CPE-PC 321 Lec 1 Flashcards
The practice of testing a system, network, or application for security vulnerabilities with permission to identify and fix security flaws.
a. Black Hat Hacking
b. Ethical Hacking
c. Malware Analysis
d. Data Encryption
b. Ethical Hacking
Ethical hacking involves authorized security testing to find and address weaknesses before malicious hackers exploit them.
A simulated cyberattack designed to evaluate the security of a system by identifying and exploiting vulnerabilities.
a. Penetration Testing
b. Social Engineering
c. Phishing Attack
d. Code Injection
a. Penetration Testing
Penetration testing (pen testing) helps organizations assess their defenses by simulating real-world cyberattacks.
A process that identifies and lists security vulnerabilities in a system but does not exploit them.
a. Vulnerability Assessment
b. Network Hardening
c. Social Engineering
d. DDoS Attack
a. Vulnerability Assessment
A vulnerability assessment scans and prioritizes potential security risks without actively exploiting them.
The process of evaluating an organization’s security policies, procedures, and access controls to ensure compliance with security best practices.
a. Security Audit
b. Incident Response
c. Risk Assessment
d. Security Test
d. Security Test
A security test analyzes security measures to verify their effectiveness and compliance with policies.
A hacker who gains unauthorized access to systems for personal gain or malicious intent.
a. Ethical Hacker
b. White Hat Hacker
c. Black Hat Hacker
d. Penetration Tester
c. Black Hat Hacker
Black hat hackers exploit systems illegally for malicious purposes, unlike ethical hackers who work with permission.
The type of penetration testing where the tester has no prior knowledge of the system and must discover vulnerabilities independently.
a. White Box Testing
b. Black Box Testing
c. Gray Box Testing
d. Open Source Testing
b. Black Box Testing
Black box testing simulates a real-world cyberattack where the tester gathers information without prior knowledge.
A derogatory term for an inexperienced hacker who uses pre-written tools without understanding their functionality.
a. Script Kiddie
b. Cyber Activist
c. Network Administrator
d. Red Team Analyst
a. Script Kiddie
Script kiddies rely on tools created by others to launch attacks without deep knowledge of hacking techniques.
A hacker who breaks into systems for political or social activism purposes.
a. White Hat Hacker
b. Hacktivist
c. Network Engineer
d. Cybersecurity Consultant
b. Hacktivist
Hacktivists use hacking to promote political or social causes, often targeting governments or corporations.
A group of ethical hackers who simulate real-world cyberattacks to test an organization’s security defenses.
a. Blue Team
b. Red Team
c. White Team
d. Green Team
A9: b. Red Team
The red team performs offensive security tests to identify weaknesses, while the blue team focuses on defense.
A set of guidelines and methodologies used to perform security tests on networks, systems, and applications.
a. ISO 27001
b. OSSTMM
c. NIST Framework
d. CIS Controls
b. OSSTMM (Open Source Security Testing Methodology Manual)
OSSTMM provides standardized security testing methodologies for penetration testers.
An industry-recognized certification for ethical hackers that focuses on penetration testing techniques.
a. CCNA Security
b. CEH (Certified Ethical Hacker)
c. PMP Certification
d. AWS Security Certification
b. CEH (Certified Ethical Hacker)
The CEH certification, provided by EC-Council, validates skills in ethical hacking and penetration testing.
The set of rules that users must follow when using an organization’s network or internet services.
a. Firewall Policy
b. Cybersecurity Framework
c. Acceptable Use Policy (AUP)
d. Risk Management Plan
c. Acceptable Use Policy (AUP)
An AUP defines acceptable and prohibited behaviors to ensure network security and responsible usage.
The process of probing a system for open ports to identify active services and vulnerabilities.
a. Port Scanning
b. Data Encryption
c. Traffic Filtering
d. DDoS Mitigation
a. Port Scanning
Port scanning is used in penetration testing to detect open ports and identify potential entry points.
A legal document that grants ethical hackers permission to perform security testing on a system.
a. NDA Agreement
b. Service-Level Agreement (SLA)
c. Authorization Contract
d. Penetration Testing Agreement
d. Penetration Testing Agreement
This document ensures that ethical hackers have legal authorization to test a system and outlines the testing scope.
A secure connection that encrypts internet traffic between a user’s device and a remote server.
a. IDS (Intrusion Detection System)
b. VPN (Virtual Private Network)
c. Honeypot
d. Firewalls
b. VPN (Virtual Private Network)
VPNs encrypt data to provide secure remote access and protect online activity from eavesdropping.
A federal law that prohibits unauthorized access to computer systems, data theft, and cyberattacks.
a. GDPR
b. CFAA (Computer Fraud and Abuse Act)
c. PCI-DSS
d. HIPAA
b. CFAA (Computer Fraud and Abuse Act)
The CFAA is a U.S. federal law that criminalizes unauthorized computer access and cybercrimes.
A type of hacking where an attacker misleads an employee into revealing confidential information.
a. Social Engineering
b. SQL Injection
c. Phishing
d. DDoS Attack
a. Social Engineering
Social engineering exploits human psychology to manipulate victims into disclosing sensitive information.
A cybersecurity professional responsible for detecting, analyzing, and responding to cyber threats.
a. Penetration Tester
b. Network Engineer
c. SOC Analyst
d. Cybersecurity Consultant
c. SOC Analyst
Security Operations Center (SOC) analysts monitor and respond to security incidents in real-time.
A security concept that ensures only authorized users have access to specific data or systems.
a. Access Control
b. Data Encryption
c. Network Segmentation
d. Authentication
a. Access Control
Access control mechanisms regulate permissions based on user roles to prevent unauthorized access.
The cybersecurity principle that users should only have the minimum level of access required to perform their jobs.
a. Zero Trust Security
b. Least Privilege
c. Multi-Factor Authentication
d. Data Masking
b. Least Privilege
The principle of least privilege limits user access rights to minimize security risks and prevent unauthorized actions.
