IA - Ethical Hacking

Question 1

is a state of well-being of information and infrastructures in which the possibility of successful yet undetected theft, tampering, and disruption of information and services is kept low or tolerable

Answer 1

Security

Question 2

identification and assurance of the origin of information.

Answer 2

Authenticity

Question 2

refers to the trustworthiness of data or resources in terms of preventing improper and unauthorized changes

Answer 2

Integrity

Question 2

the concealment of information or resources

Answer 2

Confidentiality

Question 3

refers to the ability to use the information or resource desired

Answer 3

Availability

Question 4

person who enjoys learning the details of computer systems and stretch their capabilities.

Answer 4

hacker

Question 5

describes the rapid development of new programs or the reverse engineering of already existing software to make the code better, and efficient

Answer 5

hacking

Question 6

refers to a person who uses his hacking skills for offensive purposes.

Answer 6

cracker

Question 7

refers to security professionals who apply their hacking skills for defensive purposes

Answer 7

ethical hacker

Question 8

• An action or event that might prejudice security
• potential violation of security

Answer 8

Threat

Question 9

Existence of a weakness, design, or implementation error that can lead to an unexpected, undesirable event compromising the security of the system.

Answer 9

Vulnerability

Question 10

An IT system, product, or component that is identified/subjected as requiring security evaluation.

Answer 10

Target of Evaluation

Question 11

• An assault on system security that derives from an intelligent threat.
• any action that violates security.

Answer 11

Attack

Question 12

A defined way to breach the security of an IT system through vulnerability.

Answer 12

Exploit

Question 13

can be defined as a legal and authorized attempt to locate and successfully exploit computer systems for the purpose of making those systems more secure.

Answer 13

Penetration testing

Question 14

• The process includes probing for vulnerabilities as well as providing proof of concept attacks to demonstrate the vulnerabilities are real.
• testing always ends with specific recommendations for addressing and fixing the issues that were discovered during the test.
• find security issues by using the same tools and techniques as an attacker. These findings can then be mitigated before a real hacker exploits them.

Answer 14

Penetration Testing

Question 15

Penetration testing is also known as

Answer 15

1. pen testing
2. pt
3. ethical hacking’
4. hacking
5. white hat hacking
6. offensive security
7. red teaming

Question 16

The first and simplest way to differentiate between white hats and black hats is

Answer 16

authorization

Question 17

The second way to differentiate between an ethical hacker and a malicious hacker is through examination of the attacker’s

Answer 17

motivation

Question 18

to provide the organization a realistic attack simulation so that the company can improve its security through early discovery and mitigation of vulnerabilities, the attacker should be considered a white hat.

Answer 18

intent

Question 19

Differentiate Ethical from Malicious Hacker?

Answer 19

1. authorization
2. motivation
3. intent

Question 20

What Does a Malicious Hacker Do

Answer 20

1.recoinnaissance
2.scanning
3. gaining access
4. maintaining access
5. covering tracks

Question 21

refers to the preparatory phase where an attacker seeks to gather as much information as possible about a target of evaluation prior to launching an attack. It involves network scanning either external or internal without authorization

Answer 21

Reconnaissance

Question 22

refers to pre-attack phase when the hacker scans the network with specific information gathered during reconnaissance.

Answer 22

scanning

Question 23

• refers to the true attack phase.
• The hacker exploits the system.

Answer 23

gaining access

Question 24

• refers to the phase when the hacker tries to retain his ‘ownership’ of the system.
• The hacker has exploited a vulnerability and can tamper and compromise the system.

Answer 24

maintaining access

Question 25

• refers to the activities undertaken by the hacker to extend his misuse of the system without being detected.
• Reasons include need for prolonged stay, continued use of resources, removing evidence of hacking, avoiding legal action etc.
• Hackers can remain undetected for long periods or use this phase to start a fresh reconnaissance

Answer 25

Covering Tracks

Question 26

• Individuals with extraordinary computing skills, resorting to malicious or destructive activities. Also known as ‘Crackers.’
• Reformed crackers
  First-hand experience
  Lesser credibility perceived

Answer 26

Black hats

Question 27

• Individuals professing hacker skills and using them for defensive purposes. Also known as ‘Security Analysts’.
• Independent security consultants (maybe groups as well)
  Claims to be knowledgeable about black hat activities

Answer 27

White Hats

Question 28

• Individuals who work both offensively and defensively
• Part of ICT firms
  Good credentials

Answer 28

gray hats

Question 29

• hacking with / for a cause’.
• Comprises of hackers with a social or political agenda
• Aims at sending across a message through their hacking activity and gaining visibility for their cause and themselves.

Answer 29

hacktivism

Question 30

Ethical hackers tries to answer

Answer 30

• What can the intruder see on the target system? (Reconnaissance and Scanning phase of hacking)
• What can an intruder do with that information? (Gaining Access and Maintaining Access phases)
• Does anyone at the target notice the intruders attempts or success? (Reconnaissance and Covering Tracks phases)

Question 31

Skill Profile of an Ethical Hacker

Answer 31

1. Computer expert adept at technical domains.
2. In-depth knowledge about target platforms (such as windows, Unix, Linux).
3. Exemplary knowledge in networking and related hardware / software.
4. Knowledgeable about security areas and related issues – though not necessarily a security professional.

