01- Intro to Ethical Hacking QUIZ Flashcards

1
Q
This term is not used in hacking circles.
A. Vulnerabilities
B. Exploits
C. Integrity
D. Zero-day attack
A

Answer: C

Integrity is one of the key principles in the CIA triad. It ensures that only authorized persons edit the data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Hackers and ethical hackers use the same tools and techniques.
True
False

A

Answer: True
Hackers and Ethical hackers use the same tools and techniques, but differ in consent. Ethical hackers do not exploit weaknesses
and reveal all the information about the potential vulnerabilities of the system to the admin. Hackers gain unauthorized access
and can cause damage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

If it is legal and within the scope of the project, the pen tester can undertake war dialing to detect
listening modems and war driving to discover vulnerable access points.
True
False

A

Answer: True
If it is legal and within the scope of the project, then the pen tester can undertake war dialing to detect listening modems and
war driving to discover vulnerable access points.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q
Ethical hacking cannot:
A. Perform security analysis
B. Prioritize threats
C. Test resources
D. Exploit vulnerabilities
A

Answer: D
Ethical hacking focuses on improving security by identifying the weaknesses and vulnerabilities of the system. In contrast to
unethical hacking, the ethical hackers do not exploit the flaw; they reveal all the information to the users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A hacker needs to be a good programmer as many hacking software programs have ready-made
exploits that can be launched against a computer system or network. Identify the uses of exploits.
(Choose all that apply.)
A. Initial attack
B. Expose vulnerability
C. Steal data
D. Gain privilege escalation

A

Answer: A, B, and D
Hackers concentrate on exploits to open the doors to an initial attack. Exploits are pieces of software used to detect the
vulnerabilities of a system. The ethical hacker will update the admin with the latest discovered vulnerabilities. The exploits take
advantage of a bug to gain unauthorized access to the system and privilege escalation to intrude into the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q
Which of the following is not the key term of the CIA triad?
A. Exploits
B. Availability
C. Confidentiality
D. Integrity
A

Answer: A
Confidentiality, integrity, and availability are the basic tenets of information system security and are the key terms of the CIA
triad.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Identify the key principle in the CIA triad that prevents denial-of-service (DoS) attacks.
A. Integrity
B. Availability
C. Confidentiality

A

Answer: B
Availability is ensured by performing all the hardware maintenance, updating software to the current version, and providing adequate communication bandwidth.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
Confidentiality makes use of: (Choose all that apply.)
A. Data encryption
B. User IDs and passwords
C. Backup copies
D. Necessary system upgrades
A

Answer: A and B
Data encryption is one of the common methods to ensure confidentiality. A number of security protocols work in conjunction
with the SSL/TLS to ensure security of data over the Internet. Use of user IDs and passwords constitute a standard procedure to
ensure confidentiality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
A vulnerability with one or more known instances of working and fully implemented attacks is
classified as:
A. Exploitable vulnerability
B. Window of vulnerability
C. Attack surface
A

Answer: A
A vulnerability with one or more known instances of working and fully implemented attacks is classified as an exploitable
vulnerability.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

From discovery until disclosure, it is a:
A. Black risk
B. White risk
C. Gray risk

A

Answer: A

From discovery until disclosure of a vulnerability, the black hats use their skill for malicious purposes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Who are self-proclaimed ethical hackers?
A. Black hat hackers
B. White hat hackers
C. Gray hat hackers

A

Answer: C
Gray hackers are self-proclaimed ethical hackers. The nature of behavior depends on the situations and can be sometimes
offensive or defensive.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q
Choose the one that doesn’t belong.
A. Zero-day attacks
B. Natural threat
C. Exploits
D. Malware
A

Answer: B
As the name implies, natural threats can be any disaster caused by nature. It can be a flood or hurricane, causing impact on the
availability of the systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q
Identify the term not associated with confidentiality.
A. User IDs & passwords
B. EMP
C. SSL/TLS
D. Biometrics
A

Answer: B

EMP, or electromagnetic pulse, is related with integrity to ensure that only authorized persons access the data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the primary goal of using exploits?
A. Gain low-level access, escalate privileges repeatedly, and reach the root
B. Unauthorized data access
C. DoS
D. Superuser-level access

A

Answer: A
The main goal of exploits is to gain low-level access to the system. After gaining low-level access, it escalates the privilege
repeatedly until the hacker reaches the root.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The hackers who hack with permission from the data owner are known as:
A. Gray risk hackers
B. Black risk hackers
C. White risk hackers

A

Answer: C
White risk hackers are ethical hackers, who use their knowledge to find out the vulnerabilities in the computer system and help
in the implementation of countermeasures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q
For implementing the defense-in-depth strategies on the data layer, you could have:
A. Firewalls
B. Encryption
C. HIDS
D. Antivirus
A

Answer: B

Encryptions and ACL are used in the data layer.

