Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Ethical Hacking > Lecture1 Introduction > Flashcards

Lecture1 Introduction Flashcards

1
Q

Zero Day Attack

A

One for which there is currently no fix available

- code for these types of attacks advertised on special websites

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Ping sweep followed a day later by a port scan…

A

administrators know their systems may soon be under attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Hacking tools are really just …

A

software tools that carry out some specific types of procedure to achieve a desired result.

  • The tools can be used for good (defensive) purposes or for bad (offensive) purposes.
  • good and bad guys use the same exact toolset; the difference is their intent
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

During a vulnerability assessment, some type of automated scanning product is used to …

A

to probe the ports and services on a range of IP addresses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The problem with most vulnerability scans is, ….

A

although they indicate the severity of a vulnerability, they rarely indicate its impact.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Vulnerability scanning allows you to identify a piece of software as being vulnerable to exploit; a penetration test takes this further by ….

A

exploiting vulnerabilities and, for example, accessing sensitive information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Most vulnerability scanners indicate what might be vulnerable based on versioning and some more invasive checks, but a penetration test indicates …

A

whether the vulnerability scanner finding is real or a false positive.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Penetration testers leverage identified vulnerabilities until …

A

until they own the domain or environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Being “owned” means …

A

means either having root privileges on the most critical Unix or Linux system or owning the domain administrator account that can access and control all of the resources on the network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Statement of Work (SOW)

A

written agreement, including scope, signatures, and legal requirements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

2 - Passive Scanning

A

gather as much information about the target as possible while maintaining zero contact
- also known as Open Source Intelligence (OSINT),

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

3 - Active Scanning and Enumeration

A

probe the target’s public exposure with scanning tools,

- War dialling, Wireless war driving, DNS zone transfers, Sniffing traffic, network mapping, Banner grabbing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

4 - Fingerprinting

A

Perform a thorough probe of the target systems to identify:

  • Operating system type and patch level
  • Applications and patch level
  • Open ports
  • Running services
  • User accounts
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

5 - Select Target System

A

Identify the most useful target(s).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

6 - Exploiting the Uncovered Vulnerabilities

A

Execute the appropriate attack tools targeted at the suspected exposures

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

7 - Exploiting Privilege

A

Escalate the security context so the ethical hacker has more control.

17
Q

8 - Documenting and Reporting

A

Document everything

Ethical Hacking (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions