Quiz 1

Question 1

In which phase do you attempt to extract information such as usernames, computer names, network resources, shares, and services?

Maintaining access

Reconnaissance

Enumeration

Establishing access

Answer 1

Enumeration

Question 2

Which “threat actor” may cross ethical lines, but usually has good intentions?

Answer 2

Gray hat

Question 3

Which “team” is a defensive security team that attempts to close vulnerabilities and stop the red team?

Answer 3

Blue team

Question 4

Regardless of the hacker’s motivation and skill set, one goal for many hackers is to execute what’s known as a/an _______________.

Total Destruction Attack (TDA)

Advanced Persistent Threat (APT)

Distributed Denial of Service (DDoS)

Denial of Service (DoS)

Answer 4

APT

Question 5

What term refers to the process of analyzing the security of the organization and determining security holes?

Vulnerability testing

Threat modeling

Risk assessment

Penetration testing

Answer 5

Threat modeling

Question 6

Which penetration testing document is used only as a last resort, but explains what the penetration tester is doing and that the work is fully authorized?

Master Service Agreement

Scope of Work

Rules of Engagement

Permission to Test

Answer 6

Permission to Test

Question 7

What term refers to the practice of finding vulnerabilities and risks with the purpose of securing a computer or network system.

Whitehat Hacking

Hacking

Penetration Testing

Cracking

Answer 7

Penetration Testing

Question 8

Which “threat actor” uses their skills for defensive purposes?

Answer 8

White Hat

Question 9

Which penetration testing document covers items such as how to handle sensitive data and who to notify in case something goes wrong?

Master Service Agreement

Scope of Work

Rules of Engagement

Permission to Test

Answer 9

Rules of Engagement

Question 10

Which penetration testing framework attempts to create one accepted method for a thorough security test?

Open Web Application Testing Methodology (OWATM)

Open Source Security Testing Methodology Manual (OSSTMM)

National Institute of Standards and Technology Special Publication 800-115 (NIST SP 800-115)

Open Web Application Security Project (OWASP)

Answer 10

Open Source Security Testing Methodology Manual (OSSTMM)

Question 11

Which of the following is the final phase in the ethical hacking methodology?

Clearing tracks

Performing reconnaissance

Scanning and enumeration

Maintaining access

Answer 11

Clearing tracks

Question 12

Which penetration testing type simulates an outside attack and is also the most expensive?

Black box

White box

Gray box

Green box

Answer 12

Black box

Question 13

Which of the following is NOT one of the four common methods for dealing with risk?

Acceptance

Avoidance

Transference

Ignorance

Answer 13

Ignorance

Question 14

What standard defines the processes and requirements for an organization’s information security management systems?

Sarbanes-Oxley (SOX)

DMCA

ISO/IEC 27001

PCI DSS

Answer 14

ISO/IEC 27001

Question 15

Which penetration test is an objective-based test that focuses on the overall security of the organization and its data security?

None of these

Compliance-Based Penetration Test

Objective-Based Penetration Test

Goal-Based Penetration Test

Answer 15

Objective-Based Penetration Test