Question 32

There are five e-Business certification tracks under EC-Council Accreditation body:

Answer 32

1. Certified e-Business Associate
2. Certified e-Business Professional
3. Certified e-Business Consultant
4. E++ Certified Technical Consultant
5. Certified Ethical Hacker

Question 33

Any security evaluation involves three components

Answer 33

1. preparation
2. conduct
3. conclude

Question 34

In this phase, the evaluation technical report is prepared based on testing potential vulnerabilities.

Answer 34

Conduct

Question 35

In this phase, a formal contract is signed that contains a non-disclosure clause as well as a legal clause to protect the ethical hacker against any prosecution that he may attract during the conduct phase. The contract also outlines infrastructure perimeter, evaluation activities, time schedules and resources available to him.

Answer 35

Preparation

Question 36

In this phase, the results of the evaluation is communicated to the organization / sponsors and corrective advise / action is taken if needed.

Answer 36

Conclusion

Question 37

Modes of Ethical Hacking

Answer 37

1. Remote network
2. Remote dial-up network
3. Local network
4. Stolen equipment
5. Social engineering
6. Physical entry

Question 38

This mode attempts to simulate an intruder launch an attack over the Internet.

Answer 38

Remote network

Question 39

This mode attempts to simulate an intruder launching an attack against the client’s modem pools.

Answer 39

Remote dial-up network

Question 40

This mode simulates an employee with
legal access gaining unauthorized access over the local network.

Answer 40

Local network

Question 41

This mode simulates theft of a critical information resource such as a laptop owned by a strategist, (taken by the client unaware of its owner and given to the ethical hacker).

Answer 41

Stolen equipment

Question 42

This aspect attempts to check the integrity of the organization’s employees

Answer 42

Social engineering

Question 43

This mode attempts to physically compromise the organization of ICT infrastructure

Answer 43

Physical entry

Question 43

Security testing can be conducted using one of two approaches

Answer 43

1. black box
2. white box

Question 44

with no prior knowledge of the infrastructure to be tested

Answer 44

Black-box

Question 45

with a complete knowledge of the network infrastructure

Answer 45

White-box

Question 46

is also known as Gray-box testing and this examines the extent of access by insiders within the network

Answer 46

Internal Testing

Question 47

Deliverables

Answer 47

1. Ethical Hacking Report
2. Details the results of the hacking activity
3. Vulnerabilities are detailed and avoidance measures suggestedIssues to consider

Question 48

• the blueprinting of the security profile of an organization, undertaken in a methodological manner.
• one of the three pre-attack phases. The others are scanning and enumeration.
• results in a unique organization profile with respect to networks

Answer 48

Footprinting

Question 49

• is a program to query Internet domain name servers. Displays information that can be used to diagnose Domain Name System (DNS) infrastructure
• Helps find additional IP addresses if authoritative DNS is known from whois
• MX record reveals the IP of the mail server

Answer 49

Nslookup

Question 49

• works by exploiting a feature of the Internet Protocol called TTL, or Time To Live
• reveals the path IP packets travel between two systems by sending out consecutive UDP packets with ever-increasing TTLs

Answer 49

Traceroute

Question 50

Information Gathering Methodology

Answer 50

1. Unearth initial information
2. Locate the network range
3. Ascertain active machines
4. Discover open ports / access points
5. Detect operating systems
6. Uncover services on ports
7. Map the Network

Question 51

Unearthing Initial Information:
Commonly includes

Answer 51

1. Domain name lookup
2. Locations
3. Contacts

Question 52

Unearthing Initial Information:
Information Sources

Answer 52

Open source
Whois
Nslookup
Hacking Tool:
Sam Spade

Question 53

Locate the Network Range

Answer 53

Commonly includes:
1. Finding the range of IP addresses
1. Discerning the subnet mask
Information Sources:
1. ARIN (American Registry of Internet Numbers)
1. Traceroute
Hacking Tool:
1. NeoTrace
1. Visual Route

Question 54

• allows search on the who is database to locate information on networks autonomous system numbers (ASNs), network-related handles and other related point of contact (POC).
• whois allows querying the IP address to help find information on the strategy used for subnet addressing.

Answer 54

ARIN

Question 55

• useful network information utility that allows you to find out all available information about an IP address, host name, or domain, including country, state or province, city, name of the network provider, administrator and technical support contact information
• can find the information about a computer located in any part of the world

Answer 55

SmartWhois

Question 55

provides high level views as well as detailed and historical views that provide traffic information in real-time or on a historical basis.

Answer 55

VisualLookout

Question 55

e-mail analysis tool that enables analysis of an e-mail and its headers automatically and provides graphical results

Answer 55

eMailTrackerPro

Question 56

is a tracking service that allows the user to track when his mail was read, for how long and how many times

Answer 56

Mail Tracking

Question 56

can reveal public information of a domain that can be leveraged further

Answer 56

Whois, ARIN

Question 57

can be used to target specific IP and later for IP spoofing.

Answer 57

Traceroute and mail tracking

Question 58

can reveal specific users and zone transfers can compromise DNS security

Answer 58

Nslookup