organization's security and locating security holes. -Sending an email that appears to be from a bank to trick the target into entering their credentials on a malicious website.
-The art of deceiving and manipulating others into doing what you want.
Which of the following best describes a gray box penetration test? -The ethical hacker is given strict guidelines about what can be targeted. -The ethical hacker has no information regarding the target or network. -The ethical hacker is given full knowledge of the target or network. -The ethical hacker has partial information about the target or network.
-The ethical hacker has partial information about the target or network.
Which of the following is a limitation of relying on regulations? -They allow interpretation. -They rely heavily on password policies. -The industry standards take precedence. -They are regularly updated.
-They rely heavily on password policies.
After performing a risk assessment, an organization must decide what areas of operation can be included in a penetration test and what areas cannot be included. Which of the following describes the process? -Transference -Avoidance -Mitigation -Tolerance
-Tolerance
Miguel is performing a penetration test. His client needs to add Miguel's computer to the list of devices allowed to connect to the network. What type of security exception is this? -Blacklisting -White box -Black box -Whitelisting
-Whitelisting
Which of the following is a consideration when scheduling a penetration test? -What risks are acceptable? -Are there any security exceptions? -Which systems are being tested? -Who is aware of the test?
-Who is aware of the test?
Non-disclosure agreement (NDA)
A common legal contract that outlines confidential material or information that will be shared during a security assessment and what restrictions are placed on information.
Master service agreement (MSA)
A contract where parties agree to the terms that will govern future actions. This makes future services and contracts easier to handle and define.
Permission to test
A document that explains what the penetration tester is doing and that their work is authorized. This document is sometimes referred to as the Get Out Of Jail Free Card.
Goal-Based Penetration Test
A goal-based penetration test will focus on the end results. The goals must be specific and well-defined before the test can begin. The penetration tester will utilize a wide range of skills and methods to carry out the test and meet the goals.
Suicide hacker
A hacker who is only concerned with taking down their target for a cause. This hacker has no concern with being caught or going to jail--their only concern is their cause.
Sarbanes Oxley Act (SOX)
A law enacted in 2002 with the goal of implementing accounting and disclosure requirements that would increase transparency in corporate governance and financial reporting and formalizing a system of internal checks and balances.
Health Insurance Portabilityand Accountability Act (HIPAA)
A set of standards that ensures a person's health information is kept safe and only shared with the patient and medical professionals that need it.
Scope of work (SoW)
A very detailed document that defines exactly what is going to be included in the penetration test. This document is also referred to as the statement of work.
Objective-Based Penetration Test
An objective-based test focuses on the overall security of the organization and its data security. When people think of a penetration test, this is often what they think of. The scope of work and rules of engagement documents specify what is to be tested.
Open Source Security TestingMethodology Manual (OSSTMM)
Attempts to create one accepted method for a thorough security test.
ISO/IEC 27001
Defines the processes and requirements for an organization's information security management systems.
Payment Card Industry DataSecurity Standards (PCI-DSS)
Defines the security standards for any organization that handles cardholder information for debit cards, credit cards, prepaid cards, and other types of payment cards.
Open Web ApplicationSecurity Project (OWASP)
Describes techniques for testing the most common web applications and web service security issues.
Compliance-Based Penetration Test
Ensuring that the organization is in compliance with federal laws and regulations is a major purpose for performing a penetration test.
Performing reconnaissance
In this phase, the hacker begins gathering information about the target. This can include gathering publicly available information, using social engineering techniques, or even dumpster diving.
Establishing access
In this phase, the hacker uses all the information gathered through reconnaissance and scanning to exploit any vulnerabilities found and gain access.
National Institute of Standardsand Technology Special Publication800-115 (NIST SP 800-115)
Is a guide to the basic technical aspects of conducting information security assessments.
Maintaining access
Once the hacker has gained access, he can use backdoors, rootkits, or Trojans to establish permanent access to the system.
Bring your own device (BYOD)
Policies that govern an organization's rules and regulations regarding support of employee-owned smart phones, tablets, and similar devices.
Scanning and enumeration
Scanning is a natural extension of reconnaissance. The hacker uses various tools to gather in-depth information about the network, computer systems, live systems, open ports, and other features. Extracting information such as usernames, computer names, network resources, shares, and services is known as enumeration. Enumeration is a part of the scanning step.
Black box
The ethical hacker has no information regarding the target or network. This type of test best simulates an outside attack and ignores the insider threats.
White box
The ethical hacker is given full knowledge of the target or network. This test allows for a comprehensive and thorough test, but is not very realistic.
Gray box
The ethical hacker is given partial information of the target or network, such as IP configurations or emails lists. This test simulates an insider threat.
Clearing tracks
The final step in the hacking process is clearing tracks. The hacker overwrites log files to hide the fact they were ever there.
Gray hat
The gray hat hacker falls in the middle of the white hat and black hat hackers. The gray hat may cross the line of what is ethical, but usually has good intentions and isn't being malicious like a black hat hacker.
Black hat
This hacker is also very skilled, but uses their knowledge and skills for illegal or malicious purposes. A black hat is also known as a cracker. They are highly unethical.
Cyber terrorist
This hacker is motivated by religious or political beliefs and wants to cause severe disruption or widespread fear.