Module 1 - Introduction to Ethical Hacking Flashcards

Question 1

Q

Which set of regulations is concerned with protecting a patient’s medical records?

A) ISO 2002
B) PCI DSS
C) PII
D) HIPAA/PHI

Question 2

Q

In which phase of the Cyber Kill Chain would an attacker exfiltrate data from your organization?

A) Weaponization
B) Delivery
C) Actions on Objectives
D) Command and Control
E) Exploitation

Question 3

Q

Which security strategy requires using several, varying methods to protect IT systems against attacks?

A) Three-way handshake
B) Exponential backoff algorithm
C) Covert channels
D) Defense in depth

Question 4

Q

During a pen-test, you’ve obtained several employee e-mail addresses from their company website. At which phase of the Cyber Kill Chain would you then create a client-side backdoor in order to send it to the victims via e-mail?

A) Reconnaissance
B) Weaponization
C) Delivery
D) Exploitation
E) Installation
F) Command and Control
G) Actions on Objectives

Question 5

Q

In which phase of Incident Handling & Response (IH&R) do you analyze the compromised device to find details like type of attack, severity, target, impact, method of propagation, and vulnerabilities exploited?

A) Preparation
B) Incident Recording and Assignment
C) Incident Triage
D) Notification
E) Containment
F) Evidence Gathering and Forensic Analysis
G) Eradication
H) Recovery
I) Post-Incident Activities

Question 6

Q

Which of these best describes step 3, Delivery, in the Cyber Kill Chain methodology?

A) An intruder creates malware to be used as a malicious attachment to an email.
B) An intruder sends a malicious attachment via email to a target.
C) An intruder’s malware is installed on a target’s machine.
D) An intruder’s malware is triggered when a target opens a malicious email attachment.

Question 7

Q

What is the process called that can record, log, and resolve events that happen in your company?

A) Metrics
B) Incident management process
C) Internal procedure
D) Security policy

Question 8

Q

Which best describes white-box testing?

A) The internal operation of a system is only partly accessible to the tester.
B) The internal operation of a system is completely known to the tester.
C) Only the internal operation of a system is known to the tester.
D) Only the external operation of a system is accessible to the tester.

Question 9

Q

Which of these laws was designed to improve the accuracy and accountability of corporate disclosures, and to protect the public from accounting errors and fraudulent activities?

A) SOX
B) HIPAA
C) FedRAMP
D) PCI DSS

Question 10

Q

Which phase of ethical hacking involves infecting a system with malware, and using phishing to gain access to a system or website?

A) Reconnaissance
B) Scanning
C) Gaining access
D) Maintaining access

Question 11

Q

You just got an e-mail from someone you’ve never met, claiming that your public website has a zero day vulnerability. The e-mail describes the problem and what you can do to protect yourself from this vulnerability. The e-mail has also been carbon-copied to Microsoft, informing them of the problem that their systems are exposed to. Which type of hacker sent you this e-mail?

A) Black hat
B) Red hat
C) Grey hat
D) White hat

Question 12

Q

Which best describes gray-box testing?

A) The internal operation of a system is only partly accessible to the tester.
B) The internal operation of a system is completely known to the tester.
C) Only the internal operation of a system is known to the tester.
D) Only the external operation of a system is accessible to the tester.

Question 13

Q

After finding and mitigating the vulnerabilities on your network, some small amount of risk still remains. What is this called?

A) Impact risk
B) Deferred risk
C) Residual risk
D) Inherent risk

Question 14

Q

Which type of hacker sometimes works offensively, and sometimes works defensively?

A) Suicide Hacker
B) Black Hat
C) Gray Hat
D) White Hat

Question 15

Q

Before a penetration tester can start any hacking activities, it’s most important for them to do which of these?

A) Creating action plan
B) Finding new exploits which can be used during the pentest.
C) Preparing a list of targeted systems.
D) Ensuring that her activity will be authorized and they will have proper agreement with owners of the targeted system.

Question 16

Q

There has been data-leakage on a workstation, so you go to that station, turn off the power, then remove the keyboard, mouse, and ethernet cable. Which incident-handling step would these activities fall under?

A) Discovery
B) Eradication
C) Containment
D) Recovery

Question 17

Q

Which type of hacker has no training and only uses basic techniques or tools they found on the internet?

A) White-Hat Hackers
B) Gray-Hat Hackers
C) Black-Hat Hackers
D) Script Kiddies

Question 18

Q

What makes a penetration test more thorough than a vulnerability scan?

