Ethical Hacking Overview Exam Correctly Answered 2024/2025

Ethical Hacking Overview Exam Correctly Answered 2024 As a security tester, you can make a network impenetrable. (T/F) - Answer -False An ethical hacker is a person who performs most of the same activities a hacker does, but with the owner or company's permission. (T/F) - Answer -True Penetration testers and security testers need technical skills to perform their duties effectively. (T/F) - Answer -True Port scanning is a noninvasive, nondestructive, and legal testing procedure that is protected by federal law. (T/F) - Answer -False What type of testing procedure involves the tester(s) analyzing the company's security policy and procedures, and reporting any vulnerabilities to management? - Answer -security test What specific term does the U.S. Department of Justice use to label all illegal access to computer or network systems? - Answer -hacking What derogatory title do experienced hackers, who are skilled computer operators, give to inexperienced hackers? - Answer -script kiddies or packet monkeys What term best describes a person who hacks computer systems for political or social reasons? - Answer -Hacktivist Many experienced penetration testers will write a set of instructions that runs in sequence to perform tasks on a computer system. What type of resource are these penetration testers utilizing? - Answer - Scripts What penetration model should be used when a company's management team does not wish to disclose that penetration testing is being conducted? - Answer -black box What type of laws should penetration tester or student learning hacking techniques be aware of? - Answer -Local Law State Law Federal LawWhat policy, provided by a typical ISP, should be read and understood before performing any port scanning outside of your private network? - Answer -Acceptable use Policy What penetration model would likely provide a network diagram showing all the company's routers, switches, firewalls, and intrusion detection systems, or give the tester a floor plan detailing the location of computer systems and the OSs running on these systems? - Answer -White Box What penetration model should a company use if they only want to allow the penetration tester(s) partial or incomplete information regarding their network system? - Answer -Gray Box What federal law makes it illegal to intercept any type of communication, regardless of how it was transmitted? - Answer -Electronic Communication Privacy Act Penetration testing can create ethical, technical, and privacy concerns for a company's management team. What can a security consultant do to ensure the client fully understands the scope of testing that will be performed? - Answer -create a contractual agreement If you work for a company as a security professional, you will most likely be placed on a special team that will conduct penetration tests. What is he standard name for a team made up of security professionals? - Answer -Red Team What common term is used by security testing professionals to describe vulnerabilities in a network? - Answer -Holes When a security professional is presented with a contract drawn up by a company's legal department, which allows them to "hack" the company's network, they should proceed by performing what precautionary step? - Answer -Consult their lawyer What name is given to people who break into computer systems with the sole purpose to steal or destroy data? - Answer -Crackers What type of assessment performed by a penetration tester attempts to identify all the weaknesses found in an application or on a system? - Answer -Vulnerability