Ethical Hacking Fundamentals Flashcards
John, a security specialist, was requested by a client organization to check whether the security testing process was performed according to standard. He implemented a security audit on the organization’s network to ensure that the performed test was well-organized, efficient, and ethical.
John has conducted the audit following the steps given below.
The following steps provide a framework for performing a security audit of an organization, which will help in ensuring that the test is organized, efficient, and ethical:
Talk to the client and discuss the needs to be addressed during the testing
Prepare and sign NDA documents with the client
Organize an ethical hacking team and prepare the schedule for testing
Conduct the test
Analyze the results of the testing and prepare a report
Present the report findings to the client
Identify the reason why organizations recruit ethical hackers.
ncover vulnerabilities in systems and explore their potential as a risk
Reasons why organizations recruit ethical hackers
To uncover vulnerabilities in systems and explore their potential as a risk
What is the correct sequence of phases involved in hacking?
In general, there are five phases of hacking:
Reconnaissance
Scanning
Gaining Access
Maintaining Access
Clearing Tracks.
In which of the following phases of hacking does an attacker employ steganography and tunneling techniques to retain access to the victim’s system, remain unnoticed, and remove evidence that might lead to prosecution?
Clearing Tracks: Clearing tracks refers to the activities carried out by an attacker to hide malicious acts.
Which of the following Google advanced search operators displays websites that are similar to the URL specified?
allinurl: Searches for multiple words in the url of the search result.
Which of the following tools includes scanners such as comprehensive security scanners and port scanners and provides information such as NetBIOS names, configuration info, open TCP and UDP ports, transports, and shares?
Netcraft: provides internet security services for a large number of use cases, including cybercrime detection and disruption, application testing and PCI scanning.
John, a professional hacker, was hired by a government agency to penetrate, gain top-secret information from, and damage other government agencies’ information systems or networks. Based on the above scenario, which of the following classes of hackers does John fall in?
State-Sponsored Hackers: State-sponsored hackers are skilled individuals having expertise in hacking and are employed by the government to penetrate, gain top-secret information from, and damage the information systems of other government or military organizations.
In which of the following phases of the cyber kill chain methodology does the adversary create a tailored malicious payload based on the vulnerabilities identified?
Weaponization: The cyber kill chain’s Weaponization stage deals with the creation of a backdoor and a penetration strategy using the knowledge gathered from reconnaissance to enable the backdoor to be delivered successfully. In this instance, a Remote Access Trojan (RAT) will be used.
Which of the following terms refers to the patterns of activities and methods associated with specific threat actors or groups of threat actors that are used to analyze and profile them to enhance an organization’s security?
Tactics, techniques, and procedures: refer to the patterns of activities and methods associated with specific threat actors or groups of threat actors. TTPs are helpful in analyzing threats and profiling threat actors and can further be used to strengthen the security infrastructure of an organization.
Identify the type of hackers recruited by organizations to enhance their cybersecurity by reporting all vulnerabilities to the system and network for remediation.
Ethical Hacker: Ethical hacking is the practice of employing computer and network skills in order to assist organizations in testing their network security for possible loopholes and vulnerabilities.
