1.4.3 Quiz - Introduction to Ethical Hacking and Penetration

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/28

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

29 Terms

1
New cards

Which statement best describes the term ethical hacker?

  • a person who uses different tools than nonethical hackers to find vulnerabilities and exploit targets

  • a person that is financially motivated to find vulnerabilities and exploit targets

  • a person that is looking to make a point or to promote what they believe

  • a person who mimics an attacker to evaluate the security posture of a network

  • a person who mimics an attacker to evaluate the security posture of a network

2
New cards

Which threat actor term describes a well-funded and motivated group that will use the latest attack techniques for financial gain?

  • hacktivist

  • state-sponsored attacker

  • organized crime

  • insider threat

  • organized crime

3
New cards

Which type of threat actor uses cybercrime to steal sensitive data and reveal it publicly to embarrass a target?

  • organized crime

  • hacktivist

  • insider threat

  • state-sponsored attacker

  • hacktivist

4
New cards

What is a state-sponsored attack?

  • An attack perpetrated by a well-funded and motivated group that will typically use the latest attack techniques for financial gain.

  • An attack perpetrated by governments worldwide to disrupt or steal information from other nations.

  • An attack perpetrated by disgruntled employees inside an organization.

  • An attack is perpetrated to steal sensitive data and then reveal it to the public to embarrass or financially affect a target.

  • An attack perpetrated by governments worldwide to disrupt or steal information from other nations.

5
New cards

What is an insider threat attack?

  • An attack perpetrated by a well-funded and motivated group that will typically use the latest attack techniques for financial gain.

  • An attack perpetrated by governments worldwide to disrupt or steal information from other nations.

  • An attack perpetrated by disgruntled employees inside an organization.

  • An attack is perpetrated to steal sensitive data and then reveal it to the public to embarrass or financially affect a target.

  • An attack perpetrated by disgruntled employees inside an organization.

6
New cards

What kind of security weakness is evaluated by application-based penetration tests?

  • firewall security

  • logic flaws

  • wireless deployment

  • data integrity between a client and a cloud provider

  • logic flaws

7
New cards

What two resources are evaluated by a network infrastructure penetration test? (Choose two.)

  • AAA servers

  • CSPs

  • web servers

  • IPSs

  • back-end databases

  • AAA servers

  • IPSs

8
New cards

When conducting an application-based penetration test on a web application, the assessment should also include testing access to which resources?

  • AAA servers

  • cloud services

  • switches, routers, and firewalls

  • back-end databases

  • back-end databases

9
New cards

What is the purpose of bug bounty programs used by companies?

  • reward security professionals for finding vulnerabilities in the systems of the company

  • reward security professionals for discovering malicious activities by attackers in the systems of the company

  • reward security professionals for fixing vulnerabilities in the systems of the company

  • reward security professionals for breaking into a corporate facility to expose weaknesses in the physical perimeter

  • reward security professionals for finding vulnerabilities in the systems of the company

10
New cards

What characterizes a partially known environment penetration test?

  • The tester must test the electrical grid supporting the infrastructure of the target.

  • The tester is provided with a list of domain names and IP addresses in the scope of a particular target.

  • The test is a hybrid approach between unknown and known environment tests.

  • The tester should not have prior knowledge of the organization and infrastructure of the target.

  • The test is a hybrid approach between unknown and known environment tests.

11
New cards

What characterizes a known environment penetration test?

  • The test is somewhat of a hybrid approach between unknown and known environment tests.

  • The tester could be provided with network diagrams, IP addresses, configurations, and user credentials.

  • The tester should not have prior knowledge of the organization and infrastructure of the target.

  • The tester may be provided only the domain names and IP addresses in the scope of a particular target.

  • The tester could be provided with network diagrams, IP addresses, configurations, and user credentials.

12
New cards

Which type of penetration test would only provide the tester with limited information such as the domain names and IP addresses in the scope?