17
Q

Which is the conventional approach to penetration testing?
A. External testing
B. Internal testing

A

Answer: A
External penetration testing is the conventional approach to penetration testing that focuses on the servers, infrastructure, and
underlying software pertaining to the target. No prior knowledge of the site or full disclosure of the topology and environment
are required to perform this test.

18
Q
Name the penetration test in which the pen testers have partial knowledge or information about the
system and environment.
A. White-box testing
B. Gray-box testing
C. Black-box testing
A

Answer: B
The pen tester conducts the tests with limited or partial knowledge about infrastructure, defense mechanism, and
communication channels of the target.

19
Q

In black-box testing, the pen testers choose to undertake black-hat testing to: (Choose all that apply.)
A. Minimize false positives
B. Simulate real-world attacks
C. Simulate an inside attacker who has full privileges
D. Simulate attacks performed by an insider or outsider with limited access privileges

A

Answer: A and B
The black hat testers carry out the test with no prior information about the infrastructure of the system to minimize false
positives. Before analysis, they determine the location and extent of the systems. The black hat testers will get no assistance
from the client and begins tests to simulate real-world attacks and reduce false positives.

20
Q
The following are true about a penetration tester, except:
A. Follows a strict code of ethics
B. Gets authorization before testing
C. Attempts to exploit vulnerabilities
D. Presents a detailed report
A

Answer: C

When a hacker attempts to exploit vulnerabilities, the penetration tester attempts to correct vulnerabilities.

21
Q

A malicious hacker: (Choose all that apply.)
A. Tries to bypass the logs
B. Will follow techniques that will not cause any damage
C. Attempts to correct vulnerabilities
D. Does not follow a code of ethics

A

Answer: A and D
A malicious hacker will always attempt to bypass all the logs in order to remain undetected. In contrast, a pen tester will submit all logs
and reports to the organization. Only a pen tester follows a code of ethics; not a hacker.

22
Q
Which is not a step in penetration testing methodology?
A. Footprinting
B. Scanning
C. Security analysis
D. Enumeration
A

Answer: C
Evaluation of security levels is a method in penetration testing, which helps the tester to determine the vulnerabilities related
to hardware and software.

23
Q
In ethical hacking, if you fail to penetrate into a system/network, then:
A. Try a denial-of-service attack
B. Try to elevate your privileges
C. Try to become an admin
D. Try to alter data
A

Answer: A

If you fail to penetrate into a system/network, then think like a hacker and carry out a denial-of-service attack.

24
Q
Choose the one which does not fall into the category of network attacks:
A. Sniffing
B. ARP poisoning
C. MiTM
D. Authorization
A

Answer: D

Authorization is a type of application attack in which the authorization process is exploited.

25
Q

To exploit vulnerability, an attacker need not have an applicable tool or technique that can connect to
a system weakness.
True
False

A

Answer: False
To exploit vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness.
In such cases, the vulnerability is also known as the attack surface.

26
Q

Script kiddies are related to zero-day exploits.
True
False

A

Answer: True
The primary desire of unskilled attackers is to obtain access to zero-day exploits. Such unskilled attackers are nicknamed Script Kiddies.

27
Q

Multiple implementations of the same basic security tool is a layered approach.
True
False

A

Answer: False
Multiple implementations of the same basic security tool is not a layered approach. Layered security is about multiple types of security measures, each protecting against a different vector of attack.

28
Q

A hacker who targets an organization’s network to gain unauthorized access, and a professional
penetration tester are different.
True
False

A

Answer: True
A professional penetration tester will have the concern of the owner to access the organization network and use his skills to improve the security, without causing any loss or damage. A hacker will have malicious intentions and may cause damage to the network.

29
Q

A gray hat hacker always hacks the system for offensive purposes.
True
False

A

Answer: False
Grey hackers use their skill for both offensive and defensive purposes, whereas a black hacker uses their knowledge to gain unauthorized access to the system for offensive purposes only. A white hacker always hacks the systems with good intentions.

30
Q

The implementation of the Incident Management process derives benefits for its IT services only.
True
False

A

Answer: False

The implementation of the Incident Management process derives benefits for both its IT services and business.

31
Q

Buffer overflow is a type of Host/OS attacks.
True
False

A

Answer: False

Buffer overflows, SQL injection, and authentication are some of the types of application attacks.