CEHv8 BOOTCAMP: MODULE 01-INTRODUCTION TO ETHICAL HACKING_SET-3 Flashcards

1
Q

What does Defense in Depth help prevent?

A

Direct attacks against an information system and data because a break in 1 layer only leads an attacker to the next layer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Incident Management?

A

A set of defined processes to identify, analyze, prioritize, and resolve security incidents to restore normal service operations as quickly as possible and prevent future reoccurrence of the incident.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are 7 purposes of the incident management process?

A
  • Improves service quality
  • Pro-active problem
  • Reduces impact of incidents on business/organization
  • Meets service availability requirements
  • Increases staff efficiency and productivity
  • Improves user/customer satisfaction
  • Assists in handling future incidents
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Security Policy?

A

A document or set of documents that describes the security controls that will be implemented in the company at a high level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are 8 goals of Security Policies?

A
  • Maintain an outline for the management and administration of network security
  • Protection of organization’s computing resources
  • Elimination of legal liability from employees or third parties
  • Ensures customers’ integrity and prevent waste of company computing resources
  • Prevent unauthorized modifications of the data
  • Reduce risks caused by illegal use of the system resource, loss of sensitive, confidential data, and potential property
  • Differentiate the user’s access rights
  • Protect confidential, proprietary information from theft, misuse, unauthorized
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are 5 Classifications of Security Policies?

A
  • User Policy
  • IT Policy
  • General Policies
  • Partner Policy
  • Issue Specific Policies
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a User Policy?

A

A policy that defines who can use the network and the limits on what the user to secure the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a IT Policy?

A

A policy that is designed for the IT department to keep the network secure and stable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a General Policy?

A

A policy that defines the responsibility for general business purposes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a Partner Policy?

A

A policy that is defined among a group of partners.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a Issue Specific Policy?

A

A policy that recognizes specific areas of concern and describe the organization’s status for top level management.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What are the 4 Types of Security Policies?

A
  • Promiscuous Policy
  • Permissive Policy
  • Prudent Policy
  • Paranoid Policy
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a Promiscuous Policy?

A

Policy with no restrictions on Internet or remote access.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a Permissive Policy?

A

Policy that begins wide open and only known dangerous services/attacks are blocked.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a Prudent Policy?

A

Policy that begins by blocking all services and only safe/necessary services are enabled individually; everything is logged.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a Paranoid Policy?

A

Policy that forbids everything.

17
Q

What are the 8 steps to create and implement Security Policies?

A
  • Perform risk assessment to identify risks to the organizations assets
  • Learn the standard guidelines and other organizations
  • Include senior management and all other staff in policy development
  • Set clear penalties and enforce them and also review and update of the security policy
  • Make final version available to all of the staff in the organization
  • Ensure every member of your staff read, sign, and understand the policy
  • Install the tools you need to enforce policies
  • Train your employees and educate them about the policy
18
Q

What is Penetration testing?

A

A method of evaluating the security of an information system or network by simulating an attack to find out vulnerabilities that an attacker could exploit.

19
Q

What is Black box testing?

A

Simulates an attack from someone who has no prior knowledge of the system.

20
Q

What is White box testing?

A

Simulates an attack from someone who has complete prior knowledge of the system.

21
Q

How are Vulnerabilities classified?

A

Severity Level (low, medium, or high), and Exploit Range (local or remote).

22
Q

What is Vulnerability Research?

A

The process of discovering vulnerabilities and design flaws that will open an operating system and its applications to attack or misuse.

23
Q

Who is a Hacker?

A

Someone who accesses a computer system by evading its security system

24
Q

Who is an Ethical Hacker?

A

Someone that helps an organization to better understand their security system and identify risks, highlight the remedial actions, and also reduce costs by resolving vulnerabilities using the same methods used by Hackers and still complying with the law.

25
Q

What does Ethical Hacking involve?

A

The use of hacking tools, tricks, and techniques to identify vulnerabilities so as to ensure system security.