01- Intro to Ethical Hacking

Question 1

Active Directory

Answer 1

Windows based central domain controller that grants access to authorized users, storing credentials in a centralized database.

Question 2

Workgroup

Answer 2

Contrary to Active Directory, workgroup user maintain security principals on their own systems.

Question 3

LDAP

Answer 3

standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol (IP) network, Lightweight Directory Access Protocol

Question 4

SIDs

Answer 4

Security Identifiers: Unique ID numbers that identify security principle objects

Question 5

Attack

Answer 5

occurs when a system is compromised based on a vulnerability by an unknown exploit

Question 6

Availability

Answer 6

authorized personnel accessing the data at appointed times. Involves a comprehensive planning of hardware, software, facility, people, and connectivity.

Question 7

Black hat

Answer 7

malicious hackers that try to hack systems with malicious intent

Question 8

CIA Triad

Answer 8

a model promoted to define and practice policies related to information security; uses confidentiality, integrity, and availability

Question 9

Confidentiality

Answer 9

keeping access to the information only to the intended audience; does two things: ensures that the right people get the intended information and prevents sensitive information from reaching the wrong people

Question 10

Defense

Answer 10

In-depth the use of layered security mechanisms; the layers could be data, applications, host levels, Internet networks, perimeter levels, physical securities, etc.

Question 11

Ethical Hacking

Answer 11

testing the resources for a good cause and for the betterment of technology; another term for “penetration testing.”

Question 12

Exploit

Answer 12

written to take advantage of a vulnerability

Question 13

External Testing

Answer 13

focused on the server’s infrastructure and underlying software pertaining to the target

Question 14

Gray hat

Answer 14

hackers that can aid companies in informing them about any vulnerabilities they have found, but are not hired by the companies to perform such tests

Question 15

Hacking

Answer 15

the skill of exploring various security breaches and posting unwanted content on websites, stealing data, etc.; concentrates on exploits and vulnerabilities

Question 16

Human threats

Answer 16

insiders who have authorization to access systems, and hackers who use exploits to attack

Question 17

Integrity

Answer 17

maintaining the sanctity of information and keeping the data accurate throughout its life, whether it is on the same computer or shared over a network

Question 18

Malware

Answer 18

any type of program that is created with the intent to cause damage, steal data, or abuse computer system resources; includes computer viruses, worms, and Trojan horses

Question 19

Natural threats

Answer 19

can be a flood causing areas to be waterlogged, or a hurricane or a tornado causing a lot of damage.; often impact the availability of systems

Question 20

Patch

Answer 20

a fix to a vulnerability

Question 21

Penetration Testing

Answer 21

uses the same methods a hacker uses to gain unauthorized access to a network or system with a view to compromise them, but uses the methods to help companies

Question 22

Script Kiddies

Answer 22

naïve hackers try hard to get their hands on such zero day attacks, instead of writing their own

Question 23

Technology threats

Answer 23

caused by malware, zero-day attacks, exploits, or web attacks

Question 24

Vulnerability

Answer 24

a weak link in the software, settings, etc., through which, if not fixed early, someone can get access to the computer, application, and/or network and can cause damage

Question 25

White hat

Answer 25

gets permission from the data owner before any hacking and use their hacking skills for defensive purposes only. They use their knowledge and skills to locate weaknesses and implement countermeasures and for defense purposes and preventing losses.

Question 26

Zero day Attack

Answer 26

exploits that have not been published