Week 1 - Overview

Question 1

Motive

Answer 1

For the thrill of it or for criminal purposes​.

Revenge, disgruntled current or former employees .

Financial gain through theft of financial information.

Corporate proprietary information, which can be sold.

Acts of terrorism, stating political statements against governments, etc.​

Question 2

Ethical Hacking​

Answer 2

Professionals who work to identify loopholes and vulnerabilities on systems, report it to the vendor or owner of the system, and also, at times, help them fix it.​

Question 3

Penetration Testing​

Answer 3

A more professional term used to describe what an ethical hacker does.​

It’s a legal attempt to break into a company’s network to find its weakest link​

The tester only reports findings, does not solve problems.​

Question 4

Vulnerability Assessment​

Answer 4

At times organizations might want to only identify the vulnerabilities that exist in their systems without actually exploiting it and gaining access. ​

The end result is a report prioritizing the vulnerabilities found, with the most severe ones on the top and the ones posing lesser risk lower in the report. ​

Question 5

Security Audits​

Answer 5

A systematic procedure that is used to measure the state of a system/network and company’s security policies and procedures against a predetermined set of standards.​

Question 6

Hackers

Answer 6

Access computer system or network without authorization​.

Breaks the law; can go to prison​.

Black Hat, White Hat, and Gray Hat.

Suicide, State Sponsored.

Question 7

Crackers​

Answer 7

Break into systems to steal or destroy data​.

U.S. Department of Justice calls both hackers​.

Question 8

Ethical Hacker​

Answer 8

Performs most of the same activities with owner’s permission​

Question 9

Script Kiddies​

Answer 9

Younger, inexperienced hackers who copy codes from knowledgeable hackers​.

Question 10

Packet Monkey

Answer 10

Blocking sites through DDOS attacks.

Question 11

Cyber Terrorists

Answer 11

Attackers who have ideological motivation​.

Question 12

Hacktivists

Answer 12

Another group motivated by ideology​.

Question 13

State-Sponsored Attackers

Answer 13

Attackers supported by governments for launching computer.

Question 14

Languages used

Answer 14

Perl, C, C++, Python, JavaScript, Visual Basic, SQL, etc.

Question 15

Tiger box​

Answer 15

Collection of OS’s and hacking tools​.

Usually on a laptop​.

Helps penetration testers and security testers conduct vulnerabilities assessments and attacks​.

Question 16

White Box Model​

Answer 16

Tester is told everything about the network topology and technology​:

Network diagrams​.
Equipment types​.
Authorized to interview employees.
Makes testers job easier.

Question 17

Black Box Model​

Answer 17

Staff does not know about the test​.

Tester is not given details about technologies used​.

Burden is on tester to find details​.

Tests security personnel’s ability to detect an attack​.

Question 18

Gray Box Model​

Answer 18

Hybrid of the white and black box models​.

Company gives tester partial information (e.g. OSs are used, but no network diagrams)​.