CIST 2613 chapter 1
What are the tenets of InfoSec security?
1) Confidentiality 2) Integrity 3) Availability
What are the elements of crime?
1) Means 2) Motive 3) Opportunity
What steps would you use to conduct a penetration test?
1) Planning 2) Discovery & Additional Discovery 3) Attack 4) Reporting
Describe what an administrative control in an organization be.
1) Policies & Procedures - Enforcing good password policy. 2) Governing Actions when hiring & firing employees. 3) Administrative Policies - Fulfill legal requirements such as: Privacy of customer information.
What steps would you use to hack a computer system?
1) Reconnaissance 2) Scanning 3) Infiltration & Escalation 4) Exfiltration 5) Access Extension 6) Assault 7) Obfuscation
Describe the skill set needed to be on penetration testing team.
1) Routers & Routing Protocol 2) Organizational Policies 3) Legal Requirements 4) Networking 5) Transmission Control Protocol (TCP/IP) 6) Similar Technologies
2. What are the three types of controls you can use to mitigate risk?
1) Technical 2) Administrative 3) Physical
What are the different types of penetration tests you can perform?
1) Technical Attack 2) Administrative Attack 3) Physical Attack
Describe the different types of penetration tests.
1) Technical Attack - Designed to simulate an attack against technology from either the inside or outside, depending on the goals and intentions of the client. 2) Administrative Attack - Designed to find loopholes or shortcomings in how tasks and operational processes are performed. 3) Physical Attack - Targets physical equipment and facilities with actions such as theft, breaking & entering, or similar actions. Can also include actions against people
1. Explain what an exploit is and how it effects assets.
An exploit refers to a piece of software, a tool, or a technique that targets or takes advantage of a vulnerability leading to privilege escalation.
Why is it important not to breaking the trust of the client who has hired an ethical hacker?
Because an ethical hacker knows that there is repercussions if they break their trust with the client then clients has the right to charge them
Describe the parts of CIA triangle and what each part means
Confidentiality means Ensuring that only authorized subjects can access protected data. Integrity means Ensuring that only authorized subjects can modify protected data. Availability means Ensuring that information and the resources that manage information are available on demand to authorized subjects.
Describe the difference between a malicious hacker and an ethical hacker.
Ethical Hackers - Use the skills or knowledge acquired to properly defend against an aggressor or hacker through understanding the mindset, to stimulate a hostile attacker. Malicious Hacker - Use skills or knowledge to illegally break into a computer system with intent to damage or steal information.
Define traits of an ethical hackers.
Ethical hackers engage in their activities only with the permission of the asset owner. An Ethical hacker expose vulnerabilities and make systems more secure
Describe the parts of a security attack.
Once ethical hackers have the necessary permission and contracts in places, they can engage in penetration testing, which is the structured and methodical means of investigating, identifying, attacking, reporting on a target system's strengths and vulnerabilities. Under the right circumstances, penetration testing can provide a wealth of information that the system owner can use to adjust defenses.
Describe what penetration testing is.
Penetration Testing is the structured and methodical means of investigating, identifying, attacking, and reporting on a target systems strengths and vulnerabilities.
What is involved with the planning phase of a penetration test?
Why is the penetration test deemed necessary
3. Describe what hacktivism is.
a computer system or network for a social or political activism reason. (