A) A penetration test actively exploits the vulnerabilities in the targeted infrastructure, while a vulnerability scan does not typically involve active exploitation.
B) The tools used by penetration testers tend to have much more comprehensive vulnerability databases.
C) Vulnerability scans only do host discovery and port scanning by default.
D) It is not. A penetration test is often performed by an automated tool, while a vulnerability scan requires active engagement.

Question 19

Q

Which best describes black-box testing?

A) The internal operation of a system is only partly accessible to the tester.
B) The internal operation of a system is completely known to the tester.
C) Only the internal operation of a system is known to the tester.
D) Only the external operation of a system is accessible to the tester.

Question 20

Q

After assessing the risk of a breach in your web application, you find there is a 40% chance of breach. You implement some controls and now find that the risk of a breach is down to 15%, while your risk threshold for the web application is at 25%. Which of these risk strategies will you most likely employ to continue operations with the most business profit?

A) Avoid the risk
B) Mitigate the risk
C) Accept the risk
D) Introduce more controls to bring the risk to 0%

Question 21

Q

Federal information systems should have security controls in place, as defined by which of these regulations?

A) PCI-DSS
B) HIPAA
C) NIST-800-53
D) EU Safe Harbor

Question 22

Q

A risk assessment includes which of these components?

A) Physical security
B) Administrative safeguards
C) DMZ
D) Logical interface

Question 23

Q

The chance of a hard drive failure is once every four years. The cost to buy a new hard drive is $400. It will require 5 hours to restore the OS and software to the new hard disk. It will require another 5 hours to restore the user data from the last backup to the new hard disk. The recovery tech earns $10/hour. Calculate the SLE, ARO, and ALE. Assume the EF = 1 (100%).What is the closest approximate cost of this replacement and recovery operation per year?

A) $100
B) $125
C) $500
D) $1500

Question 24

Q

After being hired to do a pen-test, you and the customer fill out a document that describes all the details of the test. This document protects both the customer as well as your legal liabilities as the tester. Which document is being described?

A) Project Scope
B) Service Level Agreement
C) Rules of Engagement
D) Non-Disclosure Agreement

Question 25

Q

Which of these is a security standard for protecting credit-card information?

A) FISMA
B) PCI-DSS
C) HITECH
D) SOX

Question 26

Q

In which phase of incident-handling do you define processes/procedures/rules, and create and test back-up and response plans?

A) Preparation phase
B) Identification phase
C) Containment phase
D) Recovery phase

Question 27

Q

What is the role of test automation in security testing?

A) It is an option, but it tends to be very expensive.
B) Test automation is not usable in security due to the complexity of the tests.
C) It can accelerate benchmark tests and repeat them with a consistent setup. But it cannot replace manual testing completely.
D) It should be used exclusively. Manual testing is outdated because of low speed and possible test setup inconsistencies.

Question 28

Q

All of these are PCI compliance recommendations EXCEPT for which?

A) Use a firewall between the public network and the payment card data.
B) Limit access to card holder data to as few employees as possible.
C) Use encryption to protect all transmission of card holder data over any public network.
D) Rotate employees handling credit card transactions on a yearly basis to different departments.

Question 29

Q

What should you do if during a pen-test you discover information on the network that implies the client is involved with human trafficking?

A) Copy the data to removable media and keep it in case you need it.
B) Ignore the data and continue the assessment until completed as agreed.
C) Confront the client in a respectful manner and ask her about the data.
D) Immediately stop work and contact the proper legal authorities
E) Go all “Rambo” on the client and free the prisoners immediately.

Question 30

Q

In order to protect your network from imminent threats, you feed threat intelligence into your security devices in a digital format, in order to identify and block malicious traffic. Which type of threat intelligence are you using here?

A) Tactical threat intelligence
B) Operational threat intelligence
C) Strategic threat intelligence
D) Technical threat intelligence

Question 31

Q

Alice gathers info about specific threats to your company. She collected this info from humans, social media, chat rooms, as well as from events that resulted in cyberattacks. She created a report that outlined the malicious activities, warnings for emerging attacks, and a recommended course of action. Which type of threat intelligence is this?

A) Tactical threat intelligence
B) Operational threat intelligence
C) Strategic threat intelligence
D) Technical threat intelligence

Brainscape's Knowledge GenomeTM

Module 1 - Introduction to Ethical Hacking Flashcards

Brainscape's Knowledge Genome^TM