  • known-environment test

  • partially known environment test

  • unknown-environment test

  • OWASP Web Security Testing Guide

  • unknown-environment test

13
New cards

Match the penetration testing methodology to the description.

MITRE ATT&CK

collection of different matrices of tactics and techniques that adversaries use while preparing for an attack

14
New cards

Match the penetration testing methodology to the description.

NIST SP 800-115

provides organizations with guidelines on planning and conducting information security testing

15
New cards

Match the penetration testing methodology to the description.

OSSTMM

lays out repeatable and consistent security testing

16
New cards

Match the penetration testing methodology to the description.

PTES

provides information about types of attacks and methods

17
New cards

Match the penetration testing methodology to the description.

OWASP WSTG

covers the high-level phases of web application security testing

18
New cards

Which three options are phases in the Penetration Testing Execution Standard (PTES)? (Choose three.)

  • Threat modeling

  • Penetration

  • Reporting

  • Enumerating further

  • Network mapping

  • Exploitation

  • Threat modeling

  • Reporting

  • Exploitation

19
New cards

Which two options are phases in the Information Systems Security Assessment Framework (ISSAF)? (Choose two.)

  • Pre-engagement interactions

  • Maintaining access

  • Reporting

  • Post-exploitation

  • Vulnerability identification

  • Maintaining access

  • Vulnerability identification

20
New cards

Which two options are phases in the Open Source Security Testing Methodology Manual (OSSTMM)? (Choose two.)

  • Vulnerability Analysis

  • Maintaining Access

  • Work Flow

  • Network Mapping

  • Trust Analysis

  • Work Flow

  • Trust Analysis

21
New cards

Which penetration testing methodology is a comprehensive guide focused on web application testing?

  • MITRE ATT&CK

  • OWASP WSTG

  • NIST SP 800-115

  • OSSTMM

  • OWASP WSTG

22
New cards

Which option is a Linux distribution that includes penetration testing tools and resources?

  • OWASP

  • PTES

  • SET

  • BlackArch

  • BlackArch

23
New cards

Which option is a Linux distribution URL that provides a convenient learning environment about pen testing tools and methodologies?

  • parrotsec.org

24
New cards

What does the “Health Monitoring” requirement mean when setting up a penetration test lab environment?

  • The tester needs to be sure that a lack of resources is not the cause of false results.

  • The tester needs to be able to determine the causes when something crashes.

  • The tester needs to ensure controlled access to and from the lab environment and restricted access to the internet.

  • The tester validates a finding running the same test with a different tool to see if the results are the same.

  • The tester needs to be able to determine the causes when something crashes.

25
New cards

hich tool would be useful when performing a network infrastructure penetration test?

  • vulnerability scanning tool

  • bypassing firewalls and IPSs tool

  • interception proxies tool

  • mobile application testing tool

  • bypassing firewalls and IPSs tool

26
New cards

Which tool should be used to perform an application-based penetration test?

  • sniffing traffic tool

  • bypassing firewalls and IPSs tool

  • interception proxies tool

  • cracking wireless encryption tool

  • interception proxies tool

27
New cards

Which tools should be used to perform a wireless infrastructure penetration test?

  • web vulnerability detection tools

  • traffic manipulation tools

  • proxy interception tools

  • de-authorizing network devices tools

  • de-authorizing network devices tools

28
New cards

Which tools should be used for testing the server and client platforms in an environment?

  • cracking wireless encryption tools

  • vulnerability scanning tools

  • interception proxies tools

  • de-authorizing network devices tools

  • vulnerability scanning tools

29
New cards

Sometimes a tester cannot virtualize a system to do the proper penetration testing. What action should be taken if a system cannot be tested in a virtualized environment?

  • a full backup of the system

  • rebuild the system after any test is performed

  • adopt penetration test tools that will certainly not damage the system

  • a complete report with recommended repairs

  • a full backup of the system

Explore top notes

Explore top flashcards