01- Intro to Ethical Hacking QUIZ Flashcards
This term is not used in hacking circles. A. Vulnerabilities B. Exploits C. Integrity D. Zero-day attack
Answer: C
Integrity is one of the key principles in the CIA triad. It ensures that only authorized persons edit the data.
Hackers and ethical hackers use the same tools and techniques.
True
False
Answer: True
Hackers and Ethical hackers use the same tools and techniques, but differ in consent. Ethical hackers do not exploit weaknesses
and reveal all the information about the potential vulnerabilities of the system to the admin. Hackers gain unauthorized access
and can cause damage.
If it is legal and within the scope of the project, the pen tester can undertake war dialing to detect
listening modems and war driving to discover vulnerable access points.
True
False
Answer: True
If it is legal and within the scope of the project, then the pen tester can undertake war dialing to detect listening modems and
war driving to discover vulnerable access points.
Ethical hacking cannot: A. Perform security analysis B. Prioritize threats C. Test resources D. Exploit vulnerabilities
Answer: D
Ethical hacking focuses on improving security by identifying the weaknesses and vulnerabilities of the system. In contrast to
unethical hacking, the ethical hackers do not exploit the flaw; they reveal all the information to the users.
A hacker needs to be a good programmer as many hacking software programs have ready-made
exploits that can be launched against a computer system or network. Identify the uses of exploits.
(Choose all that apply.)
A. Initial attack
B. Expose vulnerability
C. Steal data
D. Gain privilege escalation
Answer: A, B, and D
Hackers concentrate on exploits to open the doors to an initial attack. Exploits are pieces of software used to detect the
vulnerabilities of a system. The ethical hacker will update the admin with the latest discovered vulnerabilities. The exploits take
advantage of a bug to gain unauthorized access to the system and privilege escalation to intrude into the system.
Which of the following is not the key term of the CIA triad? A. Exploits B. Availability C. Confidentiality D. Integrity
Answer: A
Confidentiality, integrity, and availability are the basic tenets of information system security and are the key terms of the CIA
triad.
Identify the key principle in the CIA triad that prevents denial-of-service (DoS) attacks.
A. Integrity
B. Availability
C. Confidentiality
Answer: B
Availability is ensured by performing all the hardware maintenance, updating software to the current version, and providing adequate communication bandwidth.
Confidentiality makes use of: (Choose all that apply.) A. Data encryption B. User IDs and passwords C. Backup copies D. Necessary system upgrades
Answer: A and B
Data encryption is one of the common methods to ensure confidentiality. A number of security protocols work in conjunction
with the SSL/TLS to ensure security of data over the Internet. Use of user IDs and passwords constitute a standard procedure to
ensure confidentiality.
A vulnerability with one or more known instances of working and fully implemented attacks is classified as: A. Exploitable vulnerability B. Window of vulnerability C. Attack surface
Answer: A
A vulnerability with one or more known instances of working and fully implemented attacks is classified as an exploitable
vulnerability.
From discovery until disclosure, it is a:
A. Black risk
B. White risk
C. Gray risk
Answer: A
From discovery until disclosure of a vulnerability, the black hats use their skill for malicious purposes.
Who are self-proclaimed ethical hackers?
A. Black hat hackers
B. White hat hackers
C. Gray hat hackers
Answer: C
Gray hackers are self-proclaimed ethical hackers. The nature of behavior depends on the situations and can be sometimes
offensive or defensive.
Choose the one that doesn’t belong. A. Zero-day attacks B. Natural threat C. Exploits D. Malware
Answer: B
As the name implies, natural threats can be any disaster caused by nature. It can be a flood or hurricane, causing impact on the
availability of the systems.
Identify the term not associated with confidentiality. A. User IDs & passwords B. EMP C. SSL/TLS D. Biometrics
Answer: B
EMP, or electromagnetic pulse, is related with integrity to ensure that only authorized persons access the data.
What is the primary goal of using exploits?
A. Gain low-level access, escalate privileges repeatedly, and reach the root
B. Unauthorized data access
C. DoS
D. Superuser-level access
Answer: A
The main goal of exploits is to gain low-level access to the system. After gaining low-level access, it escalates the privilege
repeatedly until the hacker reaches the root.
The hackers who hack with permission from the data owner are known as:
A. Gray risk hackers
B. Black risk hackers
C. White risk hackers
Answer: C
White risk hackers are ethical hackers, who use their knowledge to find out the vulnerabilities in the computer system and help
in the implementation of countermeasures.