ethical hacking chapt1

❓ What is the role of an ethical hacker?
✅ An ethical hacker helps organizations identify and fix security vulnerabilities by using hacking techniques legally and with permission.

❓ What are ethical hackers legally allowed to do?
✅ Ethical hackers can conduct penetration tests, security assessments, and vulnerability tests with explicit permission from the system owner.

❓ What are ethical hackers NOT allowed to do?
✅ They cannot hack without authorization, cause intentional harm, steal data, or exceed the scope of the agreed-upon security assessment.

Key Terms

❓ What is the black box model?
✅ A penetration testing method where the tester has no prior knowledge of the system being tested.

❓ What is a Certified Ethical Hacker (CEH)?
✅ A certification that validates an individual’s knowledge of ethical hacking techniques and security threats.

❓ What is a Certified Information Systems Security Professional (CISSP)?
✅ A certification for professionals who develop and manage security policies and procedures.

❓ Who are crackers?
✅ Malicious hackers who break into systems to steal or damage data.

❓ Who are ethical hackers?
✅ Security professionals who use hacking skills to identify vulnerabilities and strengthen cybersecurity legally.

❓ What is the Global Information Assurance Certification (GIAC)?
✅ A certification program that focuses on cybersecurity skills in various domains.

❓ What is the gray box model?
✅ A penetration testing approach where the tester has partial knowledge of the system.

❓ What is a hacker?
✅ A person skilled in computer systems who may use their knowledge for ethical or malicious purposes.

❓ What is a hacktivist?
✅ A hacker who attacks systems for political or social activism reasons.

❓ What is the Institute for Security and Open Methodologies (ISECOM)?
✅ An organization that develops open security testing methodologies.

❓ What is the Offensive Security Certified Professional (OSCP)?
✅ A hands-on ethical hacking certification focused on penetration testing.

❓ What is the Open Source Security Testing Methodology Manual (OSSTMM)?
✅ A framework for security testing and assessments.

❓ What is an OSSTMM Professional Security Tester (OPST)?
✅ A certification for professionals who use OSSTMM methodologies in security testing.

❓ Who are packet monkeys?
✅ Hackers who launch pre-scripted attacks without understanding them.

❓ What is a penetration test?
✅ A simulated cyberattack to identify and exploit vulnerabilities in a system.

❓ What is a red team?
✅ A group that acts as adversaries to test an organization's security defenses.

❓ Who are script kiddies?
✅ Inexperienced hackers who use pre-made tools to attack systems without deep knowledge.

❓ What is a security test?
✅ A process to evaluate the security of a system or network.

❓ What is the SysAdmin, Audit, Network, Security (SANS) Institute?
✅ A cybersecurity training and certification organization.

❓ What is a vulnerability assessment?
✅ The process of identifying and prioritizing security weaknesses in a system.

❓ What is the white box model?
✅ A penetration testing method where the tester has full knowledge of the system being tested.