Module 1 - Intro to Ethical Hacking Flashcards
Existence of a weakness, design, or implementation error that can lead to an unexpected event compromising the security of the system.
a. Vulnerability
b. Exploit
c. Payload
d. Zero-Day Attack
e. Daisy Chaining
f. Doxing
g. Bot
a. Vulnerability
A breach of IT system security through vulnerabilities.
a. Vulnerability
b. Exploit
c. Payload
d. Zero-Day Attack
e. Daisy Chaining
f. Doxing
g. Bot
b. Exploit
The part of an exploit code that performs the intended malicious action, such as destroying, creating backdoors, and hijacking computer.
a. Vulnerability
b. Exploit
c. Payload
d. Zero-Day Attack
e. Daisy Chaining
f. Doxing
g. Bot
c. Payload
An attack that exploits computer application vulnerabilities before the software developer releases a patch for the vulnerability.
a. Vulnerability
b. Exploit
c. Payload
d. Zero-Day Attack
e. Daisy Chaining
f. Doxing
g. Bot
d. Zero-Day Attack
It involves gaining access to one network and/or computer and then using the same information to gain access to multiple networks and computers that contain desirable information.
a. Vulnerability
b. Exploit
c. Payload
d. Zero-Day Attack
e. Daisy Chaining
f. Doxing
g. Bot
e. Daisy Chaining
Publishing personally identifiable information about an individual collected from publicly available databases and social media.
a. Vulnerability
b. Exploit
c. Payload
d. Zero-Day Attack
e. Daisy Chaining
f. Doxing
g. Bot
f. Doxing
A software application that can be controlled remotely to execute or automate predefined tasks.
a. Vulnerability
b. Exploit
c. Payload
d. Zero-Day Attack
e. Daisy Chaining
f. Doxing
g. Bot
g. Bot
Assurance that the information is accessible only to those authorized to have access.
a. Confidentiality
b. Integrity
c. Availability
d. Authenticity
e. Non-Repudiation
a. Confidentiality
Gaurantee that the sender of a message cannot later deny having sent the message and that the recipient cannot deny having received the message.
a. Confidentiality
b. Integrity
c. Availability
d. Authenticity
e. Non-Repudiation
e. Non-Repudiation
Assurance that the systems responsible for delivering, storing, and processing information are accessible when required by the authorized users.
a. Confidentiality
b. Integrity
c. Availability
d. Authenticity
e. Non-Repudiation
c. Availability
The trustworthiness of data or resources in terms of preventing improper and unauthorized changes.
a. Confidentiality
b. Integrity
c. Availability
d. Authenticity
e. Non-Repudiation
b. Integrity
Refers to the characteristic of a communication, document or any data that ensures the quality of being genuine.
a. Confidentiality
b. Integrity
c. Availability
d. Authenticity
e. Non-Repudiation
d. Authenticity
Is an on-demand delivery of IT capabilities where sensitive data of organizations and their clients is stored.
a. Cloud Computer Threats
b. Advanced Persistent Threats (APT)
c. Viruses and Worms
d. Ransomware
a. Cloud Computing Threats
Restricts access to the computer system’s files and folders and demands an online ransom payment to the malware creator(s) in order to remove the restrictions.
a. Cloud Computer Threats
b. Advanced Persistent Threats (APT)
c. Viruses and Worms
d. Ransomware
d. Ransomware
Are the most prevalent networking threat that are capable of infecting a network within seconds.
a. Cloud Computer Threats
b. Advanced Persistent Threats (APT)
c. Viruses and Worms
d. Ransomware
c. Viruses and Worms
Is an attack that is focused on stealing information from the victim machine without thy user being aware of it.
a. Cloud Computer Threats
b. Advanced Persistent Threats (APT)
c. Viruses and Worms
d. Ransomware
b. Advanced Persistent Threats (APT)
Include many software applications that are used to access the device remotely.
