Ethical Hacking Midterm Exam Correctly Answered 2024

Ethical Hacking Midterm Exam Correctly Answered 2024 Penetration testing is the practice of finding vulnerabilities and risks with the purpose of securing a computer or network. Penetration testing falls under which all-encompassing term? - Answer -Ethical Hacking Heather is performing a penetration test. She has gathered a lot of valuable information about her target already. Heather has used some hacking tools to determine that, on her target network, a computer named Production Workstation has port 445 open. Which step in the ethical hacking methodology is Heather performing? - Answer -Scanning and enumeration Which of the following is the third step in the ethical hacking methodology? - Answer -Gain access Miguel is performing a penetration test on his client's web-based application. Which penetration test frameworks should Miguel utilize? - Answer -OWASP The penetration testing life cycle is a common methodology used when performing a penetration test. This methodology is almost identical to the ethical hacking methodology. Which of the following is the key difference between these methodologies? - Answer -Reporting You are executing an attack in order to simulate an outside attack. Which type of penetration test are you performing? - Answer -Black box Which of the following best describes a gray box penetration test? - Answer -Which of the following best describes a gray box penetration test? Randy was just hired as a penetration tester for the red team. Which of the following best describes the red team? - Answer -Performs offensive security tasks to test the network's security. The Stuxnet worm was discovered in 2010 and was used to gain sensitive information on Iran's industrial infrastructure. This worm was probably active for about five years before being discovered. During this time, the attacker had access to the target. Which type of attack was Stuxnet? - Answer -APT Which type of threat actor only uses skills and knowledge for defensive purposes? - Answer -White Hat Which statement best describes a suicide hacker? - Answer -This hacker is only concerned with taking down their target for a cause. They have no concerns about being caught. Miguel has been practicing his hacking skills. He has discovered a vulnerability on a system that he did not have permission to attack. Once Miguel discovered the vulnerability, he anonymously alerted theowner and instructed him how to secure the system. What type of hacker is Miguel in this scenario? - Answer -Gray Hat The process of analyzing an organization's security and determining its security holes is known as: - Answer -Threat Modeling Which of the following documents details exactly what can be tested during a penetration test? - Answer -Scope of work After performing a risk assessment, an organization must decide what areas of operation can be included in a penetration test and what areas cannot be included. Which of the following describes the process? - Answer -Tolerance You are performing a penetration test of a local area network (LAN). Refer to the circled area on the network diagram. network. Which of the following types of penetration tests is being performed? - Answer -Internal Miguel is performing a penetration test on a web server. Miguel was given only the server's IP address and name. Which of the following best describes the type of penetration test Miguel is performing? - Answer -External Which of the following elements is generally considered the weakest link in an organization's security? - Answer -Human Which of the following best describes social engineering? - Answer -The art of deceiving and manipulating others into doing what you want. Which of the following is considered a mission-critical application? - Answer -Medical Database What does an organization do to identify areas of vulnerability within their network and security systems? - Answer -Risk Assessment During a risk assessment, the organization determines that the risk of collecting personal data from its customers is not acceptable and stops. What method of dealing with risk is the organization using? - Answer -Avoidance The following formula defines which method of dealing with risk? Cost of Risk Damage = Risk _________ - Answer -Acceptance Which of the following is a consideration when scheduling a penetration test? - Answer -Who is aware of the test? A client asking for small deviations from the scope of work is called: - Answer -Scope creepHeather is in the middle of performing a penetration test when her client asks her to also check the security of an additional server. Which of the following documents does she need to submit before performing the additional task? - Answer -Change Order