Chapter 1 Introduction to Ethical Hacking Flashcards

1
Q

Hackers need 3 things to carry out a crime

A
  1. Motive (Goal)
  2. Method
  3. Vulnerabilty
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Types of Hackers

A
  1. Script Kiddies - limited or no training & know how to use only basic techniques or tools
  2. White-Hat hackers - ethical hackers; given all information
  3. Gray-hat hackers - good/bad; limited information
  4. black-hat hackers - bad guys; low or no level of knowledge
  5. suicide hackers - not stealthy(sneaky or cautious), not worried about getting caught
  6. Hacktivist - any action an attacker uses to push or promote political agenda
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Pen Testing

A

structured & methodical means of investigating, uncovering, attacking, & reporting on the strengths & weaknesses of a target system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

TOE

A

A target of evaluation is a system or resource that is being evalued for vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Exploit

A

defined way to breach the security of a system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Attack

A

act of targeting & actively engaging a TOE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Zero Day

A

threat or vulnerability that is unknown to developers & has not been addressed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Threat

A

a potential violation of security

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Vulnerability

A

weakness in a system that can be attacked & used as an entry point into an environment

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Daisy Chaining

A

performing several hacking attacks in sequence then backtrack to cover tracks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

CIA triad

A

Ethical hackers try to preserve what is known as the CIA triad

  1. Confidentiality - safeguarding of information & keeping it away from those not authorized to possess it (examples to preserve: permissions & encryptions)
  2. Integrity - keeping information in a format that is true & correct to its original purposes, meaning that the data the receiver accesses is the data the creator intended them to have
  3. Availability - keeping information & resources available to those who need to use it
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Opposite of CIA triad, DAD

A

As an ethical hacker, we want to prevent unauthorized

  1. Disclosure - revealing/accessing of information to outside party
  2. Alteration - changing information
  3. Disruption - access to information has been lost
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Hacking Methodology

A

refers to the step-by-step approach used by an agressor to attack a target such as a computer NW

  1. Footprinting - using primarily passive methods of gaining information from a target prior to performing the later active methods;
    • Keep interaction to a minimum to avoid detection
  2. Scanning - take information extracted from footprinting phase & use it to taget your attack more precisely, instead of blundering around aimlessly; gaining additional information
  3. Enumeration - create active connection with system & perform queries; only in intranet environment
  4. System Hacking - plan & execute attack
  5. Escalate privileges
  6. Covering tracks - removing evidence of your presence in a system
  7. Planting back doors - may want to come back later
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Ethical hackers follow a very similar process hackers do except

A

ethical hackers need permisions prior to starting the 1st phase, and will need to generate a report that will need to be presented at the end of the process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Types of attacks

A
  1. insider attack
  2. outsider attack
  3. stolen equipment attack - aggressor steal a piece of equipment & uses it to gain access or extract information from it
  4. social engineering attack - pen tester targets the users of a system seeking to extract needed information; exploiting trust inherent in human nature
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

worm

A

standalone malware self-replicating

17
Q

trojan horse

A

relies on social engineering

program that breaches security of a computer system while performing harmless functions

18
Q

virus

A

depenent on existing program & spreads to other computers and usually has a detrimental effect such as destroying data, etc

19
Q

NW intrusions

A

a form of digital trespassing where a user has unauthorized access

20
Q

Fraud

A

the deception of another or parties to elicit information or access

21
Q

SW piracy

A

the possession, duplication, or distribution of SW in violation of a license agreement, or the act of removing copy protection or other license-enforcing mechanisms

22
Q

Embezzlement

A

is a form of financial fraud that involves theft or redirection of funds as a result of violtating a position of trust