a. Botnet
b. Insider Attack
c. Phishing
d. Web Application Threats
e. IoT Threats
e. IoT Threats
Is a huge network of the compromised systems used by an intruder to perform various network attacks.
a. Botnet
b. Insider Attack
c. Phishing
d. Web Application Threats
e. IoT Threats
a. Botnet
Is the practice of sending an illegitimate email falsely claiming to be from a legitimate site in an attempts to acquire a user’s personal or account information.
a. Botnet
b. Insider Attack
c. Phishing
d. Web Application Threats
e. IoT Threats
c. Phishing
It is an attack performed on a corporate network or on a single computer by an entrusted person who has authorized access to the network.
a. Botnet
b. Insider Attack
c. Phishing
d. Web Application Threats
e. IoT Threats
b. Insider Attack
Attackers target web applications to steal credentials, set up phishing site, or acquire private information to threaten the performance of the website and hamper its security.
a. Botnet
b. Insider Attack
c. Phishing
d. Web Application Threats
e. IoT Threats
d. Web Application Threats
Individuals who promote a political agenda by hacking, or especially by defacing or disabling websites.
a. Black Hats
b. White Hats
c. Gray Hats
d. Suicide Hackers
e. Script Kiddies
f. State Sponsored Hackers
g. Hactivists
g. Hacktivists
An unskilled hacker who compromises system by running scripts, tools, and software developed by real hackers.
a. Black Hats
b. White Hats
c. Gray Hats
d. Suicide Hackers
e. Script Kiddies
f. State Sponsored Hackers
g. Hactivists
e. Script Kiddies
Individuals who work both offensively and defensively at various times.
a. Black Hats
b. White Hats
c. Gray Hats
d. Suicide Hackers
e. Script Kiddies
f. State Sponsored Hackers
g. Hactivists
c. Gray Hats
Individuals with extraordinary computing skills, resorting to malicious or destructive activities and are also know as crackers.
a. Black Hats
b. White Hats
c. Gray Hats
d. Suicide Hackers
e. Script Kiddies
f. State Sponsored Hackers
g. Hactivists
a. Black Hat
Individuals employed by the government to penetrate and gain top-secret information and to damage information systems of other governments.
a. Black Hats
b. White Hats
c. Gray Hats
d. Suicide Hackers
e. Script Kiddies
f. State Sponsored Hackers
g. Hactivists
f. State Sponsored Hackers
Individuals who aim to bring down critical infrastructure for a “cause” and are not worried about facing jail terms or any other kind of punishment.
a. Black Hats
b. White Hats
c. Gray Hats
d. Suicide Hackers
e. Script Kiddies
f. State Sponsored Hackers
g. Hactivists
d. Suicide Hackers
Individuals professing hacker skills and using them for defensive purposes and are also known as security analysts. They have permission from the system owner.
a. Black Hats
b. White Hats
c. Gray Hats
d. Suicide Hackers
e. Script Kiddies
f. State Sponsored Hackers
g. Hactivists
b. White Hat
What are the 5 hacking phases?
a. Spoofing
b. Gaining Access
c. Documenting
d. Scanning/Enumeration
e. Reconnaissance/Footprinting
f. Tracking
g. Maintaining Access
h. Phishing
i. Clearing Tracks
e. Reconnaissance/Footprinting
d. Scanning/Enumeration
b. Gaining Access
g. Maintianing Access
i. Clearing Tracks
What are the 2 types of Reconnaissance?
Passive & Active
Involves acquiring information without directly interacting with the target.
a. Active
b. Passive
b. Passive
Involves interacting with the target directly by any means.
a. Active
b. Passive
a. Active
Refers to the pre-attack phase when the attacker scans the network for specific information on the basis of information gathered during reconnaissance.
a. Extract Information
b. Pre-Attack Phase
c. Port Scanner
b. Pre-Attack Phase
Attackers extract information such as live machines, port, port status, OS details, device type, system uptime, etc. to lauch attack.
a. Extract Information
b. Pre-Attack Phase
c. Port Scanner
a. Extract Information