CEHv8 BOOTCAMP: MODULE 01-INTRODUCTION TO ETHICAL HACKING_SET-2 Flashcards

1
Q

What are Black Hats?

A

Individuals with extraordinary computing skills, resorting to malicious or destructive activities and are also known as crackers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are White Hats?

A

Individuals professing hacker skills and using them for defensive purposes and are also known as security analysts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are Gray Hats?

A

Individuals who work both offensively and defensively at various times.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are Suicide Hackers?

A

Individuals who aim to bring down critical infrastructure for a “cause” and are not worried about facing jail terms, or any other form of punishment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are Script Kiddies?

A

An unskilled hacker who compromises system by running scripts, tools, and software developed by real hackers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are Spy Hackers?

A

Individuals employed by the organization to penetrate and gain trade secrets of the competitor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are Cyber Terrorists?

A

Individuals with wide range of skills, motivated by religious or political beliefs to create fear by large scale disruption of computer networks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are State Sponsored Hackers?

A

Individuals employed by the government to penetrate and gain top-secret information and to damage information systems of other governments.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Passive Reconnaissance?

A

Acquiring information without directly interacting with the target.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Active Reconnaissance?

A

Acquiring information by directly interacting with the target, by any means.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What does Reconnaissance refer to in the phases of hacking?

A

The preparatory phase where an attacker seeks to gather information about a target prior to launching an attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are some types of tools used during the Scanning phase of hacking?

A
  • Dialers
  • Port scanners
  • Network mappers
  • Ping tools
  • Vulnerability scanners
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What does Scanning refer to in the phases of hacking?

A

The pre-attack phase when the attacker scans the network for specific information on the basis of information gathering during reconnaissance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What does Gaining Access refer to in the phases of hacking?

A

The point where the attacker obtains access to the operating system or applications on the computer or network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does Maintaining Access refer to in the phases of hacking?

A

When the attacker tries to retain his or her ownership of the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What does Clearing Tracks refer to in the phases of hacking?

A

The activities taken by an attacker to hide malicious acts.

17
Q

How can attackers Maintain Access?

A

By securing their exclusive access with Backdoors, RootKits, or Trojans.

18
Q

How can an attacker clear their tracks?

A

Overwriting server, system and application logs to avoid suspicion.

19
Q

What are some OS vulnerabilities?

A
  • Buffer overflow vulnerabilities
  • Bugs in the OS
  • Unpatched OS
20
Q

What are some OS attacks?

A
  • Exploiting specific protocol implementations
  • Attacking built-in authentication systems
  • Breaking file-system security
  • Cracking passwords and encryption mechanisms
21
Q

What can poor or nonexistent error checking in applications lead to?

A
  • Buffer overflow attacks
  • Sensitive information disclosure
  • Cross-site scripting
  • Session hijacking and a man-in-the-middle attacks
  • SQL injection attacks
  • Denial-of-service attacks
22
Q

What are types of application-level attacks?

A
  • Phishing
  • Session hijacking
  • Man-in-the-middle attack
  • Parameter/form tampering
  • Directory traversal attacks
23
Q

What are Shrink Wrap Code attacks?

A

Attacks that exploit default configuration and settings of the off-the-shelf libraries and code.

24
Q

What are the 5 skills of an Ethical Hacker?

A
  • Platform Knowledge
  • Network Knowledge
  • Computer Expert
  • Security Knowledge
  • Technical Knowledge
25
Q

What is Defense in Depth?

A

A security strategy in which several protection layers are placed throughout an information system.